Kerio Personal Firewall is a software application protecting personal computers with Windows from external intrusions (typically from the Internet), viruses and data leak. Security is provided especially by the following four components:
This module controls all network (TCP/IP) traffic of the computer on which Kerio Personal Firewall is installed. Two types of rules can be defined for network communication:
application rules — it is possible to permit/deny network communication for individual applications or set that Kerio Personal Firewall asks user.
packet filter rules — advanced packet rules for network traffic can be defined (specification of IP addresses, protocols, ports, etc.). These rules can be applied either on individual applications or generally (on any application).
Kerio Personal Firewall includes set of predefined network security rules (i.e. for DNS, DHCP, etc.). These rules are separated from user-defined rules and they can be enabled or disabled.
Whenever Kerio Personal Firewall detects traffic which does not meet any rule, user will be asked to permit or deny the communication. Optionally, a corresponding application or packet filter rule can be created automatically upon this decision.
The Behavior Blocking module controls running applications in the operating system. The following event types are controlled:
running applications
replacements of the application's executable file since the last startup (application replacement)
running another application by the particular application
Like in case of network traffic, rules for individual applications can be defined. These rules either permit or deny the event, eventually they ask user. If a communication does not meet any rule, Kerio Personal Firewall automatically asks user to permit or deny running the application.
Note: Kerio Personal Firewall 4.x (unlike older versions) controls running of all applications, regardless of the fact whether they participate in network communication or not. When infected, the firewall is more reliable than any antivirus (if the virus is new and it is not included in a particular virus database, antivirus is not able to detect it — Kerio Personal Firewall detects replacement of the executable file and warns user).
The Network Intrusion Detection and Prevention System (NIPS) can distinguish, block and log known intrusion types. For this purpose Kerio Personal Firewall uses database of known intrusions. This database is updated regularly (updated database is included in new product versions).
Host intrusion detection and prevention system (HIPS — Host Intrusion Prevention System) detects attempts for misuse of running applications and processes to execute malicious code.
This module enables the following features:
blocking of ads (according to URI/URL rules), scripts and other Web items
blocking of pop-up windows
blocking of scripts (JavaScript, VBScript)
protection from undesirable cookies storage and outflow of private data from Web application forms.
Exceptions (specific settings) can be defined for trustful servers and for cases when filtering might cause malfunctions.
Kerio Personal Firewall's low-level driver protects the computer even when the firewall is not running (e.g. during the operation system reboot or during an installation of a new version of the firewall). This implies that the computer is protected all time it is available to external stations.
The following functions and features are also provided by Kerio Personal Firewall:
Use this button (or the option in the menu) to stop all traffic on the computer on which Kerio Personal Firewall is installed (so called network lock). This function may be very helpful especially when an undesirable or a queer network activity is detected — traffic can be restored when appropriate actions are taken.
Each firewall module creates an independent log which is stored into a text file. Logs can be viewed in Kerio Personal Firewall configuration dialog. Optionally, logs can be stored on a Syslog server.
The overview provides information on established connections and ports opened by individual applications. Information on current speed and size of transmitted data in both directions is also provided for active connections. The overview is refresh automatically in predefined time intervals.
Statistics inform user on number of objects blocked by the Web content filter and number of detected intrusions per a certain time period.
Kerio Personal Firewall performs regular checks for new versions. Whenever a new version is detected, download and installation is offered. Checks for new versions can be also performed by hand.
Warning: None of the versions of the Kerio Personal Firewall 4 can be used on Windows Server operating systems, such as Windows NT Server, Windows 2000 Server and Windows Server 2003.