- Personal Firewall Engine
Core of the Kerio Personal Firewall. It is running as a service (Windows NT 4.0 or later) or in the background (Windows 98 and Me).
The Personal Firewall Engine service is stored in the
kpf4ss.exefile in the installation directory of Kerio Personal Firewall.- Low-level drivers
Kerio Personal Firewall's low-levels driver are implemented into the core of an operating system during its startup. They are located between drivers of network interfaces and the TCP/IP subsystem.
Network traffic low-level driver
The network traffic low-level driver detects and processes all incoming and outgoing IP traffic. It allows and blocks traffic in accordance with the firewall policy and controls running of applications and processes in the system.
Host intrusions low-level driver
This low-level driver detects (and blocks — depending on settings in the user interface) Buffer overflow and Code injection intrusion types.
Both low-level drivers are stored in Windows system directory:
as the
fwdrv.sysfile typically in theC:\WINNT\system32\driversdirectory under the Windows NT and Windows 2000 operating systemsas the
fwdrv.sysandkhips.sysfiles, typically in theC:\WINDOWS\system32\driversdirectory under the Windows XP operating systemas the
fwdrv.vxdandkhips.sysfiles, typically in theC:\WINDOWS\systemdirectory under the Windows 98 and Windows Me operating systems
- Personal Firewall GUI
User interface of Kerio Personal Firewall (GUI — Graphical User Interface).
The Personal Firewall GUI component is automatically started by the Personal Firewall Engine service (when it is started or everytime it detects that the user interface is not running). When it is running, the Personal Firewall GUI is represented by a shield icon on the System Tray.
Right-click on the icon on the System Tray to open Kerio Personal Firewall configuration dialog or to use another option from the menu (stopping network traffic, disabling firewall, etc.). For details refer to chapter 4.2. Icon on the Systray.
The Personal Firewall GUI is represented by the
kpf4gui.exefile which can be found in the Kerio Personal Firewall installation directory.- Crashdump sender
This tool sends crashdump to the Kerio Technologies when Kerio Personal Firewall breaks down. It is represented by the
assist.exefile.- Libraries
The components of the Kerio Personal Firewall described above use the following dynamic libraries (DLL):
kfe.dll— an interface of the low-level driver. This interface enables traffic between the driver and the Personal Firewall Engine.gkh.dll— a module used for hot key control. This module disables the pop-up filter temporarily.kwsapi.dll— the interface for the Windows Security Center (used for registration of the Kerio Personal Firewall and display of its status).KTssleay32_0.9.7.dll,libeay32_0.9.7.dll— an OpenSSL library which provides encryption of configuration files and of communication between the Personal Firewall GUI and the Personal Firewall Engine.KTiconv.dll— aniconv library which encodes and deciphers characters e.g. during Web content filtering, logging, etc.KTzlib.dll— a zlib library which is used for crashdump packing.
Kerio Personal Firewall supports Fast User Switching in Windows XP.
Multiple Personal Firewall GUI instances can be open at any moment. In such cases Personal Firewall Engine communicates with the session which belongs to the currently active user.
After startup of the operating system and the Personal Firewall Engine service, the first instance is executed that runs under the system account (or the account under which the Personal Firewall Engine service is executed). Upon user login a new instance of the Personal Firewall GUI is executed, running with the privileges of the logged user. This instance is active until the user logs off (the instance is terminated) or the user-switch function is used (the instance is only deactivated).