Personal Firewall Control
A Personal firewall is used to protect endpoints by restricting incoming and outgoing connections and communications according to specific rules or policies. The Cybereason platform enables you to control the endpoint firewalls through Personal firewall control. When you enable Personal firewall control feature in your sensor policy, you permit the Cybereason platform to manage personal firewalls on endpoints, either for all network profiles or for specific network profiles.
For details on supported platforms for this feature, see Endpoint machine prevention features.
Note
The Cybereason platform does not support running Personal firewall control alongside a third-party endpoint product that also manages the endpoint’s firewall. In such cases, you must disable firewall control on one of the products. In addition, if your Group Policy Object (GPO) includes endpoint firewall rules, the GPO rules may conflict with the Cybereason platform firewall rules.
In this topic:
Network profiles
You can use any of the following network profiles for Personal firewall control:
Name |
Description |
---|---|
Domains |
Networks associated with a specific Active Directory domain. |
Private Networks |
Networks that are not directly accessible by the public, such as isolated home or office networks. |
Public Networks |
Shared networks that do not include protection between the endpoint and other endpoints. |
When you select a network profile, the Cybereason platform triggers default firewall rules for that network profile. Firewall rules associated with the Public Networks profile are the most restrictive.
You can also use CSV files to add a set of custom rules for inbound and outbound connections. For more details, see Custom Firewall Rules.
How the Personal firewall control status affects network profile settings
When you switch the Personal firewall feature on or off, the network profile checkboxes are automatically selected or cleared, respectively. In addition, the status of the Personal firewall feature determines whether the Cybereason platform maintains custom firewall rules, and how the Cybereason platform manages the network profile settings in the operating system firewall. The table below describes relevant scenarios and results.
Important
When you switch Personal firewall control to Off, the Cybereason platform stops managing the operating system firewall and removes any existing custom firewall rules. This change does not affect the network profile settings that previously existed on the operating system firewall. For more information, see the Disable Personal firewall control scenario in the table below.
Scenario |
Steps |
Result |
Operating system behavior |
---|---|---|---|
Switch on Personal firewall control |
|
|
|
Disable Personal firewall control |
|
|
The Cybereason platform no longer manages the operating system firewall. Therefore, no changes are made to the operating system firewall. For example, if the domain and network profiles were previously active, after this change, these profiles remain active. Only the Cybereason custom firewall rules are removed. |
Disable the operating system firewall via the Cybereason platform |
|
|
|
For more details on the Personal firewall control status that is visible in the System > Sensors screen, see View Personal firewall control modes in the Sensors screen.
View Personal firewall control modes in the Sensors screen
You can view endpoints’ Personal firewall control modes for single endpoints or for groups of endpoints in the System > Sensors screen.
To display the Personal firewall control modes, above the sensors list, click Columns and select the Firewall control column.
The Personal firewall control modes are displayed in the sensors table:
You can see any of the following modes for Personal firewall control:
Mode |
Description |
---|---|
On |
Personal firewall control is enabled for all network types. The Personal Firewall control toggle in the System > Policies Management > Endpoint controls screen is turned on and the Domains, Private networks, and Public networks checkboxes are all selected. |
Disabled |
The Disabled status indicates one of the following options:
|
Advanced |
Personal firewall control is enabled for some network types. The Personal Firewall control toggle in the System > Policies Management > Endpoint controls screen is turned on. |
Misconfigured rules |
This mode indicates either that the custom firewall rules CSV file includes a rule that Windows API defined as incorrect, or that a user manually removed a custom firewall rule using the operating system firewall. For more details on rule validation, see Custom firewall rules validation. |
The information in the Firewall control column is also used as metadata if you export the table to a CSV file.