This section allows you to define how the Firewall engine manages traffic on your computer when connected to a network. It also provides advanced module customization options which allow you to set the module to match your own security needs or your network configuration.
It can be accessed through BullGuard’s main window, by clicking on the menu button from the Firewall section and selecting Settings.
Turn Firewall Protection on or off: allows you to enable or disable the Firewall engine.
- Automatically create rules for known programs: allows the Firewall to create a rule for each program found in the ‘Known Application’ database. The Firewall will only display a pop-up message in the lower right corner of the screen notifying you that an application has been automatically allowed to connect to the internet.
- Show only important notifications: if checked, only important notifications are displayed.
To access the Firewall's subsections, click on the Advanced button from the upper right corner of the window.
- Send allowed and denied programs to BullGuard for analysis: allows users to upload the executable file to the BullGuard servers, thus helping BullGuard to build a better list of trusted versus untrusted applications
The information present in the Security tab is directly related to the network attack protection offered by the BullGuard Firewall. The options in this tab will provide you with means to customize the Firewall attack detector to your network’s specifications.
Enable attack detection: Will enable or prevent the BullGuard Firewall from blocking network attacks. We recommend you keep this option enabled at all times.
Respond to ping: Enables ping reply in your network (useful for testing the connection between computers). It is advisable to leave this option unchecked, unless you have a specific reason to enable it.
Automatically block intruders: For each detected attack, you can set the Firewall to block the source IP for a specified amount of time. The default value is 300 seconds.
Configure: Opens the Blocked Hosts window, where you can see and edit the blocked hosts list.
Block period: Specify the blocking period in seconds.
Trusted hosts: in the rare cases of ‘false positive’ attack detection, when a legitimate computer has been blocked by the Firewall, you can choose to unban that IP and add it to the Trusted hosts lists, thus exempting that IP from any future checks by the Firewall attack detection system.
Intrusion detection alerts
If attack detection is enabled, every time the intrusion detection system detects a network attack, a pop-up message will appear in the lower-right corner of the screen.
Click here for more details will display more information about the network attack BullGuard stopped, such as the attack name, attacker IP, attacked port and event time.
Firewall logs can be accessed by selecting the Firewall section in the Messaging Centre, and accessing the Activity tab.
Activity: This section holds a list of all the log files from previous Firewall events, such as intercepted executable files, or blocked network attacks. To open a specific log file, click on it to expand it. You will be able to see a short summary of the event. For more information, click on the More info button. This action will open a new window with the report details: