Application Level Filtering

One of the most important NCF features is application-level filtering. This lets you decide which applications should have access and which should not.

The dialog box used to control applications can be accessed by right-clicking the system tray icon and then clicking Options > Application. You can also access it from the main window using the Options > Application menu path.

Figure 10
Options (Application Tab)

NCF divides applications into three categories:

There is no need to add your applications to these groups manually. Rules Wizard automatically does this for you.

You can change an application's status at any time. Applications can simply be dragged-and-dropped from one category to another.

You can also directly add an application by either of the following methods:

If the same application is already listed in another category, it will be deleted from that other category.

To change any of the detailed settings for the selected application, click Edit.

Whenever an application is dragged to the Partially Allowed applications category of the Options > Application tab, or is in any other way added to this category, the Rules dialog box is displayed.

Figure 11
Rules Dialog Box

Using this dialog box, you have full control of any of the different protocol settings by selecting it and then clicking Modify. For details, see Creating Rules for Applications.

A simpler approach is to use the Preset button to select the general type of application that best applies. The settings for these presets are optimized for most purposes. We recommend that even advanced users use these presets and then modify their settings later as needed.

It is possible to create several different rules for the same application. However, NCF uses the first instance of a rule having criteria that matches the application's activity and ignores all subsequent ones. The rules in the firewall rules list are processed in the order in which they are listed. When a rule matches, searching of the rules list stops. In other words, any other rules that match this type of communication are ignored if they are further down the list than the first rule that matches. You can use the Move Up and Move Down buttons to change the sequence of rules and determine which NCF will use. If no rule is found, NCF displays the Rules Wizard dialog box or simply blocks the connection, depending on whether you are running NCF in Rules Wizard or Block Most mode. An empty check box in the list of rules means that rule will not be applied.

Clicking the Preset button displays a drop-down list similar to the following:


Preset button options

For more information about rule creation, see Creating Rules for Applications.

NCF not only monitors applications but also monitors the components of each application. So, when a component of an application has changed and the application is about to establish a connection, NCF will ask you to allow or permit this. The purpose of the Component Control is to make sure those components are not fake and malicious. Some Trojan horses can be injected as a module of a legitimate application (for example, your browser) and thereby gain the privileges needed to go online. NCF allows you to view the components it monitors for each application by clicking the Components button in the Applications dialog box, which displays the following window:

Figure 13
Components Window

You can view the details of any component by selecting it. You can remove a component from the list by selecting it and then clicking Remove.

You can also select one of the Component Control levels by clicking the drop-down menu at the top of the window: