Firewall mods + Port Scan

Rock.87
Rock.87 Defender of the month ✭✭✭

Firewall mods are not well defined on bit's web site :
https://www.bitdefender.com/consumer/support/answer/2082/

I need more specific information. I don't have a local network connected to my PC. Do I need Bitdefender's Stealth Mode? Can it enhance security? What are the advantages and disadvantages? Could it impact online gaming or overall performance?

The same questions apply to enabling Port Scan Protection.

Considering my setup, is a Private Network the best option or is Dynamic Network more reliable? How might a Private Network affect online gaming and internet performance? Between Private and Dynamic Network, which offers the best security within Bitdefender's firewall, and what are the specific benefits and drawbacks of each?


Answers

  • If it's a home network, Home/Office is always recommended. Bitdefender applies a basic set of firewall settings depending on the type of network you are connected to.
    It can be set to:

    Dynamic - Let the firewall choose between Home/Office & Public
    Home/Office - Allow all traffic between your computer and computers in the local network. (since you don't have a local network, this would be the setup to use).
    Public - All traffic is filtered.

    Stealth Mode ON may cause connectivity issues. Thus, it's recommended to keep it OFF in this setup.

    Stealth Mode - whether you can be detected by other computers.
    It can be set to:
    ON - Your computer is invisible from both the local network and the Internet.
    OFF - Anyone from the local network can ping and detect your computer (again, since there's no local network, this is the recommended setup).

    Premium Security & Bitdefender Endpoint Security Tools user

  • As for Port scan protection, like the description there says, it detects and blocks attempts to find out which ports are open. Port scans are frequently used by hackers to find out which ports are open on your device. They might then break into your device if they find a less secure or vulnerable port. I think that when it comes to a home network, most devices don't need to expose ports to the internet, so open ports should already be minimized.
    However, devices like smart home gadgets, gaming consoles, or security cameras could potentially be targeted if ports are unintentionally left open. I think that having port scan protection enabled via the firewall adds an extra layer of defense.

    When it comes to a good game experience while running any antivirus, it's generally recommended to make good use of the available profiles, as I think most security solutions provide this option in one form or another. With Bitdefender, you can enable and configure the Game Profile to your liking and this may help improve the overall gaming experience.

    https://www.bitdefender.com/consumer/support/answer/2066/

    Apart from this, Port scan protection should really not interfere with this, just keep in mind the Home/Office & Stealth Mode setups described above.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Rock.87
    Rock.87 Defender of the month ✭✭✭
    edited November 22

    @Alexandru_BD

    would you like to explain more about :

    ON - Your computer is invisible from both the local network and the Internet

    If my PC isn't visible to the internet, what are the implications? What are the pros and cons?

    Is a Dynamic rule the best option? Considering potential software bugs and firewall errors, is a Public rule a safer alternative? Could choosing a Public rule potentially hinder online gaming or browsing, especially when using a VPN like Bitdefender?




  • OK. I will expand more on this, as far as my knowledge allows.
    Some software requires bidirectional communication or incoming connections to function properly (e.g., remote desktop, gaming, video conferencing, or file-sharing applications). With stealth mode enabled, the computer can no longer communicate with such software because it's not visible to those apps. Also, if something goes wrong with your network connectivity, stealth mode can make diagnosing the issue more challenging, as the computer won't respond to basic network diagnostics (e.g., pings). Stealth mode can also make collaboration harder on local networks, such as sharing files or participating in multiplayer games or team applications.
    To maintain functionality, you may be required to create exceptions in the firewall for trusted applications, devices, or services, etc.

    Furthermore, VPNs or security tools usually rely on network visibility to route traffic or verify connectivity. Stealth mode could disrupt their operation if not configured properly. So, I think it really depends on your system configuration, network settings and other programs and activities that you run on your device. It's up to you if you wish to enable it or leave it disabled, and you can also test it to see how it behaves in the context of your usage of the device.

    As for pros, stealth mode prevents your computer from responding to unsolicited network probes or pings, making it harder for attackers to detect its presence. This reduces the likelihood of targeted attacks. It prevents local network devices or external systems from establishing unauthorized connections, adding an extra layer of security against malware, hackers, or unauthorized users. By being "invisible," your computer won't appear on network scans, reducing the chances of exploitation via known vulnerabilities. It also reduces exposure to devices or applications on the local network that may attempt to gather information about your system.

    Essentially, I think stealth mode is recommended especially on public or unsecured networks, and when you don't need to interact with local network devices or services. I think it's best to avoid using it if you rely heavily on local network devices or collaborative tools that require discovery and communication, or if configuring exceptions for critical applications is an inconvenience for you. I think an assessment should be made beforehand, for balancing security needs with functionality, then you can decide whether Stealth Mode aligns with your computing environment.
    Like I said, Home/Office would be the recommended setup in your case, since you mentioned that you don't have a local network connected to your PC.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Rock.87
    Rock.87 Defender of the month ✭✭✭

    @Alexandru_BD Thx for providing an awesome info , you said ''

    Home/Office would be the recommended setup in your case, since you mentioned that you don't have a local network connected to your PC.

    Home office firewall rule is for the pc in small office or connected to the devices in the home , is not it ?
    Does bit's home office firewall rule handles the traffic automatically like bit vpn or other apps ? and does the public network reduces the internet speed ? As most of the people said to me that ever use the public network rule , is home/office safe enough & provides the best level of security ? or its best for the small business or few pc's in the home? i mean is it secure enough?

  • Hi,

    Here's a breakdown of the available options:

    Dynamic – the network type will be automatically set based on the profile of the connected network, Home/Office or Public. When this happens, only Firewall rules for the specific network type or those defined to apply to all network types will apply.

    Home / Office–the network type will always be Home /Office, disregarding the profile of the connected network. When this happens, only Firewall rules for Home/Office or those defined to apply to all network types will apply.

    Public - the network type will always be Public, disregarding the profile of the connected network. When this happens, only Firewall rules for Public or those defined to apply to all network types will apply.

    Premium Security & Bitdefender Endpoint Security Tools user