Firewall, stealth mode and local LAN access


Hi, just testing BD Total Security as I'm thinking of coming back to BD after a few years with Webroot. I'm liking the product for speed and ease of use, but would like a better understanding of what some of the options do. In particular I'm having issues with Stealth Mode and the local LAN.



With Stealth Mode enabled I'm unable to ping machines on the LAN. After a chat session with a very helpful support tech, I used this link to resolve it:

https://www.bitdefender.com/consumer/support/answer/13428/



So I not only have to turn Stealth Mode off, I also have to create a firewall exception for 192.168.1.0/24 in order to be able to ping between machines on the network. I had hoped that the firewall exception would override the Stealth Mode option for the specified network so I could leave Stealth Mode enabled.



Can someone kindly explain what Stealth Mode is supposed to do, and what I risk by leaving it disabled?



And has anyone else had issues pinging machines on the local network with Stealth Mode enabled? Is that how it is supposed to work?



Many thanks!

Comments


  • Hi, 



    You will need to disable Stealth Mode yes, and additionally, you will need to either create a rule to allow a specific IP on that computer, or a general rule that can apply to all applications and ICMP protocol, if you wish to avoid having to add IP rules for each computer. 


     


    image.png


     


     


  • Hi, is it possible to specify specific application in Windows 10 and not to us All Application switch?


    Thx for replay in advance.


  • Hi, 



    Yes. You just need to disable the All Applications switch, then click on Browser from that screen. 



    Thank you!


  • Hi,


    but my question was, if it is possible to disable one application not all and which one is it. 


    Regards


  • If you want to block a specific application, just select that application by clicking on Browse, then click the Permission switch to off, which will mean that the Firewall will block it. Individual application rules have greater priority than a general rule that applies to all applications. 


  • Hi, it’s clear for me. But I wanted you to let me know which application/process is reponsible for answerring for Ping request in Windows 10. I was trying to find out this app or process but without success.


  • Hi Jarek, 



    Pings use the icmp protocol, do you wish to stop others from pinging your computer?



    In that case you can create a rule that applies to all applications and which blocks the ICMP protocol, see below:


     


    image.png


     


    If under Direction you choose Outbound, you will not be able to ping websites/other computers yourself, and both blocks pings in both directions.


    You can also create another rule with ICMPv6 protocol. 



  • On 12/3/2018 at 12:14 PM, Sergiu C. said:



    If you want to block a specific application, just select that application by clicking on Browse, then click the Permission switch to off, which will mean that the Firewall will block it. Individual application rules have greater priority than a general rule that applies to all applications. 



    Hello, i know this is an old post, but i have a similar problem. I want to block a certain app from accessing internet both directions(in/out) but allow it to connect in lan with other pc, again inbound and outbound. How can i do that without affecting other apps(using bitdefender internet security 2019) Thanks in advance.

  • Roxana G
    Roxana G
    edited March 2019


    2 hours ago, testing12 said:



    Hello, i know this is an old post, but i have a similar problem. I want to block a certain app from accessing internet both directions(in/out) but allow it to connect in lan with other pc, again inbound and outbound. How can i do that without affecting other apps(using bitdefender internet security 2019) Thanks in advance.



    Hello Testing12,


    Please try to create a rule in Bitdefender Firewall for the exe. file of the application you want to block form accessing internet:


    1.     Bring up the Bitdefender interface and go to Protection 



    2.     Click Settings under FIREWALL



    3.     In the Rules tab, click on Add rule



    4.     In the window at Program path add the exe file of the app on the Settings tab



    5.     Uncheck permission



    Now create a new rule for this exe in order to allow connection to Lan with other PC, proceed as above from 1-4 and proceed as below:



     



    1.     On Settings tab enable Permission



    2.     On the Advanced tab switch ON Custom Remote Address and enter the IP address of the network device in the IP field( You can add /24 at the end of an address such as 192.168.0.0 , in order to have the rule apply for all IPs between 192.168.0.0 and 192.168.0.2554, should be something like: 192.168.0.1/24). To find out the IP please refer to its user manual.



    3.     Enter a port number only if you wish to apply the IP exception to a single port, otherwise leave the Port(s) field blank



    4.     Click OK to save your custom network exception rule.



     



    Let us know if this works.


  • On 11/2/2018 at 11:35 AM, john_u said:



    Hi, just testing BD Total Security as I'm thinking of coming back to BD after a few years with Webroot. I'm liking the product for speed and eas     Audacity Find My iPhone Origin          e of use, but would like a better understanding of what some of the options do. In particular I'm having issues with Stealth Mode and the local LAN.



    With Stealth Mode enabled I'm unable to ping machines on the LAN. After a chat session with a very helpful support tech, I used this link to resolve it:

    https://www.bitdefender.com/consumer/support/answer/13428/



    So I not only have to turn Stealth Mode off, I also have to create a firewall exception for 192.168.1.0/24 in order to be able to ping between machines on the network. I had hoped that the firewall exception would override the Stealth Mode option for the specified network so I could leave Stealth Mode enabled.



    Can someone kindly explain what Stealth Mode is supposed to do, and what I risk by leaving it disabled?



    And has anyone else had issues pinging machines on the local network with Stealth Mode enabled? Is that how it is supposed to work?



    Many thanks!



    Windows 10 and not to us All Application switch?



  • On 3/11/2019 at 4:22 PM, Roxana G said:



    Hello Testing12,


    Please try to create a rule in Bitdefender Firewall for the exe. file of the application you want to block form accessing internet:


    1.     Bring up the Bitdefender interface and go to Protection 



    2.     Click Settings under FIREWALL



    3.     In the Rules tab, click on Add rule



    4.     In the window at Program path add the exe file of the app on the Settings tab



    5.     Uncheck permission



    Now create a new rule for this exe in order to allow connection to Lan with other PC, proceed as above from 1-4 and proceed as below:



     



    1.     On Settings tab enable Permission



    2.     On the Advanced tab switch ON Custom Remote Address and enter the IP address of the network device in the IP field( You can add /24 at the end of an address such as 192.168.0.0 , in order to have the rule apply for all IPs between 192.168.0.0 and 192.168.0.2554, should be something like: 192.168.0.1/24). To find out the IP please refer to its user manual.



    3.     Enter a port number only if you wish to apply the IP exception to a single port, otherwise leave the Port(s) field blank



    4.     Click OK to save your custom network exception rule.



     



    Let us know if this works.



    Hi,

    I have the same problem as Testing12 but your solution doesn't work for me. 


    If I don't allow access to the certain program in rule 1, and in rule 2 I want the program to be able to communicate on certain IP it just doesn't work. Rule1 has higher priority and it doesn't allow any other access.


     


    I have 2 directly connected PCs and I need a certain program to be able to communicate between these PCs without accessing the internet. Is it possible?


    I tried to restrict communication just on the IP address of the second PC but no matter what IP I inserted in "Custom Remote Address" program were able to communicate.

    For example: IP of my second PC is 192.168.1.2. which I typed in "Custom Remote Address" on PC1 and the program were able to communicate which is ok. But then I tried a different IP and program were still able to communicate. This is weird to me. I assumed that programs will communicate just on second PC IP. 


    Thanks for your support 



  • On 4/5/2019 at 3:14 PM, mixed said:



    Hi,

    I have the same problem as Testing12 but your solution doesn't work for me. 


    If I don't allow access to the certain program in rule 1, and in rule 2 I want the program to be able to communicate on certain IP it just doesn't work. Rule1 has higher priority and it doesn't allow any other access.


     


    I have 2 directly connected PCs and I need a certain program to be able to communicate between these PCs without accessing the internet. Is it possible?


    I tried to restrict communication just on the IP address of the second PC but no matter what IP I inserted in "Custom Remote Address" program were able to communicate.

    For example: IP of my second PC is 192.168.1.2. which I typed in "Custom Remote Address" on PC1 and the program were able to communicate which is ok. But then I tried a different IP and program were still able to communicate. This is weird to me. I assumed that programs will communicate just on second PC IP. 


    Thanks for your support 



    Hello Mixed,


    You may try the workaround below:


    - enable Alert Mode


    - when you receive the notification regarding the application you want to be able to communicate on a certain IP, select block


    - then manually create a rule where you allow the application and from Advanced tab, on Custom Remote IP, add the IP and port(anything that you will see after "to" in the notification