You can enable the Alert dialog in Kerio Personal Firewall rules or by running a corresponding application. This dialog will appear when a packet is sent or received that meets the conditions of the rule. A window providing information on the connection will be displayed in the right bottom corner of the screen. If other events meeting the rule are detected while this window is open, they will be queued. The queue can be listed in both directions using the arrow buttons.
Warning: If you close the Alert dialog (by clicking on the cross button at the right top of the window or using the Alt+F4 keys), all queued alerts will be removed, regardless of the fact that they have been displayed or not!
The Alert window provides the following information:
Time — date and time when the connection was initiated
Rule descr. — description (name) of a used traffic rule: Application startup,
Application change (change of the executable file of the application) or Application launches another application
Application — icon and name of the local application used for the communication (if this application has no icon, a default system icon will be used; if no name is available for the application, the name of the corresponding executable file will be displayed)
Remote — IP address and port of the remote computer (if a name can be identified using DNS, this name will be displayed instead of the IP address; the protocol name will be displayed before the port number for standard services)
Details — connection details: direction (Outgoing or Incoming), protocol and local port
Action — action which has been taken (Permitted or Denied)
sequence number of the alert in the queue (the total count of alerts will grow when new alerts are generated by Kerio Personal Firewall)
buttons to list in the alert queue — function of buttons from left to right: go to the first/previous/next/last alert
For detailed information on network communication rules refer to chapter 7.2. Rules for Applications.
The Alert dialog includes the following items:
Time — date and time of the event
Rule descr. — description of detected event:
Starting application — an application was started
Replacing application — replacement of application's executable file
Application is launching other application — the running application is attempting to launch another application
Application — icon and name of a local application participating in the communication (if no icon is available, the standard system icon will be used; if application name is not available, name of a corresponding executable file without extension will be displayed)
Launched by — name (description) of an application by which the application is launched
Action — action that was Permitted by a corresponding rule (starting application Permitted/Denied).
For details on running application rules see chapter 13.2. Application Rules.