Monday, February 18, 2008

McAfee Personal Firewall

McAfee Personal Firewall

Personal Firewall offers advanced protection for your computer and your personal data. Personal Firewall establishes a barrier between your computer and the Internet, silently monitoring Internet traffic for suspicious activities.

Note: SecurityCenter reports critical and non-critical protection problems as soon as it detects them. If you need help diagnosing your protection problems, you can run McAfee Virtual Technician.

In this chapter

Personal Firewall features

Personal Firewall provides the following features.

Standard and custom protection levels

Guard against intrusion and suspicious activity using Firewall's default or customizable protection settings.

Real-time recommendations

Receive recommendations, dynamically, to help you determine whether programs should be granted Internet access or network traffic should be trusted.

Intelligent access management for programs

Manage Internet access for programs, through alerts and Event Logs, and configure access permissions for specific programs.

Gaming protection

Prevent alerts regarding intrusion attempts and suspicious activities from distracting you during full-screen gameplay.

Computer startup protection

As soon as Windows® starts, Firewall protects your computer from intrusion attempts, unwanted programs and network traffic.

System service port control

Manage open and closed system service ports required by some programs.

Manage computer connections

Allow and block remote connections between other computers and your computer.

HackerWatch information integration

Track global hacking and intrusion patterns through HackerWatch's Web site, which also provides current security information about programs on your computer, as well as global security events and Internet port statistics.

Lockdown Firewall

Instantly block all inbound and outbound traffic between your computer and the Internet.

Restore Firewall

Instantly restore Firewall's original protection settings.

Advanced Trojan detection

Detect and block potentially malicious applications, such as Trojans, from relaying your personal data to the Internet.

Event logging

Track recent inbound, outbound, and intrusion events.

Monitor Internet traffic

Review worldwide maps showing the source of hostile attacks and traffic. In addition, locate detailed owner information and geographical data for originating IP addresses. Also, analyze inbound and outbound traffic, monitor program bandwidth and program activity.

Intrusion prevention

Protect your privacy from possible Internet threats. Using heuristic-like functionality, McAfee provides a tertiary layer of protection by blocking items that display symptoms of attacks or characteristics of hacking attempts.

Sophisticated traffic analysis

Review both inbound and outbound Internet traffic and program connections, including those that are actively listening for open connections. This allows you to see and act upon programs that can be vulnerable to intrusion.

Starting Firewall

As soon as you install Firewall, your computer is protected from intrusion and unwanted network traffic. In addition, you are ready to handle alerts and manage inbound and outbound Internet access for known and unknown programs. Smart Recommendations and Trusting security level (with the option selected to allow programs outbound-only Internet access) are automatically enabled.

Although you can disable Firewall from the Internet & Network Configuration pane, your computer will no longer be protected from intrusion and unwanted network traffic, and you will be unable to effectively manage inbound and outbound Internet connections. If you must disable firewall protection, do so temporarily and only when necessary. You can also enable Firewall from the Internet & Network Configuration panel.

Firewall automatically disables Windows® Firewall and sets itself as your default firewall.

Note: To configure Firewall, open the Internet & Network Configuration pane.

In this chapter

Start firewall protection

You can enable Firewall to protect your computer from intrusion and unwanted network traffic, as well as manage inbound and outbound Internet connections.

  1. On the McAfee SecurityCenter pane, click Internet & Network, and then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is disabled, click On.

Stop firewall protection

You can disable Firewall if you do not want to protect your computer from intrusion and unwanted network traffic. When Firewall is disabled, you cannot manage inbound or outbound Internet connections.

  1. On the McAfee SecurityCenter pane, click Internet & Network, and then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Off.

Working with alerts

Firewall employs an array of alerts to help you manage your security. These alerts can be grouped into three basic types:

  • Red alert
  • Yellow alert
  • Green alert

Alerts can also contain information to help you decide how to handle alerts or get information about programs running on your computer.

In this chapter

About alerts

Firewall has three basic alert types. As well, some alerts include information to help you learn or get information about programs running on your computer.

Red alert

A red alert appears when Firewall detects, then blocks, a Trojan on your computer, and recommends that you scan for additional threats. A Trojan appears to be a legitimate program, but can disrupt, damage, and provide unauthorized access to your computer. This alert occurs in every security level, except Open.

Yellow alert

The most common type of alert is a yellow alert, which informs you about a program activity or network event detected by Firewall. When this occurs, the alert describes the program activity or network event, and then provides you with one or more options that require your response. For example, the New Network Detected alert appears when a computer with Firewall installed is connected to a new network. You can choose to trust or not trust the network. If the network is trusted, Firewall allows traffic from any other computer on the network and is added to Trusted IP Addresses. If Smart Recommendations is enabled, programs are added to the Program Permissions pane.

Green alert

In most cases, a green alert provides basic information about an event and does not require a response. Green alerts are disabled by default, and usually occur when Standard, Trusting, Tight, and Stealth security levels are set.

User Assistance

Many Firewall alerts contain additional information to help you manage your computer's security, which includes the following:

  • Learn more about this program: Launch McAfee's global security Web site to get information about a program that Firewall has detected on your computer.
  • Tell McAfee about this program: Send information to McAfee about an unknown file that Firewall has detected on your computer.
  • McAfee recommends: Advice about handling alerts. For example, an alert can recommend that you allow access for a program.

Managing informational alerts

Firewall allows you to display or hide informational alerts when it detects intrusion attempts or suspicious activity during certain events, for example, during full-screen gameplay.

In this chapter

Display alerts while gaming

You can allow Firewall informational alerts to be displayed when it detects intrusion attempts or suspicious activity during full-screen gameplay.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Configure.
  3. On the SecurityCenter Configuration pane, under Alerts, click Advanced.
  4. On the Alert Options pane, select Show informational alerts when gaming mode is detected.
  5. Click OK.

Hide informational alerts

You can prevent Firewall informational alerts from being displayed when it detects intrusion attempts or suspicious activity.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Configure.
  3. On the SecurityCenter Configuration pane, under Alerts, click Advanced.
  4. On the SecurityCenter Configuration pane, click Informational Alerts.
  5. On the Informational Alerts pane, do one of the following:
    • Select Do not show informational alerts to hide all informational alerts.
    • Clear an alert to hide.
  6. Click OK.

Configuring Firewall protection

Firewall offers a number of methods to manage your security and to tailor the way you want to respond to security events and alerts.

After you install Firewall for the first time, your computer's protection security level is set to Trusting and your programs are allowed outbound-only Internet access. However, Firewall provides other levels, ranging from highly restrictive to highly permissive.

Firewall also offers you the opportunity to receive recommendations on alerts and Internet access for programs.

In this chapter

Managing Firewall security levels

Firewall's security levels control the degree to which you want to manage and respond to alerts. These alerts appear when it detects unwanted network traffic and inbound and outbound Internet connections. By default, Firewall's security level is set to Trusting, with outbound-only access.

When Trusting security level is set and Smart Recommendations is enabled, yellow alerts provide the option to either allow or block access for unknown programs that require inbound access. When known programs are detected, green informational alerts appear, and access is automatically allowed. Allowing access lets a program create outbound connections and listen for unsolicited incoming connections.

Generally, the more restrictive a security level (Stealth and Tight), the greater the number of options and alerts that are displayed and which, in turn, must be handled by you.

The following table describes Firewall's six security levels, starting from the most restrictive to the least:

Level

Description

Lockdown

Blocks all inbound and outbound network connections, including access to Web sites, e-mail, and security updates. This security level has the same result as removing your connection to the Internet. You can use this setting to block ports you set to open on the System Services pane.

Stealth

Blocks all inbound Internet connections, except open ports, hiding your computer's presence on the Internet. The firewall alerts you when new programs attempt outbound Internet connections or receive inbound connection requests. Blocked and added programs appear on the Program Permissions pane.

Tight

Alerts you when new programs attempt outbound Internet connections or receive inbound connection requests. Blocked and added programs appear on the Program Permissions pane. When the security level is set to Tight, a program only requests the type of access it requires at that time, for example outbound-only access, which you can either allow or block. Later, if the program requires both an inbound and an outbound connection, you can allow full access for the program from the Program Permissions pane.

Standard

Monitors inbound and outbound connections and alerts you when new programs attempt Internet access. Blocked and added programs appear on the Program Permissions pane.

Trusting

Allows programs to have either inbound and outbound (full) or outbound-only Internet access. The default security level is Trusting with the option selected to allow programs outbound-only access.

If a program is allowed full access, then Firewall automatically trusts it and adds it to the list of allowed programs on the Program Permissions pane.

If a program is allowed outbound-only access, then Firewall automatically trusts it when making an outbound Internet connection only. An inbound connection is not automatically trusted.

Open

Allows all inbound and outbound Internet connections.

Firewall also allows you to immediately reset your security level to Trusting (and allow outbound-only access) from the Restore Firewall Protection Defaults pane.

In this section

Set security level to Lockdown

You can set Firewall's security level to Lockdown to block all inbound and outbound network connections.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, move the slider so that Lockdown displays as the current level.
  4. Click OK.

Set security level to Stealth

You can set the Firewall security level to Stealth to block all inbound network connections, except open ports, to hide your computer's presence on the Internet.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, move the slider so that Stealth displays as the current level.
  4. Click OK.

Note: In Stealth mode, Firewall alerts you when new programs request outbound Internet connection or receive inbound connection requests.

Set security level to Tight

You can set the Firewall security level to Tight to receive alerts when new programs attempt outbound Internet connections or receive inbound connection requests.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, move the slider so that Tight displays as the current level.
  4. Click OK.

Note: In Tight mode, a program only requests the type of access it requires at that time, for example, outbound-only access, which you can allow or block. If the program later requires both an inbound and an outbound connection, you can allow full access for the program from the Program Permissions pane.

Set security level to Standard

You can set the security level to Standard to monitor inbound and outbound connections and alert you when new programs attempt Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, move the slider so that Standard displays as the current level.
  4. Click OK.

Set security level to Trusting

You can set Firewall's security level to Trusting to allow either full access or outbound-only network access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, move the slider so that Trusting displays as the current level.
  4. Do one of the following:
    • To allow full inbound and outbound network access, select Allow Full Access.
    • To allow outbound-only network access, select Allow Outbound-Only Access.
  5. Click OK.

Note: The Allow Outbound-Only Access is the default option.

Set security level to Open

You can set Firewall's security level to Open to allow all inbound and outbound network connections.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, move the slider so that Open displays as the current level.
  4. Click OK.

Configuring Smart Recommendations for alerts

You can configure Firewall to include, exclude, or display recommendations in alerts when any programs attempt Internet access. Enabling Smart Recommendations helps you decide how to handle alerts.

When Smart Recommendations is enabled (and the security level is set to Trusting with outbound-only access enabled), Firewall automatically allows or blocks known programs, and displays in the alert a recommendation when it detects potentially dangerous programs.

When Smart Recommendations is disabled, Firewall neither allows or blocks Internet access, nor recommends an action plan in the alert.

When Smart Recommendations is set to Display Only, an alert prompts you to allow or block access, but recommends an action plan in the alert.

In this section

Enable Smart Recommendations

You can enable Smart Recommendations for Firewall to automatically allow or block programs, and alert you about unrecognized and potentially dangerous programs.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, under Smart Recommendations, select Enable Smart Recommendations.
  4. Click OK.

Disable Smart Recommendations

You can disable Smart Recommendations for Firewall to allow or block programs, and alert you about unrecognized and potentially dangerous programs. However, the alerts exclude any recommendations about handling access for programs. If Firewall detects a new program that is suspicious or is known to be a possible threat, it automatically blocks the program from accessing the Internet.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, under Smart Recommendations, select Disable Smart Recommendations.
  4. Click OK.

Display Smart Recommendations only

You can display Smart Recommendations for the alerts to provide action plan recommendations only so that you decide whether to allow or block unrecognized and potentially dangerous programs.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, under Smart Recommendations, select Display Only.
  4. Click OK.

Optimizing Firewall security

There are many ways the security of your computer can be compromised. For example, some programs can attempt to connect to the Internet before Windows® starts. In addition, sophisticated computer users can trace (or ping) your computer to determine whether it is connected to a network. Firewall allows you to defend against both types of intrusion by allowing you to enable startup protection and to block ping requests. The first setting blocks programs from accessing the Internet as Windows starts up and the second blocks ping requests that help other users detect your computer on a network.

Standard installation settings include automatic detection for the most common intrusion attempts, such as Denial of Service attacks or exploits. Using the standard installation settings ensures that you are protected against these attacks and scans; however, you can disable automatic detection for one or more attacks or scans on the Intrusion Detection pane.

In this section

Protect your computer during startup

You can protect your computer as Windows starts up to block new programs that did not have, and now need, Internet access during startup. Firewall displays relevant alerts for programs that had requested Internet access, which you can allow or block. To use this option, your security level must not be set to Open or Lockdown.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, under Security Settings, select Enable startup protection.
  4. Click OK.

Note: Blocked connections and intrusions are not logged while startup protection is enabled.

Configure ping request settings

You can allow or prevent detection of your computer on the network by other computer users.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Security Level pane, under Security Settings, do one of the following:
    • Select Allow ICMP ping requests to allow detection of your computer on the network using ping requests.
    • Clear Allow ICMP ping requests to prevent detection of your computer on the network using ping requests.
  4. Click OK.

Configure intrusion detection

You can detect intrusion attempts to protect your computer from attacks and unauthorized scans. The standard Firewall setting includes automatic detection for the most common intrusion attempts, such as Denial of Service attacks or exploits; however, you can disable automatic detection for one or more attacks or scans.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Intrusion Detection.
  4. Under Detect Intrusion Attempts, do one of the following:
    • Select a name to automatically detect the attack or scan.
    • Clear a name to disable automatic detection of the attack or scan.
  5. Click OK.

Configure Firewall Protection Status settings

You can configure Firewall to ignore that specific problems on your computer are not reported to the SecurityCenter.

  1. On the McAfee SecurityCenter pane, under SecurityCenter Information, click Configure.
  2. On the SecurityCenter Configuration pane, under Protection Status, click Advanced.
  3. On the Ignored Problems pane, select one or more of the following options:
    • Firewall protection is disabled.
    • Firewall is set to Open security level.
    • Firewall service is not running.
    • Firewall Protection is not installed on your computer.
    • Your Windows Firewall is disabled.
    • Outbound firewall is not installed on your computer.
  4. Click OK.

Locking and restoring Firewall

Lockdown instantly blocks all inbound and outbound network traffic to help you isolate and troubleshoot a problem on your computer.

In this section

Lock Firewall instantly

You can lock Firewall to instantly block all network traffic between your computer and the Internet.

  1. On the McAfee SecurityCenter pane, under Common Tasks, click Lockdown Firewall.
  2. On the Lockdown Firewall pane, click Lockdown.
  3. Click Yes to confirm.

Tip: You can also lock Firewall by right-clicking the SecurityCenter icon in the notification area at the far right of your taskbar, then click Quick Links, and then click Lockdown Firewall.

Unlock Firewall instantly

You can unlock Firewall to instantly allow all network traffic between your computer and the Internet.

  1. On the McAfee SecurityCenter pane, under Common Tasks, click Lockdown Firewall.
  2. On the Lockdown Enabled pane, click Unlock.
  3. Click Yes to confirm.

Restore Firewall settings

You can quickly restore Firewall to its original protection settings. This restore resets your security level to Trusting and allows outbound-only network access, enables Smart Recommendations, restores the list of default programs and their permissions in the Program Permissions pane, removes trusted and banned IP addresses, and restores system services, event log settings, and intrusion detection.

  1. On the McAfee SecurityCenter pane, click Restore Firewall Defaults.
  2. On the Restore Firewall Protection Defaults pane, click Restore Defaults.
  3. Click Yes to confirm.

Tip: You can also restore Firewall's default settings by right-clicking the SecurityCenter icon in the notification area at the far right of your taskbar, then click Quick Links, and then click Restore Firewall Defaults.

Managing programs and permissions

Firewall allows you to manage and create access permissions for existing and new programs that require inbound and outbound Internet access. Firewall lets you control full or outbound-only access for programs. You can also block access for programs.

In this chapter

Allowing Internet access for programs

Some programs, like Internet browsers, need to access the Internet to function properly.

Firewall allows you use the Program Permissions page to:

  • Allow access for programs
  • Allow outbound-only access for programs
  • Block access for programs

You can also allow a program to have full and outbound-only Internet access from the Outbound Events and Recent Events log.

In this section

Allow full access for a program

You can allow an existing blocked program on your computer to have full inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, select a program with Blocked or Outbound-Only Access.
  5. Under Action, click Allow Access.
  6. Click OK.

Allow full access for a new program

You can allow a new program on your computer to have full inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, click Add Allowed Program.
  5. In the Add Program dialog box, browse for and select the program that you want to add, then click Open.

Note: You can change the permissions of a newly added program as you would an existing program by selecting the program, and then clicking Allow Outbound-Only Access or Block Access under Action.

Allow full access from the Recent Events log

You can allow an existing blocked program that appears in the Recent Events log to have full inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, select the event description, and then click Allow Access.
  4. In the Program Permissions dialog, click Yes to confirm.

Related topics

Allow full access from the Outbound Events log

You can allow an existing blocked program that appears in the Outbound Events log to have full inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, click View Log.
  4. Click Internet & Network, and then click Outbound Events.
  5. Select a program, and under I want to, click Allow Access.
  6. In the Program Permissions dialog, click Yes to confirm.

Allowing outbound-only access for programs

Some programs on your computer require outbound Internet access. Firewall lets you configure program permissions to allow outbound-only Internet access.

In this section

Allow outbound-only access for a program

You can allow a program to have outbound-only Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, select a program with Blocked or Full Access.
  5. Under Action, click Allow Outbound-Only Access.
  6. Click OK.

Allow outbound-only access from the Recent Events log

You can allow an existing blocked program that appears in the Recent Events log to have outbound-only Internet access.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, select the event description, and then click Allow Outbound-Only Access.
  4. In the Program Permissions dialog, click Yes to confirm.

Allow outbound-only access from the Outbound Events log

You can allow an existing blocked program that appears in the Outbound Events log to have outbound-only Internet access.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, click View Log.
  4. Click Internet & Network, and then click Outbound Events.
  5. Select a program, and under I want to, click Allow Outbound-Only Access.
  6. In the Program Permissions dialog, click Yes to confirm.

Blocking Internet access for programs

Firewall allows you to block programs from accessing the Internet. Ensure that blocking a program will not interrupt with your network connection or another program that requires access to the Internet to function properly.

In this section

Block access for a program

You can block a program from having inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, select a program with Full Access or Outbound-Only Access.
  5. Under Action, click Block Access.
  6. Click OK.

Block access for a new program

You can block a new program from having inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, click Add Blocked Program.
  5. On the Add Program dialog, browse for an select the program that you want to add, and then click Open.

Note: You can change the permissions of a newly added program by selecting the program and then clicking Allow Outbound-Only Access or Allow Access under Action.

Block access from the Recent Events log

You can block a program that appears in the Recent Events log from having inbound and outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, select the event description, and then click Block Access.
  4. In the Program Permissions dialog, click Yes to confirm.

Removing access permissions for programs

Before removing a program permission, ensure that its absence does not affect your computer's functionality or your network connection.

In this section

Remove a program permission

You can remove a program from having any inbound or outbound Internet access.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, select a program.
  5. Under Action, click Remove Program Permission.
  6. Click OK.

Note: Firewall prevents you from modifying some programs by dimming and disabling certain actions.

Learning about programs

If you are unsure which program permission to apply, you can get information about the program on McAfee's HackerWatch Web site.

In this section

Get program information

You can get program information from McAfee's HackerWatch Web site to decide whether to allow or block inbound and outbound Internet access.

Note: Ensure that you are connected to the Internet so that your browser launches McAfee's HackerWatch Web site, which provides up-to-date information about programs, Internet access requirements, and security threats.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Program Permissions.
  4. Under Program Permissions, select a program.
  5. Under Action, click Learn More.

Get program information from the Outbound Events log

From the Outbound Events log, you can get program information from McAfee's HackerWatch Web site to decide which programs to allow or block inbound and outbound Internet access.

Note: Ensure that you are connected to the Internet so that your browser launches McAfee's HackerWatch Web site, which provides up-to-date information about programs, Internet access requirements, and security threats.

  1. On the McAfee SecurityCenter pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, select an event, and then click View Log.
  4. Click Internet & Network, and then click Outbound Events.
  5. Select an IP address, and then click Learn more.

Managing system services

To work properly, certain programs (including Web servers and file-sharing server programs) must accept unsolicited connections from other computers through designated system service ports. Typically, Firewall closes these system service ports because they represent the most likely source of insecurities in your system. To accept connections from remote computers, however, the system service ports must be open.

In this chapter

Configuring system service ports

System service ports can be configured to allow or block remote network access to a service on your computer.

The list below shows the common system services and their associated ports:

  • File Transfer Protocol (FTP) Ports 20-21
  • Mail Server (IMAP) Port 143
  • Mail Server (POP3) Port 110
  • Mail Server (SMTP) Port 25
  • Microsoft Directory Server (MSFT DS) Port 445
  • Microsoft SQL Server (MSFT SQL) Port 1433
  • Network Time Protocol Port 123
  • Remote Desktop / Remote Assistance / Terminal Server (RDP) Port 3389
  • Remote Procedure Calls (RPC) Port 135
  • Secure Web Server (HTTPS) Port 443
  • Universal Plug and Play (UPNP) Port 5000
  • Web Server (HTTP) Port 80
  • Windows File Sharing (NETBIOS) Ports 137-139

System service ports can also be configured to allow a computer to share its Internet connection with other computers connected to it through the same network. This connection, known as Internet Connection Sharing (ICS), allows the computer that is sharing the connection to act as a gateway to the Internet for the other networked computer.

Note: If your computer has an application that accepts either Web or FTP server connections, the computer sharing the connection may need to open the associated system service port and allow forwarding of incoming connections for those ports.

In this section

Allow access to an existing system service port

You can open an existing port to allow remote access to a network service on your computer.

Note: An open system service port can make your computer vulnerable to Internet security threats; therefore, only open a port if necessary.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click System Services.
  4. Under Open System Service Port, select a system service to open its port.
  5. Click OK.

Block access to an existing system service port

You can close an existing port to block remote network access to a service on your computer.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click System Services.
  4. Under Open System Service Port, clear a system service to close its port.
  5. Click OK.

Configure a new system service port

You can configure a new network service port on your computer that you can open or close to allow or block remote access on your computer.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click System Services.
  4. Click Add.
  5. In the System Services pane, under Ports and System Services, enter the following:
    • Program name
    • Inbound TCP/IP ports
    • Outbound TCP/IP ports
    • Inbound UDP ports
    • Outbound UDP ports
  6. If you want to send this port's activity information to another networked Windows computer that shares your Internet connection, select Forward network activity on this port to network users who use Internet Connection Sharing.
  7. Optionally describe the new configuration.
  8. Click OK.

Note: If your computer has an application that accepts either Web or FTP server connections, the computer sharing the connection may need to open the associated system service port and allow forwarding of incoming connections for those ports. If you are using Internet Connection Sharing (ICS), you also need to add a trusted computer connection on the Trusted IP Addresses list. For more information, see Add a trusted computer connection.

Modify a system service port

You can modify inbound and outbound network access information about an existing system service port.

Note: If port information is entered incorrectly, the system service fails.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click System Services.
  4. Select a system service, and then click Edit.
  5. In the System Services pane, under Ports and System Services, enter the following:
    • Program name
    • Inbound TCP/IP ports
    • Outbound TCP/IP ports
    • Inbound UDP ports
    • Outbound UDP ports
  6. If you want to send this port's activity information to another networked Windows computer that shares your Internet connection, select Forward network activity on this port to network users who use Internet Connection Sharing.
  7. Optionally describe the modified configuration.
  8. Click OK.

Remove a system service port

You can remove an existing system service port from your computer. After removal, remote computers can no longer access the network service on your computer.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click System Services.
  4. Select a system service, and then click Remove.
  5. At the prompt, click Yes to confirm.

Managing computer connections

You can configure Firewall to manage specific remote connections to your computer by creating rules, based on Internet Protocol addresses (IPs), that are associated with remote computers. Computers that are associated with trusted IP addresses can be trusted to connect to your computer and those IPs that are unknown, suspicious, or distrusted, can be banned from connecting to your computer.

When allowing a connection, ensure that the computer that you trust is safe. If a computer that you trust is infected through a worm or other mechanism, your computer can be vulnerable to infection. In addition, McAfee recommends that the computer(s) you trust are protected by a firewall and an up-to-date antivirus program also. Firewall does not log traffic or generate event alerts from IP addresses in the Trusted IP Addresses list.

Computers that are associated with unknown, suspicious, or distrusted IP addresses can be banned from connecting to your computer.

Since Firewall blocks all unwanted traffic, it is normally not necessary to ban an IP address. You should ban an IP address only when you are certain an Internet connection poses a specific threat. Ensure that you do not block important IP addresses, such as your DNS or DHCP server, or other ISP-related servers. Depending on your security settings, Firewall can alert you when it detects an event from a banned computer.

In this chapter

Trusting computer connections

You can add, edit, and remove trusted IP addresses on the Trusted and Banned IPs pane, under Trusted IP Addresses.

The Trusted IP Addresses list on the Trusted and Banned IPs pane allows all traffic from a specific computer to reach your computer. Firewall does not log traffic or generate event alerts from IP addresses that appear in the Trusted IP Addresses list.

Firewall trusts any checked IP addresses on the list, and always allows traffic from a trusted IP through the firewall on any port. Activity between the computer associated with a trusted IP address and your computer is not filtered or analyzed by Firewall. By default, Trusted IP Addresses lists the first private network that Firewall finds.

When allowing a connection, ensure that the computer that you trust is safe. If a computer that you trust is infected through a worm or other mechanism, your computer can be vulnerable to infection. In addition, McAfee recommends that the computer(s) you trust are protected by a firewall and an up-to-date antivirus program also.

In this section

Add a trusted computer connection

You can add a trusted computer connection and its associated IP address.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Trusted and Banned IPs.
  4. On the Trusted and Banned IPs pane, select Trusted IP Addresses, and then click Add.
  5. Under Add Trusted IP Address Rule, do one of the following:
    • Select Single IP Address, and then enter the IP address.
    • Select IP Address Range, and then enter the starting and ending IP addresses in the From IP Address and To IP Address boxes.
  6. If a system service uses Internet Connection Sharing (ICS), you can add the following IP address range: 192.168.0.1 to 192.168.0.255.
  7. Optionally, select Rule expires in, and enter the number of days to enforce the rule.
  8. Optionally, type a description for the rule.
  9. Click OK.
  10. On the Trusted and Banned IPs dialog, click Yes to confirm.

Note: For more information about Internet Connection Sharing (ICS), see Configure a new system service.

Add a trusted computer from the Inbound Events log

You can add a trusted computer connection and its associated IP address from the Inbound Events log.

  1. On the McAfee SecurityCenter pane, on the Common Tasks pane, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, click View Log.
  4. Click Internet & Network, and then click Inbound Events.
  5. Select a source IP address, and under I want to, click Trust This Address.
  6. Click Yes to confirm.

Edit a trusted computer connection

You can edit a trusted computer connection and its associated IP address.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Trusted and Banned IPs.
  4. On the Trusted and Banned IPs pane, select Trusted IP Addresses.
  5. Select an IP address, and then click Edit.
  6. Under Edit Trusted IP Address, do one of the following:
    • Select Single IP Address, and then enter the IP address.
    • Select IP Address Range, and then enter the starting and ending IP addresses in the From IP Address and To IP Address boxes.
  7. Optionally, check Rule expires in, and enter the number of days to enforce the rule.
  8. Optionally, type a description for the rule.
  9. Click OK.

Note: You cannot edit the default(s) computer connection(s) that Firewall automatically added from a trusting private network.

Remove a trusted computer connection

You can remove a trusted computer connection and its associated IP address.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Trusted and Banned IPs.
  4. On the Trusted and Banned IPs pane, select Trusted IP Addresses.
  5. Select an IP address, and then click Remove.
  6. In the Trusted and Banned IPs dialog, click Yes to confirm.

Banning computer connections

You can add, edit, and remove banned IP addresses in the Trusted and Banned IPs pane, under Banned IP Addresses.

Computers that are associated with unknown, suspicious, or distrusted IP addresses can be banned from connecting to your computer.

Since Firewall blocks all unwanted traffic, it is normally not necessary to ban an IP address. You should ban an IP address only when you are certain an Internet connection poses a specific threat. Ensure that you do not block important IP addresses, such as your DNS or DHCP server, or other ISP-related servers. Depending on your security settings, Firewall can alert you when it detects an event from a banned computer.

In this section

Add a banned computer connection

You can add a banned computer connection and its associated IP address.

Note: Ensure that you do not block important IP addresses, such as your DNS or DHCP server, or other ISP-related servers.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Trusted and Banned IPs.
  4. On the Trusted and Banned IPs pane, select Banned IP Addresses, and then click Add.
  5. Under Add Banned IP Address Rule, do one of the following:
    • Select Single IP Address, and then enter the IP address.
    • Select IP Address Range, and then enter the starting and ending IP addresses in the From IP Address and To IP Address boxes.
  6. Optionally, select Rule expires in, and enter the number of days to enforce the rule.
  7. Optionally, type a description for the rule.
  8. Click OK.
  9. On the Trusted and Banned IPs dialog, click Yes to confirm.

Edit a banned computer connection

You can edit a banned computer connection and its associated IP address.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Trusted and Banned IPs.
  4. On the Trusted and Banned IPs pane, select Banned IP Addresses, and then click Edit.
  5. Under Edit Banned IP Address, do one of the following:
    • Select Single IP Address, and then enter the IP address.
    • Select IP Address Range, and then enter the starting and ending IP addresses in the From IP Address and To IP Address boxes.
  6. Optionally, select Rule expires in, and enter the number of days to enforce the rule.
  7. Optionally, type a description for the rule.
  8. Click OK.

Remove a banned computer connection

You can remove a banned computer connection and its associated IP address.

  1. On the McAfee SecurityCenter pane, click Internet & Network, then click Configure.
  2. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  3. On the Firewall pane, click Trusted and Banned IPs.
  4. On the Trusted and Banned IPs pane, select Banned IP Addresses.
  5. Select an IP address, and then click Remove.
  6. In the Trusted and Banned IPs dialog, click Yes to confirm.

Ban a computer from the Inbound Events log

You can ban a computer connection and its associated IP address from the Inbound Events log.

IP addresses which appear in the Inbound Events log are blocked. Therefore, banning an address adds no additional protection unless your computer either uses ports that are deliberately opened or includes a program that has been allowed access to the Internet.

Add an IP address to your Banned IP Addresses list only if you have one or more ports that are deliberately open and if you have reason to believe that you must block that address from accessing open ports.

You can use the Inbound Events page, which lists the IP addresses of all inbound Internet traffic, to ban an IP address that you suspect is the source of suspicious or undesirable Internet activity.

  1. On the McAfee SecurityCenter pane, under Common Tasks, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, click View Log.
  4. Click Internet & Network, and then click Inbound Events.
  5. Select a source IP address, and under I want to, click Ban This Address.
  6. On the Add Banned IP Address Rule dialog, click Yes to confirm.

Ban a computer from the Intrusion Detection Events log

You can ban a computer connection and its associated IP address from the Intrusion Detection Events log.

  1. On the McAfee SecurityCenter pane, under Common Tasks, click Advanced Menu.
  2. Click Reports & Logs.
  3. Under Recent Events, click View Log.
  4. Click Internet & Network, and then click Intrusion Detection Events.
  5. Select a source IP address, and under I want to, click Ban This Address.
  6. On the Add Banned IP Address Rule dialog, click Yes to confirm.

Logging, monitoring, and analysis

Firewall provides extensive and easy-to-read logging, monitoring, and analysis for Internet events and traffic. Understanding Internet traffic and events helps you manage your Internet connections.

In this chapter

Event Logging

Firewall allows you to enable or disable event logging and, when enabled, which event types to log. Event logging allows you to view recent inbound, outbound events and intrusion events.

In this section

Configure event log settings

You can specify and configure the types of Firewall events to log. By default, event logging is enabled for all events and activities.

  1. On the Internet & Network Configuration pane, under Firewall protection is enabled, click Advanced.
  2. On the Firewall pane, click Event Log Settings.
  3. If it is not already selected, select Enable Event Logging.
  4. Under Enable Event Logging, select or clear the event types that you want or do not want to log. Event types include the following:
    • Blocked Programs
    • ICMP Pings
    • Traffic from Banned IP Addresses
    • Events on System Service Ports
    • Events on Unknown Ports
    • Intrusion Detection (IDS) events
  5. To prevent logging on specific ports, select Do not log events on the following port(s), and then enter single port numbers separated by commas, or port ranges with dashes. For example, 137-139, 445, 400-5000.
  6. Click OK.

View recent events

If logging is enabled, you can view recent events. The Recent Events pane shows the date and description of the event. It displays activity for programs that have been explicitly blocked from accessing the Internet.

  • On the Advanced Menu, under the Common Tasks pane, click Reports & Logs or View Recent Events. Alternatively, click View Recent Events under the Common Tasks pane from the Basic Menu.

View inbound events

If logging is enabled, you can view inbound events. Inbound Events include the date and time, source IP address, host name, and information and event type.

  1. Ensure the Advanced menu is enabled. On the Common Tasks pane, click Reports & Logs.
  2. Under Recent Events, click View Log.
  3. Click Internet & Network, and then click Inbound Events.

Note: You can trust, ban, and trace an IP address from the Inbound Event log.

View outbound events

If logging is enabled, you can view outbound events. Outbound Events include the name of the program attempting outbound access, the date and time of the event, and the location of the program on your computer.

  1. On the Common Tasks pane, click Reports & Logs.
  2. Under Recent Events, click View Log.
  3. Click Internet & Network, and then click Outbound Events.

Note: You can allow full and outbound-only access for a program from the Outbound Events log. You can also locate additional information about the program.

View intrusion detection events

If logging is enabled, you can view inbound intrusion events. Intrusion Detection events display the date and time, the source IP, the host name of the event, and the type of event.

  1. On the Common Tasks pane, click Reports & Logs.
  2. Under Recent Events, click View Log.
  3. Click Internet & Network, and then click Intrusion Detection Events.

Note: You can ban and trace an IP address from the Intrusion Detection Events log.

Working with Statistics

Firewall leverages McAfee's HackerWatch security Web site to provide you with statistics about global Internet security events and port activity.

In this section

View global security event statistics

HackerWatch tracks worldwide Internet security events, which you can view from SecurityCenter. Information tracked lists incidents reported to HackerWatch in the last 24 hours, 7 days, and 30 days.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click HackerWatch.
  3. Under Event Tracking, view security event statistics.

View global Internet port activity

HackerWatch tracks worldwide Internet security events, which you can view from SecurityCenter. Information displayed includes the top event ports reported to HackerWatch during the past seven days. Typically, HTTP, TCP, and UDP port information is displayed.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click HackerWatch.
  3. View the top event port events under Recent Port Activity.

Tracing Internet traffic

Firewall offers a number of options for tracing Internet traffic. These options let you geographically trace a network computer, obtain domain and network information, and trace computers from the Inbound Events and Intrusion Detection Events logs.

In this section

Geographically trace a network computer

You can use Visual Tracer to geographically locate a computer that is connecting or attempting to connect to your computer, using its name or IP address. You can also access network and registration information using Visual Tracer. Running Visual Tracer displays a world map which displays the most probable route of data taken from the source computer to yours.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click Visual Tracer.
  3. Type the computer's IP address, and click Trace.
  4. Under Visual Tracer, select Map View.

Note: You cannot trace looped, private, or invalid IP address events.

Obtain computer registration information

You can obtain a computer's registration information from SecurityCenter using Visual Trace. Information includes the domain name, the registrant's name and address, and the administrative contact.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click Visual Tracer.
  3. Type the computer's IP address, and then click Trace.
  4. Under Visual Tracer, select Registrant View.

Obtain computer network information

You can obtain a computer's network information from SecurityCenter using Visual Trace. Network information includes details about the network on which the domain resides.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click Visual Tracer.
  3. Type the computer's IP address, and then click Trace.
  4. Under Visual Tracer, select Network View.

Trace a computer from the Inbound Events log

From the Inbound Events pane, you can trace an IP address that appears in the Inbound Events log.

  1. Ensure the Advanced menu is enabled. On the Common Tasks pane, click Reports & Logs.
  2. Under Recent Events, click View Log.
  3. Click Internet & Network, and then click Inbound Events.
  4. On the Inbound Events pane, select a source IP address, and then click Trace this address.
  5. On the Visual Tracer pane, click one of the following:
    • Map View: Geographically locate a computer using the selected IP address.
    • Registrant View: Locate domain information using the selected IP address.
    • Network View: Locate network information using the selected IP address.
  6. Click Done.

Trace a computer from the Intrusion Detection Events log

From the Intrusion Detection Events pane, you can trace an IP address that appears in the Intrusion Detection Events log.

  1. On the Common Tasks pane, click Reports & Logs.
  2. Under Recent Events, click View Log.
  3. Click Internet & Network, and then click Intrusion Detection Events. On the Intrusion Detection Events pane, select a source IP address, and then click Trace this address.
  4. On the Visual Tracer pane, click one of the following:
    • Map View: Geographically locate a computer using the selected IP address.
    • Registrant View: Locate domain information using the selected IP address.
    • Network View: Locate network information using the selected IP address.
  5. Click Done.

Trace a monitored IP address

You can trace a monitored IP address to obtain a geographical view which shows the most probable route of data taken from the source computer to yours. In addition, you can obtain registration and network information about the IP address.

  1. Ensure that the Advanced Menu is enabled and click Tools.
  2. On the Tools pane, click Traffic Monitor.
  3. Under Traffic Monitor, click Active Programs.
  4. Select a program and then the IP address that appears below the program name.
  5. Under Program Activity, click Trace This IP.
  6. Under Visual Tracer, you can view a map which shows the most probable route of data taken from the source computer to yours. In addition, you can obtain registration and network information about the IP address.

Note: To view the most up-to-date statistics, click Refresh under Visual Tracer.

Monitoring Internet traffic

Firewall provides a number of methods to monitor your Internet traffic, including the following:

  • Traffic Analysis graph: Displays recent inbound and outbound Internet traffic.
  • Traffic Usage graph: Displays the percentage of bandwidth used by the most active programs during the past 24 hour period.
  • Active Programs: Displays those programs that currently use the most network connections on your computer and the IP addresses the programs access.

In this section

About the Traffic Analysis graph

The Traffic Analysis graph is a numerical and graphical representation of inbound and outbound Internet traffic. In addition, the Traffic Monitor displays programs using the greatest number of network connections on your computer and the IP addresses that the programs access.

From the Traffic Analysis pane, you can view recent inbound and outbound Internet traffic, current, average, and maximum transfer rates. You can also view traffic volume, including the amount of traffic since you started Firewall, and the total traffic for the current and previous months.

The Traffic Analysis pane displays real-time Internet activity on your computer, including the volume and rate of recent inbound and outbound Internet traffic on your computer, connection speed, and total bytes transferred across the Internet.

The solid green line represents the current rate of transfer for incoming traffic. The dotted green line represents the average rate of transfer for incoming traffic. If the current rate of transfer and the average rate of transfer are the same, the dotted line does not appear on the graph. The solid line represents both the average and current rates of transfer.

The solid red line represents the current rate of transfer for outgoing traffic. The red dotted line represents the average rate of transfer for outgoing traffic. If the current rate of transfer and the average rate of transfer are the same, the dotted line does not appear on the graph. The solid line represents both the average and current rates of transfer.

Analyze inbound and outbound traffic

The Traffic Analysis graph is a numerical and graphical representation of inbound and outbound Internet traffic. In addition, the Traffic Monitor displays programs using the greatest number of network connections on your computer and the IP addresses that the programs access.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click Traffic Monitor.
  3. Under Traffic Monitor, click Traffic Analysis.

Tip: To view the most up-to-date statistics, click Refresh under Traffic Analysis.

Monitor program bandwidth

You can view the pie chart, which displays the approximate percentage of bandwidth used by the most active programs on your computer during the past twenty-four hour period. The pie chart provides visual representation of the relative amounts of bandwidth used by the programs.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click Traffic Monitor.
  3. Under Traffic Monitor, click Traffic Usage.

Tip: To view the most up-to-date statistics, click Refresh under Traffic Usage.

Monitor program activity

You can view inbound and outbound program activity, which displays remote computer connections and ports.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click Traffic Monitor.
  3. Under Traffic Monitor, click Active Programs.
  4. You can view the following information:
    • Program Activity graph: Select a program to display a graph of its activity.
    • Listening connection: Select a Listening item under the program name.
    • Computer connection: Select an IP address under the program name, system process, or service.

Note: To view the most up-to-date statistics, click Refresh under Active Programs.

Learning about Internet security

Firewall leverages McAfee's security Web site, HackerWatch, to provide up-to-date information about programs and global Internet activity. HackerWatch also provides an HTML tutorial about Firewall.

In this chapter

Launch the HackerWatch tutorial

To learn about Firewall, you can access the HackerWatch tutorial from SecurityCenter.

  1. Ensure that the Advanced Menu is enabled, and then click Tools.
  2. On the Tools pane, click HackerWatch.
  3. Under HackerWatch Resources, click View Tutorial.

No comments: