Page tree
Skip to end of metadata
Go to start of metadata



If you no longer want to deal with the firewall, you should switch the setting to Automatic. Besides autopilot mode, which is the best option for many users, you also have a wide range of options for optimizing the G DATA firewall for your requirements.

In the firewall settings there are two basic areas that can be custom-configured.


Here you can specify whether the firewall should operate independently and in self-learning mode so the user is not consulted about deciding whether to block or allow queries from the Internet, or whether the user should be asked in case of doubt.

  • Autopilot mode: Here the firewall works fully autonomously and automatically keeps threats from the local PC. This setting offers practical all-around protection and is recommended in most cases.
  • Create rules manually: If you want to custom configure your firewall, you can set up your firewall protection how you want via manual rule creation.
  • Offer to use autopilot mode when launching a full screen application: During computer games (and other full-screen applications), it can be disruptive if the firewall interrupts the flow of the game with inquiry windows or simply interferes with the display. To ensure that you can enjoy uninterrupted gaming without security compromises, the autopilot is a useful setting because it suppresses the inquiries of the firewall. If you are not using the autopilot as a default setting, you can use this function to ensure that it is always activated if you are using a program running in full-screen mode.

User-defined security settings

As you use the computer for your normal daily tasks, the firewall learns which programs you do or do not use for Internet access and which programs represent a security risk. The advantage of using the default security levels is that you can still adapt the firewall to your individual requirements without too much administrative input or specialist knowledge of network security. You can set the security level by simply adjusting the slide control. The following security levels are available:

  • Maximum security: The firewall rules are generated using very strict guidelines. So you should be familiar with specialized network concepts (TCP, UDP, ports, etc.). The firewall detects the slightest inconsistencies and will issue frequent queries during the learning phase.
  • High security: The firewall rules are generated using very strict guidelines. So you should be familiar with specialized network concepts (TCP, UDP, ports, etc.). The firewall may issue frequent queries during the learning phase.
  • Standard security: The firewall rules are generated at the application level only. Wizards keep network-specific details away from you. You will be queried as little as possible during the learning phase.
  • Low security: The firewall rules are generated at the application level only. Wizards keep network-specific details away from you. You will only be rarely queried during the learning phase. This level of security still offers highly effective protection against any connection requests that may occur.
  • Firewall disabled: You can disable the firewall completely if required. This means that your computer is still connected to the Internet and any other networks, but the firewall is no longer protecting it against attacks or electronic espionage.

If you wish to create specific settings for your firewall, check User-defined security settings. Please note however that for these settings you'll need at least a basic understanding of network security.


Here you can specify whether, when and how the firewall should query users when programs request a connection to the Internet or network.

Define rule

If the firewall detects a connection being made to the network, an information box appears in which you specify how to proceed for this particular application. Specify here precisely how to proceed in terms of allowing or forbidding network access:

  • Per Application: This enables you to specify universal authorization or denial of network access by the currently selected application on any port and using any transfer protocol (e.g. TCP or UDP).
  • Per Protocol/Port/Application: The application requesting network access is only permitted to go online with the requested transfer protocol and on the specified port. If the same application requests an additional network connection on another port or using a different protocol, the query will appear again, allowing you to create another rule for it.
  • Application, if at least x inquiries are pending: There are applications (e.g. Microsoft Outlook) that send identical requests to multiple ports when requesting network access or that use different protocols simultaneously. Since, for example, this would cause several queries in the Protocol/Port/Application setting, you can specify here that applications should receive general permission or refusal for network use as soon as you have allowed or denied connection by the user.

Unknown server applications

Applications that are not yet managed using a rule in the firewall may be handled in a different manner. The time of the inquiry lies within a certain latitude. If the server application goes to "on receipt", this means that it is waiting for a connection request as if on standby. Otherwise the query is only generated when the actual connection request is made.

Check for unprotected networks

Of course, a firewall can only function properly if all the networks accessed by the computer it is protecting can also be detected and monitored by it. Therefore you should always have this check enabled for unprotected networks.

Repeat application queries

You can bundle recurring requests for connection of an application. This way, queries do not keep appearing during connection attempts for which you have not yet specified a rule, but rather only in e.g. 20-second intervals or some other period of time defined by you.

Reference checking

During reference checking the firewall calculates a checksum based on the file size and other criteria for applications for which it has already enabled network access. If the checksum for this program suddenly changes, it may be because the program has been modified by a malware program. In such cases, the firewall generates an alarm.

Perform reference checking for loaded modules: Here not just applications but also modules used by applications (e.g. DLLs) are monitored. Since these frequently change or new modules are downloaded, consistent checking for modified and unknown references for modules may result in a considerable administration effort. Every modified module would cause a security request to be sent in its trail to the firewall. Therefore module checking should only be used in this way for very high security requirements.


Further setting alternatives are available here.

Wizard default settings

Specify here whether, in general, you wish to create new rules using the Rule wizard or in advanced editing mode. For users who are not familiar with the subject of network security, we recommend using the rule wizard.

‎‎Check a program at startup

Here you can specify whether the firewall looks for unknown server applications on each program startup. These search functions should always be enabled unless you are working in an enclosed network.

Save connection log

 Here you can specify for how long the firewall connection data should be saved. You can retain the data for anywhere between an hour and 60 hours and view it in the Log area.

  • No labels