Table of Contents
- Welcome to NetBarrier X8
- Protecting Your Mac From Network Attacks
- Using the NetBarrier X8 Overview Screen
- Firewall Protection
- Choosing a Profile
- Creating Firewall Exceptions
- Adding Port Exceptions by Process
- Adding Exceptions for Local Devices
- Application Protection
- NetBarrier Monitoring Tools
Welcome to NetBarrier X8
- Access to rules that define which programs can send and receive information to and from your Mac
- Decide which programs can connect to a network, and which data they're forbidden from sending
- Defines the network communications that your Mac will allow
- Active application list identifies applications using bandwidth as well as incoming vs. outgoing bandwidth for each application
- Automatic profile switching detects when the network connection changes and makes it easy to select a new profile
- Easily blocks/allows connections for specific local devices
- Easily configures primary network channels to/from the Internet and to/from the local network
- Full-time application activity monitoring for anti-spyware measures
- Helps identify rogue applications accessing the Internet to act as zombies, expose your confidential information, or act as backdoors into your computer
- Automatic application activity notification whenever an application is trying to do something on the network (take simple actions to allow or deny the application to run or to interact with specific domains or local devices)
When you first run NetBarrier, you will notice that it asks you what type of network you are connected to. This allows NetBarrier to automatically configure itself so that it provides the right level of protection.
The three choices are “Home”, “Work” and “Public Hotspot”. When you choose one of these options, the protection level configured for your Mac will change accordingly. As you would probably expect, “Home” is going to allow more operations than “Public Hotspot”. For example, there’s a good chance that at home you will want to allow other computers to connect to your Mac for file sharing, music streaming, and other services; while at the coffee shop there’s a good likelihood that you do not want this to happen.
Protecting Your Mac from Network Attacks
NetBarrier provides an extremely powerful set of features in a simple user interface. The main interface is presented in two sections which can be accessed from the top left corner of the window. These two sections are Firewall and Applications. The Firewall tab defines the network communications that your Mac will allow. The Applications tab lets you decide which programs can connect to a network, and which data they're forbidden from sending.
The Basic Help overlay points out the main features of NetBarrier. You can access this Basic Help menu at any time by clicking the 'i' icon in the top right corner of the Firewall or Applications windows.
NetBarrier X8 includes a personal firewall, a powerful feature that filters all data packets entering or leaving your Mac through the Internet or a local TCP/IP network.
When you click the Firewall button, NetBarrier presents a simple interface for controlling Firewall settings. This is the screen that you will see first each time you open the application. There are three preset firewall settings that cover all the situations that you will encounter in normal use, each accompanied by an animation that graphically shows the effect of applying the profile. The monitor in the middle of the display represents your Mac; the globe at the top represents the Internet; the router at the bottom represents the limits of your local network. (see image above for reference) Here the profile, "Home", shows how your computer can receive information from beyond the local network, but that computers beyond your local network cannot access your Mac. (Indicated by the red bar at the top of the image.)
The three standard profiles are:
Home: A highly trusted network.
- New incoming internet connections are blocked. NetBarrier's firewall allows your Mac to function as a client and local network server.
- Your Mac can access the Internet as a client computer, and as both a client and a server on a local network.
Work: A trusted network with many people and devices connected.
- New incoming internet connections are blocked. NetBarrier's firewall allows your Mac to function as a client and local network server.
- The server and file-sharing functions of your Mac are only allowed after you have approved connections.
Public Hotspot: Any network where you are sharing a connection with people you do not know.
- New incoming internet connections and incoming local connections are blocked. NetBarrier's firewall allows your Mac to function only as a client on a local network or the Internet.
- The server and file-sharing functions of your Mac are blocked.
When you first connect to a network you’ll choose what type of profile to use. When you re-connect to the same network, it will automatically begin using the same profile you specified the last time you connected to the network. You can change the network type at any time by clicking the Current Profile drop down menu in the upper left corner and selecting a different profile option.
Joining New Networks
The next time that you change the network you are connected to, for example if you drive to the local coffee shop and join the public hotspot, NetBarrier will pop up and ask you what kind of network this is. This will only happen once for each network. Once you select a network type for a specific network, you won’t be asked again. When NetBarrier sees that you have re-connected to a network, it will automatically use the profile selected when you were last connected to the same network.
The firewall allows you to control the network “channels” between your Mac and the outside world. There are four basic channels; Incoming Internet, Outgoing Internet, Incoming Local, and Outgoing Local.
WARNING: Changing these settings could dramatically affect your computer's ability to access local networks and the Internet. You should only use Exceptions if you fully understand their effects and how it functions.
The default values configured when you select a profile should be sufficient for most users. However, you may choose to override these values. Click the Exceptions button next to the channel you wish to modify. You can see examples below for allowing incoming connections or blocking outgoing connections.
This window contains three columns for adding an exception. They are:
- Address: A specific IP address.
- Protocol: TCP or UDP can be chosen. TCP is for services that require that a connection be open and maintained between two computers, such as HTTP, FTP, Telnet, SSH, POP3, AppleShare, etc. This covers all TCP connections. A UDP session is a series of communications without a "memory" of who initiated it.
- Port(s): Lets you specify a single port by typing its number.
You can also add exceptions for a particular application process. Click the disclosure triangle button on the right side of the window to see a list of processes to add an exception for. Click the icon on the right side of the window for the port number you want to add to the exception list.
For local connection exceptions, you will see other devices that have “been seen” on the network; or to which your Mac has communicated. You can choose to block or allow individual devices using this menu.
For example, if you have chosen the Public Hotspot profile, all incoming local connection attempts to your Mac will be blocked. However, let’s say you’re with a friend and you want to share a file with them from your computer. Click the Exceptions button next to Outgoing Local Connections and select the device that you wish to allow connections with. You may allow other devices through the firewall as well, such as Apple TV's, printers, routers, etc...
Exceptions are specific to the profile you have chosen to modify. This allows you to create different rules for Home, Work, and Public Hotspot.
NetBarrier X8 lets you control access from your Mac to the Internet and local networks by individual applications. While your firewall settings may allow general network access, the Applications tab lets you choose how NetBarrier X8 reacts when specific applications try to access the network. This helps you in two ways:
- You can prevent users from accessing the network with specific applications.
- If an application attempts to connect to the network behind your back, NetBarrier stops it in its tracks, alerts you, and waits for you to decide whether to allow it to do so or to block it.
Your Mac has many applications that access the Internet or other networks, including web browsers, e-mail programs, FTP (file transfer) programs and instant messaging applications. But there may also be programs that connect to the network without telling you, in order to verify the serial numbers of software installed on your computer, collect and send personal information without your awareness, or open a backdoor on your Mac to provide access to hackers or vandals. NetBarrier notifies you of such attempts and allows you to decide whether to allow them.
The Application List shows the applications that are currently using (receiving or sending data) or have recently used the network. The list is sorted based on which application was most recently active. When an application stops generating network activity it will slowly fall down the list and eventually, after it has been inactive for a few minutes, fall off the list entirely. There are many processes using the network that you have possibly never heard of, such as “mDNSResponder.” That’s okay, many of these are simply system processes that might have obscure names. You can use the Application Monitor tool to gather additional information about an application or process.
When an application is using the network, one or more arrows will be shown in the left or right columns adjacent to the application name. Orange arrows in the left column indicate the application receiving Incoming Data. Blue arrows in the right column indicate Outgoing Data leaving the application. The number of arrows drawn indicates how busy the application is relative to other applications using the network.
The other type of application you probably have on your Mac using the network is an application that is Listening for connection requests from other computers or devices on the local network. These are represented with 'four dots and an ear' shown to the right of the application.
- Incoming Data:
- Outgoing Data:
NetBarrier X8 allows advanced users to delve deeper into the configuration options for each application accessing the network and make more detailed changes about how these applications connect to the network and Internet.
To start making changes, select the profile being edited along the top of the window. You may edit any of the three default profiles; Home, Work or Public Hotspot. Now, click the Edit button at the bottom of the window (as shown below). Additional controls will now be visible from the Application Rules list allowing you the ability to make highly granular changes to the configuration. Any changes you make will apply only to the profile tab selected: Home, Work, or Public Hotspot. This allows you to tailor each protection level to your specific needs.
In Edit mode you can configure an application as “Allow Connections”, “Block Connections”, or “Ask”. "Allow Connections" will approve connections, and "Block Connections" will prevent them. When an application is configured as “Ask”, the first time the application attempts to use the network after you log-in, you will be asked whether you wish to allow that process to run or not.
For even finer control, the list shows “who” the application has been talking to and you may choose to block the application from communicating with specific Internet or Local domains/ addresses instead of blocking its ability to communicate altogether. Any entry that can be expanded will have a gray disclosure triangle next to it. Move the cursor over a row and click the icon to the left of the row to modify the device state. Blocked items are shown in black. Allowed items are shown in light grey. Click the or button to Allow or Block a connection.
When you are finished editing Application Rules, click the “Done” button at the bottom of the window. (The “Edit” button will change to “Done” while you are making changes.)
Whether the NetBarrier application is running or not, it is constantly watching for applications attempting to use the network. When an application first attempts to use the network you will see a popup window that tells you the application is trying to make a network connection.
Using the popup window, you can elect to allow an application or block it. Select “Yes” or “No” to configure the application. You might see a name here that you don't recognize. By default NetBarrier does not show a popup for system processes. This should help with some of the most confusing application names, however, some items may still be difficult to identify. If you’re uncertain about what to do, you can click the “I’m Not Sure” button.
NetBarrier will attempt to collect some additional information about the application (such as the publisher for example) to assist you in making a decision about what to do with the application. If you are still unsure, you can choose the "Block for 1 Minute" button. This will temporarily block the application so you can see the results of performing this action. After one minute, you will have the option to Allow or Block the application again. The Back button will return you to the previous screen. You can also use the NetBarrier Application Monitor to gather additional information about an application or process.
The Advanced button provides specific information about the connection attempt being made by the application. This additional information may make it easier to determine how you want NetBarrier to handle the connection. The Advanced window provides the following options:
- Allow for all domains
- Block for all domains
- Allow this domain
- Block this domain
This allows you to easily decide if you want to allow/block an application from making any connections at all, or if you want to only block a connection to a particular domain. You can also choose whether to make this permanent or temporary, by clicking either the Always or Once button.
Click the 'Always use advanced view' box if you prefer to always see this window rather than the Basic view.
NetBarrier Monitoring Tools
The Application Monitor shows the applications on your Mac that are actively using the network. This helps you understand, at a glance, which applications are using your network bandwidth. It is separate from the rest of the NetBarrier X8 application and is designed to always be available on your Desktop. Optionally, you can elect to have it always be shown on top of other windows. (Available from Preferences > General) The Application Monitor shows the same information that is displayed in the Application List section of the main NetBarrier X8 application.
To turn off the Monitor click the 'X' in the upper left corner. If you wish to turn the Monitor back on at any time, run NetBarrier, select “Window” from the main menu, and choose “Application Monitor.” You can also click the 'arrow' button in the top right corner of this window to launch the main NetBarrier X8 interface.
Double-click the name of any application or process displayed inside this window and it will open a new Finder window that shows the exact file location path for where the process is installed on your Mac. (Note: If you cannot see the entire name for a certain process, hover over the name with your arrow cursor to display the full-length process name)
The NetBarrier Logs window provides generic information about your current profile settings. It can be used to confirm that NetBarrier is active and protecting your Mac, and which profile was in use at a specific time.
You can access the Logs by clicking the word 'Window' in the top menu bar or by pressing Command-Option-L on your keyboard.
To clear the log, and erase all information it contains, click the Clear... button in the lower-left corner. A dialog appears, asking you to confirm your request.
NetBarrier has numerous options to let you control how its various functions run. You set these options in the Preferences window, which you reach either by choosing NetBarrier > Preferences... or by pressing Command-Comma on your keyboard.
The Preferences window is divided into three panes: General, Advanced, and Feedback.
Protection: The On/Off switch in the Protection section of NetBarrier lets you enable or disable the application.
Profiles: The Default Profile will be used for networks that cannot be uniquely identified.
Automatically trust System applications: tells NetBarrier to automatically trust software signed by a valid Apple certificate.
Automatically trust signed software: tells NetBarrier to automatically trust software signed by a valid certificate authority.
Application Monitor: Keep monitor window on top of all other windows will always display the NetBarrier monitor window in front of any application you are using.
Security: If you check Require administrator to authenticate in order to make changes to settings, only those users who can enter an administrator's password can make any changes to NetBarrier's settings.
Intego software periodically collects information about how features in its products are used to help improve their quality and reliability. All information collected is fully anonymous and cannot be used to personally identify any particular user or their behavior.
There is no action required on your part for information to be collected. You will not need to fill out any surveys and will not be contacted by Intego regarding this information.
NetBarrier Knowledge Base and Support
If you still have questions about using your NetBarrier software and cannot find the answer in this User Manual, please check our NetBarrier Knowledge Base for answers to the most common questions by clicking the link below:
You can also contact our Support Team directly for assistance by completing a support ticket online here: