In the default Limited Filter mode (non-interactive mode), incoming packets from unknown sources (which had no outgoing connection in the first place), are selectively blocked (users are asked for permissions, with default action being blocked). Also, outgoing connections, are allowed (by default) - unless the program happens to be a suspicious program, detected by the proactive scanner.Any programs that connect to the Internet are MD5'ed and in the event that any changes to it's binaries are detected, a question is prompt to the user.However, every connection is logged within eScan databases as well. This approach has been taken, in view of the fact that most users do not really know whether to click on YES or NO for a question on firewall and want to do away with the queries (like the UAC of Vista). You can find the ports or the protocols that are whitelisted / blacklisted under the Expert Rule. While you can find the Applications, that are whitelisted / blacklisted under the Application Rule. To remove the cache, you need to do the following: a. Open the eScan Protection Center b. Click on "Firewall" c. Click on "Settings" d. Click on "Clear Alert Cache" Note :- When you switch between the "Limited Filter" and "Interactive Mode" the alert cache is cleared automatically.