Damon touched on this earlier, but I wanted to make my own follow-up to his post. This is one of the coolest features of Kerio to me.
Sunbelt Kerio Personal Firewall supports Bleeding Edge Snort rules for blocking certain exploits, including the VML exploit that plagues Windows and Internet Explorer. (Beware, I added the latest rules for the VML exploit and I couldn’t get Google to open within Firefox…)
To add rules to Kerio, open the “bad-traffic.rlk” under the “C:\Program Files\Sunbelt Software\Personal Firewall\Config\IDSRules” directory, add the rules you want to enforce and restart the Kerio service.
net stop kpf4 && net start kpf4
Voila!
