Starting with Windows Vista Service Pack 1 and Windows Server 2008, the new Windows Filtering Platform (WFP) architecture is used to check network communication. Since the WFP technology uses special monitoring techniques, the Active mode section is not available.
Applications accessing the Internet can be checked in so-called “active mode” regardless of whether they are marked as Internet browsers or not (for more information, see Internet browsers).
This is how the active mode works: When a controlled application downloads data, it is first saved to a temporary file created by ESET NOD32 Antivirus. Data is not available for the given application at that time. Once downloading is complete, it is checked for malicious code. If no infiltration is found, data is sent to the original application. This process provides complete control of the communications made by a controlled application.
If passive mode is activated data is trickle-fed to the original application to avoid timeouts.