…not sure what ti think about that, here is (see screen shots) what happens when this firewall is on auto-decide mode >>> all connections allowed, meaning inbound as well. I can get it for Skype, but for the others…adding that it’s not the case right now, but I’m seen the same happen with Firefox and Thunderbird.
Will delete most rules now and switch back to ask mode 
edit: no screen shot but same for Secunia, Miranda, Windows Desktop Gadgets, Opera.
are you saying there is full connection in/out when in automode ?
any difference from what network home/work/puplic ?
yes
these results are in work mode… didn’t test on other modes.
I got a question…
Where did get the avast! fw the rules in the automode, which programm is good or which is bad?
Is there anywhere a white list?
I know that the G Data Firewall a whitelist has, and a programm which is unknown, the firewall asked what to do.
But since i use the avast! Firewall in the automode… the firewall asked me nothing.
Hexo, this is in the help file.
“Block” means that such connections will never be allowed.
“Auto-decide” means the connection will normally be allowed, however any suspicious connections will be automatically blocked. This will be based partly on a large white-list database of safe applications maintained by avast!
If “Ask” is selected, you will see a message asking you to confirm whether or not the connection should be allowed.
However, I was searching for malware and rogue antivirus. I ended up finding a rogue av and the firewall automatically created a rule for it allowing inbound and outbound connection. Wasn’t real happy with this. I don’t know that me allowing it to install also gave the green light to create a rule like that or not. This was using Auto Decide. I don’t remember the exact rule but it certainly didn’t block it.
don’t worry about that, there’s no white list. The auto-decide mode just allows what the program normally requires to connect. The problem is that it sometimes seem to allow more than needed ;D
This will be based partly on a large white-list database of safe applications maintained by avast!
oh yeah, where’s that list? you got a link? … or anything stating officially that there’s such a list…
… ok app sigs are verified, that’s all I can tell… and if the program doesn’t have any, auto-decide will still allow it to connect 
go to application rules then click on help center at the top of the UI.
okay I never noticed that but yes it’s mentioned there… other things are mentioned that don’t exist anyway ( “process control” or no app allowed to install in “public mode” etc…)
I still to this day do not understand how the rogue av I installed was allowed to connect inbound and outbound. By me allowing it to install did this give the OK in AutoDecide mode? The rogue is long gone but it still bugs me on how the rule was created. According to the help file it states that it monitors for suspicious behavior. If it is a rogue it is nothing but suspicious. I would like it to fully block any antivirus that is not on the whitelist.
might be because as I said the auto-decide mode allows much more than it should anyway, and isn’t very strict at all with outbound connections… that white list, if it exists, is a joke. As to your rogue , ask also why the AV didn’t block the download and the install in the first place…
You do have a point there. After a clean install I just let the firewall run a few days in autodecide to make sure all the system rules and avast rules are created then switch it to ask.
another problem when you do that, is that switching to ask will only be relevant for new apps, as all apps already listed while you were on auto-decide mode will keep the auto-decide option ;D (in the “otherwise…” setting.
Another point well taken. I go through and delete anything that I don’t recognize (with the exception of the system and avast rules). After that rogue installed and the rules were created I keep a close eye on the rules now. I don’t trust that “suspicious” connections will automatically be blocked because Avast allowed a suspicious program to install and firewall rules allowing inbound and outbound connections for this suspicious program. I know that they want to keep it as transparent as they can but do think that the auto-decide rules need some tightening up.
Like Hexo mentioned, I like autodecide but ask for unknowns better than allowing unknowns. Although this is different than what you mentioned in your first post.
Until there are any changes made to the firewall I will just keep it in “ask” mode.
The “Don’t allow new programs” might be added as a new feature. Below was from an email from Lukor.
There is no really whitlist?
Thats very bad.
So i have to change my firewallsettings to the “ask mode”.
I thought, that the avast! FW is as good as the Gdata FW. But i see, that isn´t true.
I would be better to have an global “community” whitslist with trusted programms, and each other programm has to ask if it want to connect to the www.
There is a whitelist… Where did you hear that there wasn’t? ??? I don’t think that its a community whitelist though. As said, it is managed by avast.
On a side note, I found that Gdata’s firewall service could be disabled at startup (either manually, or if a piece of malware gets through). I don’t know if they fixed that.
GG
I looked up in the manuel and there is no information about a whitlist.
Did you ever notice a “Firewall” block?
Did you ever notice a "Firewall" block?
yeah once… recently, an unexplained inbound connection
LOL.
Any outbound blocks?