Hi everyone, I was hoping I could get some insight on this peculiar setting with regards to Avast. It may not be something with Avast specifically but just Windows in general, but I thought I would ask here since I only see this happening with Avast. Also, any of the hyperlinks are just to imgur with relevant screenshots.
Background: I re-installed Avast recently, and after doing so I curiously checked to see if it was added to Allowed Apps to communicate through Windows Defender Firewall* and it was as you can see (I inadvertently removed it from this list somehow while messing around with Defender settings, which is why I re-installed to put it back in there). I also checked the Advanced Security settings to see the Inbound and Outbound rules, what I noticed was that Avast was added to the inbound rules, but it was set to Block. I set both TCP and UDP to Allow so that it could match the other inbound rules that are already added.
Since it was set to ‘Block’ on its own, my question is was this something by design that Windows and/or Avast set upon install by default? Or was this an error somewhere that took place and it should have been set as “Allow” but wasn’t?
I also assumed that it should be on “Allow” so that Avast can make inbound/outbound connections so that software and definition updates can take place, but during the two or three days it was set to “Block” in the advanced settings, it appeared to be working properly, and having set to “Allow” hasn’t appear to have really changed much (yet). Does that mean I should keep it on ‘Block’, change to ‘Allow’, or does this not really make a difference in the end?
I can’t attach on a reply or even when I edit my previous message. Plus they’re hyperlinked in the message so that the context makes sense, as opposed to attaching them seperately out of context.
I know that some people like cautious with external links, but it’s Imgur, you will all be fine. You can even hover over the hyperlink before clicking it to make sure it’s good.
I have checked and AvastUI is there, as are a few of my other programs that I haven’t added. There are a number of other functions and or programs that I don’t have or have used.
I had a very swift skim through and didn’t notice any other Avast Executables, though there are some functions that might be related, but \i certainly didn’t include them.
So it looks like it comes with default population of known programs/functions.
Oh that’s not the part i’m talking about. If you search “Windows Defender Firewall with Advanced Security”, in the Cortana search, open that up, and click “Inbound Rules” on the left side, and see “Avast UI” for both TCP and UDP (should be closer to the top since it’s in alphabetical order), do you have green checkmarks with “Allow” under the Action column, or the Red prohibition circle with “Block” under the Action column?
Since I said I haven’t made any changes to the Windows Defender Firewall and avast functions perfectly.
I disabled Cortana, very shortly after getting win10, I would love to have been able to completely get rid of it.
I can however get to the “Windows Defender Firewall with Advanced Security” and Inbound rules for aren’t enabled (and it still manages to function). There are Zero entries for Avast in Outbound rules, and it too function
The Web Shield and the Mail Shield (plus other functions) have outbound and inbound function requirements and they don’t use the AvastUI.exe to do that.
It’s just weird because Avast is the only program that has an Inbound rule created with it being “Blocked”, so I don’t know what the purpose of even creating a rule would be, or how Avast is able to function with it being Blocked instead of Allowed. Perhaps Avast is able to open a port another way without creating a Windows Defender exception?
So I guess my question now is: is me manually allowing the UDP/TCP connections under those rules (Like I did, as per my screenshots) going to cause any problems? Or does it not make any difference?
Perhaps i’m misinterpreting what you said, but it sounds like what you’re saying is that allowing those connections in the firewall rules won’t make a difference since Avast UI wasn’t using those protocols to communicate, get definitions updates, etc. because they are doing it another way. It would be like giving someone a key to the front door to get into my house when they previously didn’t have one, but becuase they were already using the side door, giving them a key to the front door is useless. Am I correct, or am I way off?
Given as mine doesn’t have any problem, it certainly shouldn’t make any differences.
Not way off - Yes that is pretty much my thinking if they are currently blocked and no errors given for avast using UDP or TCP by the firewall. Yes don’t give anyone a key who doesn’t absolutely need one (front door or other). Even if they have a need they ring the bell (firewall notification) and you choose to allow entry or not.
More general information: The windows firewall is pretty basic, I guess it has a lot of default actions based on a so called white list of programs, and things they may be likely to do. But if you take a look in the Task Manager and see just how many different functions possibly requiring connections, there doesn’t appear to be any other avast processes in the list.
I should be more specific: is there any detriment to allowing the TCP/UDP inbound connections. Yours isn’t having any issues but yours is still on Block, as per the default. I want to make sure having it on Allow won’t cause any issues, whether it is functional issues or other security issues. It seems like your answer in your second point means that giving Avast the Allow function in the advanced settings isn’t dangerous or bad, it’s just functionally useless (hence the giving a friend I trust a key to the door they don’t need since they’re already using the other door) and thus won’t cause any problems.
You mentioned the taskbar processes, so I attached a screenshot of all the Avast-related task background processes for shits and gigs, if maybe this provides any other insight.
Yep AvastUI doesn’t use them and by having them on Allow could make you more vulnerable. The only time you ever change Firewall settings is when it’s absolutely necessary.
Not sure but generally AV companies don’t usually make the protocols they use public for obvious reasons. Or at least I haven’t heard of any doing that.
But definitely some form of encrypted communication.