The first default rule, “Localhost Public” allows all UDP/TCP traffic both IN/OUT on public networks. There are many subsequent rules that do not make sense following this broad allow rule. For example, “Windows Networking In Public” blocks TCP/UPD inbound traffic through a specified range of local ports (on public networks). Following the broadly inclusive allow rule described above, this block rule will not do anything. Am I missing something?
I also noticed this. I also noticed that the Localhost Public rule changes from Address: Localhost to Address: any, when you add any firewall test rule to anywhere.
Try it yourself, reset fireall rules to default, the Localhost Public rule goes to normal (address is Localhost), then add any one rule, just name it “test” and add it, it goes to the bottom of the rules list (as it should). Now the Localhost Public rule has lost its Address, so now it applies to anywhere allowing all TCP/UDP data to go anywhere making all the subsequent TCP/UDP rules pointless.
I tested this by using Port Listener by RJL Software and listen a port you like (open it in your NAT too if you have one) and set your network as public in Avast Firewall, now according to the rules all TCP/UDP data IN should be blocked, unless ruled otherwise above this rule. And it works, Open Port Check Tool (canyouseeme) does not see my service in said port. BUT if I add the test rule, and the Localhost Public gets altered to address: any. Then the Open Port Check Tool sees the service from the Internet.
Also the Avast Firewall doesn’t even acknowledge the Port Listener exe in anyway, I’m guessing because it doesn’t send anything out? Rather just listens? Of course if the antivirus component would reckognize it as malicious then the exe would be blocked but I would like to see the Firewall ask if the exe is allowed to listen.
If I do the same port listen test on Windows Firewall it asks if I want to allow the Port Listener exe to listen (allow data inbound rule for the exe).
Also there’s only one address box, well is it host address or remote address? All other firewalls I have used have host address and remote address boxes.
Aren’t these two big security issues here? The Localhost rule changing to allow all addresses and Firewall not asking if I want to allow exe to listen a port?
OS: Windows 10 x64 22H2
Avast Free with File Shield, Behavior Shield (no Ransomware protection), Web Shield, Firewall and Network Inspector components enabled.
Virus definitions: 28 August 2024, 13.13 (ver. 240828-4)
Software release: 23 August 2024, 13.51 (ver 24.8.6128 - build 24.8.9372.868