Firewall rule for automatic updating?

Hello everyone. First, I’ve done searches in here, at Kerio’s support forums, DSLr, and a few other places for help on making a firewall rule to allow Avast to automatically update it’s definitions…but I’ve been unsuccessful. Most posts are regarding the email scanning…I don’t need nor want Avast to do anything but automatically update, and I want a tight rule for it.

Has onyone done this (in particular with Kerio 2.15). I’ve made a list of all 16 (I think that’s all) IPs that the program reaches out to…and the only way I know to use these is in a group (or have 16 different rules…which I don’t want to do). Well that, or make a rule where it can go to any address, but I want my rules to be as tight as possible.

Any one able to help me out today? Thanks for the time…

cochese,

You do not need a “tight rule” when Avast updates. And what do you consider a tight rule anyway?

Set Kerio to the “Ask” mode. When Avast attempts to contact the download server, then give it permission and set it to remember your choice.

It is as simple as that. Don’t make it too complicated or you can actually block the auto update.

Well, I can do that. By tight I mean, I only allow my applications to reach out on the ports & IPs that they need to. I can set the local & remote ports…but I have to allow any IP (because Avast attempts to contact something like 16 different IPs - not at once, but one of them at any given time). The only way I can see to do it is by setting a whole bunch of rules…which I’m trying to avoid.

avast should connect different IP to ensure the best update quality and speed.
I don’t see on this procedure any kind of bad thing… Can’t you configure the firewall just allowing to connect any IP?
You won’t lose security doing so. Other antivirus (for instance, AVG) does not have this possibility, I mean, the user (free) must connect just one IP and, from time to time, it’s busy and overcrowded with update solicitations. Well, just my opinion.