My simple question is what firewall rules needed for Avast 5 for normal operation?
I’m searching the internet for hours, but most pages describe Avast 4.
I’m using Avast 5 free on Windows 7 Home Premium with the built-in firewall, set to block every outgoing (and incoming) communication except a rule exists (but a general description valid for any type of firewall would be my preference). I’m experienced with firewalls, so I know what are ports, packets etc. I only need simple rules: what process, which port, what kind of protocol. Most firewalls have features like popups for new kind of connection for which a rule does not exist and also an active connections view which lists all processes that communicate or wait for communications, but unfortunately these left out from Windows 7 built-in firewall (and I would not install a separate firewall).
I know I should create a rule for %ProgramFiles%\Alwil Software\Avast5\AvastSvc.exe (which is a transparent proxy I presume) to allow all outgoing connections (TCP 80, 8080, 443 would be sufficient for web, but not sure whether POP3 and IMAP is proxied through this process so I permitted all ports).
What other rules should I create, especially for virus definitions update to work?
You are right, there should be a rule for avas.setup, I read it somewhere also but when I checked my installation, this file did not exist. It seems that it is created during update. I also found that I should allow AvastUI.exe.
So my rules are as follows:
for Web Shield: %ProgramFiles%\Alwil Software\Avast5\AvastSvc.exe allow all out (maybe TCP out to port 80, 110?, 25? would be enough)
for updating: %ProgramFiles%\Alwil Software\Avast5\AvastUI.exe allow TCP out to port 80
for updating: %ProgramFiles%\Alwil Software\Avast5\Setup\avast.setup allow TCP out to port 80
erm…avastUI.exe >>> that’s optional ;D (don’t ask why, check for yourself )
for avastsvc.exe, you need http (80 & 8080) + all mail protocol ports (110/995 143/993 25/587/465) …the mail shield belongs to avastsvc.
As to avast.setup, you’re right, it’s generated during updates only, and will disappear after that. Creating a permanent rule for it is a good thing, because as said, Windows Firewall won’t alert you if needed (on outbound).
edit: don’t create any rule for 443 ;D (obviously can’t be scanned )
Apologies for posting in the wrong thread but I am trying out AIS and have firewall rules set to “auto-decide” which of course eliminates a lot of pop-ups but using GRC leak test,AIS allowed it to run. Why would AIS allow GRC to connect to the net? (Paranoia speaking here) ? Should I be concerned? Should I just go with “ask”? even though that would initiate more pop-ups? :-\