Firewall rules for Avast 5

My simple question is what firewall rules needed for Avast 5 for normal operation?
I’m searching the internet for hours, but most pages describe Avast 4.

I’m using Avast 5 free on Windows 7 Home Premium with the built-in firewall, set to block every outgoing (and incoming) communication except a rule exists (but a general description valid for any type of firewall would be my preference). I’m experienced with firewalls, so I know what are ports, packets etc. I only need simple rules: what process, which port, what kind of protocol. Most firewalls have features like popups for new kind of connection for which a rule does not exist and also an active connections view which lists all processes that communicate or wait for communications, but unfortunately these left out from Windows 7 built-in firewall (and I would not install a separate firewall).

I know I should create a rule for %ProgramFiles%\Alwil Software\Avast5\AvastSvc.exe (which is a transparent proxy I presume) to allow all outgoing connections (TCP 80, 8080, 443 would be sufficient for web, but not sure whether POP3 and IMAP is proxied through this process so I permitted all ports).

What other rules should I create, especially for virus definitions update to work?

Edit: modified title as requested

you should allow avast.setup to connect, that’s the executable responsible for updates.

ps: may be you could modify your thread title, I first thought it was about AIS firewall :wink:

Thanks Logos for your reply.

You are right, there should be a rule for avas.setup, I read it somewhere also but when I checked my installation, this file did not exist. It seems that it is created during update. I also found that I should allow AvastUI.exe.
So my rules are as follows:

for Web Shield: %ProgramFiles%\Alwil Software\Avast5\AvastSvc.exe allow all out (maybe TCP out to port 80, 110?, 25? would be enough)
for updating: %ProgramFiles%\Alwil Software\Avast5\AvastUI.exe allow TCP out to port 80
for updating: %ProgramFiles%\Alwil Software\Avast5\Setup\avast.setup allow TCP out to port 80

erm…avastUI.exe >>> that’s optional ;D (don’t ask why, check for yourself :wink: )
for avastsvc.exe, you need http (80 & 8080) + all mail protocol ports (110/995 143/993 25/587/465) …the mail shield belongs to avastsvc.

As to avast.setup, you’re right, it’s generated during updates only, and will disappear after that. Creating a permanent rule for it is a good thing, because as said, Windows Firewall won’t alert you if needed (on outbound).

edit: don’t create any rule for 443 ;D (obviously can’t be scanned :wink: )

Apologies for posting in the wrong thread but I am trying out AIS and have firewall rules set to “auto-decide” which of course eliminates a lot of pop-ups but using GRC leak test,AIS allowed it to run. Why would AIS allow GRC to connect to the net? (Paranoia speaking here) :wink: ? Should I be concerned? Should I just go with “ask”? even though that would initiate more pop-ups? :-\

please copy and paste the content of your post in a new thread, this is as you’ve noticed completely off-topic here.

And that new thread being where?

well you’re supposed to start it ;D

wow you are really helpful

okay, if you’re not familiar with forums, just go to http://forum.avast.com/index.php?board=2.0 and click on “new topic” :slight_smile:

thanks :wink: