Incoming TCP for avast!

Hey, I’m new to the forums, which probably means I have a question to ask about avast! However, first I would like to thank the Alwil programmers/engineers for creating such an excellent freeware program. ;D

Well anyways, I’m using Kerio Personal Firewall 2.1.5, and when randomly browsing the Internet my firewall would display a message that something wants to connect via TCP (incoming) to avast! webscanner. I allowed outgoing TCP connections for avast! webscanner, and it works just fine, but I’m not sure if I should allow the incoming TCP connections. Any clarification on this would be greatly appreciated… BTW sometimes I would receive connection requests from IP addresses, and at other times I would receive connection requests from websites that seem to be related to avast!, although I think I’ve disabled both iAVS and program automatic updates.

Thanks in advance to whoever decides to respond to this post… And one more thing… If anyone in this forum uses a firewall that display stuff like ports and UPD and stuff, I would appreciate it if they give me some basic information on what ports and UDPs to block, allow, or restrict.

As I know avast should not require incoming connections so I think you should block it. i had something like you some time ago.

Question. What happens if you deny access?
Answer. The web page probably won’t be displayed.

If it is truly web shield (ashWebSv.exe) then it requires both outbound and inbound internet access, usually to port 80 (http) and usually using the TCP protocol.

Web shield transparently filters/monitors content from the web before placing it in the browser cache so you can see the web page, etc. this is normal.

However, web shield is not the initiating program but your browser (you) wants to look at a web page but some firewalls only see the web shield interface connecting to or receiving data.

See my log file and see similar occurances but you need to be more detailed in where the inbound request/site is coming from.

You forgot to mention your operating system and more detailed description or perhaps a screen shot of the firewall message would also help.

Anyway, avast! WebScanner accepts incomming connections from your browser in a similar way Internet Mail provider accepts incomming connections from your mail client program. However these connections should come from your PC, that is localhost or 127.0.0.1, and both Mail Scanner and Web Scanner by default listen only on localhost interface, so they can not be accessed from the internet even if the firewall would not be there.

You might want to download and run TCPVIEW from sysinternals.com. There you might see what programs are listening on which ports and which IP addresses. I have also seen a situation where certain firewalls warn about something like this, but the connection would not ever reach the program (Web Shield in this case) Instead the firewall was simply confused…what I am trying to say is that unless you tweak the setttings in avast4.ini avast! should not listen on external interfaces and is not able to accept connections from the internet even on those ports that are used for localhost accepts.

I didn’t get any screenshots of the TCP connection request yet, but I do have screenshots of ICMP requests. BTW David, what firewall is the one in your attached screenshot? I’m thinking of switching firewalls due to the lack of support for KF 2.1.5 due to the lack of people who use it.

EDIT: changed the wording a bit…

due to the lack of support for KF 2.1.5 due to the lack of people who use it.
I can't believe you said that ;)

www.dslreports.com/forum/kerio is one forum with some very knowledgable people who are willing to help.

Searching Google for “kerio forum” and “kerio faq” shows many helpful links.

IMO Kerio 2.1.5 is the best software firewall out there. It will take a lot of work to set it up but it will be well worth it.

This ICMP request is normal, avast! checks if you are connected to the net to perform update.

DavidR uses Outpost firewall which is a very good one(if you check pc flank it’s supposed to be the best) :slight_smile:

As my signature and darth.mikey says ;D I used Outpost (Pro) so it is not free and I also have some issues with it as it accesses 450-500 files on startup and this had been playing havoc with my boot times. So much so that I have it totally disabled at startup including disabling the service and use a batch file to start it up after boot. This is not a good option if you are on a broadband connection, but not a problem since I’m on dial-up.

There are later versions of Kerio I believe but many prefer the version you are using. Surely there are some logs in the GUI that you can check?

What will happen if you exclude Outpost folder from the on-access scanning of avast?

Nothing, it didn’t work. The only thing that worked was to totally disable it.