So I come in today to check on my client’s Avast setup in the ADM. We have 22 Windows XP SP3 machines, with the ADM running on one as the management console.

I see most of the machines are marked with black flag. Two have been marked since January. Several since last Saturday. The rest since early this Friday morning. I understand the black flag means they have not communicated with the ADM since those stated times. Yet they seem to be up to date on their updates.

I try to connect to the virus chest on one machine, it fails trying to connect to 10.1.10.23 - which is not the machine’s actual IP address (these are all DHCP machines).

Is this because the ADM is on a machine with a dynamic address? I just noticed in the manual that it says it should have a static address. It appears to me that the machines have lost contact with the ADM, so they’re updating from the Avast servers instead of the ADM.

What about personal firewall? Are there any changes ?(via group policy, if any?)

...so they're updating from the Avast servers instead of the ADM.

Yes, but only when you set this behaviour early in ADNM console, when stations have communicate with AMS. IMHO this is not default settings, this feature was targeted for notebooks (but you can use it for station also)