The options only show alerting, and logging. There is noplace to see which ports its blocking, or even expand the ports it blocks.
I currently run a software firewall, and I didn’t notice it was added until today. I activated the Avast Firewall, and so far when I gave it traffic to block on purpose its only blocking port 135 so I would like to know all of the ports, and protocols it blocks. Along with the suggestion of allowing us to see which ports/protocols it blocks, and add/delete which ports protocols it blocks.
I still don’t believe that its not just blocking based on the destination port number, but there is no documentation anywhere of what it blocks. This is what I really want to know.
Well, what do you want to here then? Vlk answered your question… if you don’t believe him, well… your bad, I’m afraid.
If it were just blocking ports, then the services using these ports wouldn’t work - everything would be blocked there. You can verify that if you like… (but you’d better disable your real firewall for that).
Yes, I want to know what the IDS signatures filter, or even where I could access them on the disk in some standard format like Snort. The documentation is very vauge about what it really blocks.
What does Avast Network Shield protect from? Specificly!
As Vik just said, its trying to protect you from all internet/network worms such as “Win32.CodeRed, Win32.SQLSlammer, Win32.Blaster, in32.Welchia (Nachi) and Win32.Sasser” ect
A comprehensive list of its IDS filters would be nice. Other IDS programs make their list available, and even allow you to export/import them. However, even though you could update them with every update, it would still be nice to know what they are protecting user from, and controls to prevent possible false positives.
I think it will not happen.
The Network Shield signatures are simply part of the virus database. The virus samples for the “ordinary viruses” are also not possible to extract/modify.
BZ, you’re basically right, I see your point. Let me just say this: the Network Shield is currently in v1. We’re planning to add a number of features/enhancements to it in the future, and a comprehensive documentation / list of signatures should definitely be one of them.
Thanks, hopefully at least the list of just the IDS signatures will be added somewhere in the program.
I’ve dealt with other so-called IDS programs, and in reality they only just blocked packets based on their destination, not their content as I have found many had mostly false positives on legit traffic. Its nice to see IDS filters used correctly, and not just port blocking.
Network Shield is definitely not a port blocker. The signatures are pretty long and are scanned for only in the relevant data streams (port numbers etc).
