Questions about AIS7 Firewall

Okay since my last post went under the radar I figured it best to make a specific post for my worries/questions here instead. To recap I am currently running my firewall with Public settings and wanted to ask your help or pick your brains about certain connections that I am unsure about. They are all apparently “companies” but I’m not entirely sure how legit/safe they are.

My last AV with a built in firewall was McAfee a few months back now and whilst I wasn’t super happy with the service or the av itself, I never had issues and their firewall seemed to always do it’s job and block the incoming connections that it should have been. The Firewall in AIS7, when set to public does as it should do, however when I switch to Work settings I’m not seeing any blocks whatsoever quite often. Am I to assume that Windows 7 Firewall is dealing with these connections instead?

But there have been some connections that I would love to know more about, during a period of time these fairly common ones sprang up.

0.0.0.0 which appears to be the talk talk network according to the details finder.
46.4.26.78 which is something called “Hetzner Online” from Germany
173.194.41.168 which is from Google.
239.255.255.250 which seems to have no location (pin is central off the coast of africa) and is labelled is a “Multicast” (this literally attempted a connection a second a go).

Are these familiar to anyone else on here?

There are also a number of connection attempts from my IP for our network where various number devices have connected, why would it be showing connections between 2 and 255 or 2 and 5 when my IP for this machine is none of these… is it accounting general connections on the network too?

I also wanted to ask if there were any negatives to just remaining in Public settings, since it blocks all incoming connections would that have an adverse/bad affect on things like Windows updates and other such legit/important things?

I suppose my message has gone down the page again, can nobody offer me their insight, I feel rather lost and uncertain about switching the firewall off public settings.

If somebody who uses the Home/Work setting could tell me how frequently connections are blocked by their firewall that would help me out, last week I switched the settings and noticed that nothing appeared on the block list. I’ve noticed this “Loopback” thing attempting to connect, my knowledge does not tell me whether or not this is a unsolicited connection attempt or something that normally happens in the background. When I switched to Work settings there didn’t appear to be any blocks whatsoever for at least 45 minutes… is this normal in some cases?

I also ask again, am I okay simply using the Public setting on the firewall, will it affect how i receive things such as windows updates (since it blocks all incoming connections)?

My apologies, have I posted this in the wrong place? Or can people not actually see my thread?

Hi DBenjamin85,

I can see your posts just fine. TBH, these questions are beyond many to answer completely.

Public Firewall setting: This is the most protective and stringent setting available.

Work: Moderate level; assumes that your work environment has security measures in place as well as certain access rights/restrictions in place. If you are setting this at a public place and using the work environment setting, this is not what that is for.

Home: Trusted environment within the home network. A router at home should provide a hardware firewall for additional protection if it is turned on (off by default in the router).

Loopback address normally is 127.0.0.1 (IPv4), but can vary here: http://en.wikipedia.org/wiki/Loopback See HOSTS FILE link here: http://support.microsoft.com/kb/972034 Examples of default HOSTS Files are down the middle of the page. You will see localhost is in there by default, so this is normal.

As for the proper and best settings to run AIS firewall at, I must step aside. (See user info below my post) AIS firewall complements the native Windows Firewall in Win7, but does not replace it. Both work together to provide greater protection than alone.

Thanks Mchain,

I was just a little bit puzzled, the firewall settings do seem to illustrate firewall protection of a network with varied levels of security, we have a network here at home, secured, not sure if we have a net firewall on by default or not.

I assume that the loopback connection must not be deemed a danger by the avast firewall, same goes for the connections within our own network. I think I’ve been operating the public setting regardless since downloading Avast IS 7 a month a go. I’m fairly used to a firewall that blocks what it needs to and lets through what it should, I was just unsure whether the most secure connection was nessesarily the best, for example whether or not it hampers Updates for the OS.

I was not sure about the actual level of security when switching to work or home mode, perhaps I should leave it at the middle setting for longer and see what happens. I was also just wondering if any others who used IS with the avast firewall could actually tell me what their log activity is like, just so I can get an idea and don’t worry that lots of things are seemingly bypassing it.

Item 1.) Loopback and localhost are settings within your computer that enable your computer to make network connections inside a network, and also outside on the internet. 127.0.0.1 IP IPv4 is nothing to worry about, it is a part of the HOSTS file, it is the reason I pointed the Microsoft link for you on this subject. If you can see this, on a system that supports IPv6, the localhost address is ::1. XP does not natively support the newest version 6 level, but Vista and Win 7 do.

To check the settings of your router, try typing in the following IP address in the address bar of the browser you use: 192.168.0.1. Press enter to display the web page of your router. If this does not work, then try going to the site of the router manufacturer, and determined the correct internal IP address for that device. Suggested general link here: http://compnetworking.about.com/od/workingwithipaddresses/f/getrouteripaddr.htm

Wiki(Encyclo)pedia is a good site to take a little time to get the gist of what networking is, and what a firewall is supposed to do: http://en.wikipedia.org/wiki/Main_Page Just type in the search box what you are interested in finding out and/or need to know.

Item 2.) You will likely find out your router does not have its’ internal hardware firewall turned on; if so, then go to the manufacturer’s website to find out how to do this properly. You may also find the router is not secured with a strong password to prevent outside intruders from changing the internal settings of your router without your knowledge or permission.

The more you know about basic router settings, the better off you will be.

Just be glad an user of Avast! AIS is not forced to know how to configure his/her system for best security and protection; default settings alone should be enough for most users. Trust more, and worry less; but still get the questions you are asking answered by looking for them on the internet.

Hope this answers some of your questions.