This is a cross post from the 19.1.2360 feedback thread. Apologies for doing so, but this is an issue that I’m quite worried about:
Last week I posted to the v19.1.2360 feedback thread about Avast adding extra firewall profiles for networks that I have never used. Another User, @MaxLV, also mentioned this issue.
@Bob3160 asked me to provide a screenshot, which I have attached to this message. The image shows 3 saved firewall profiles:
“lan”, the profile highlighted GREEN is my home LAN, and is always the active profile.
“Network Connection”, the profile highlighted AMBER, might have been created when I updated the firmware on my VDSL modem by plugging my rig into its Ethernet port (yes, I made sure that the modem wasn’t connected to the 'net at the same time.)
“BN16.com”, the profile highlighted RED, is not one that I recognise. My computer has only ever been connected to the “lan” profile. Googling “BN16.com” returns a listing for what looks like a local ads site based in the UK (BN16 is a UK postal code). I’m not going to actually visit the site: Norton Safeweb says that it has not been scanned, although, based on some Google searches, it doesn’t seem to be associated with any malware-related activity.
So what gives? Is the issue that MaxLV and I are experiencing a bug related to 19.1.2360, or is it something more sinister? i.e. an indication that our computers or network hardware have been compromised in some way?
Windows Firewall can easily be bypassed when a parent application (which you DO NOT WANT to access the internet) is using a child application to do so .
Example : bad.exe is using iexplore.exe (which is allowed) to access the internet.
There is no need to block bad.exe if you dont have it on your computer … and if you do it is already to late
[/quote]
bad.exe was just an example…
Could be anything else, like software phoning home, unwanted telemetry. Typical example is Malwarebytes , which, even though has an option to disable telemetry, still submits behind your back data about your PC.
This is not a “solution”… There are different degrees of “trust” and with a properly configured firewall you can filter the unwanted communication from the program you “trust”
FWIW, I use Avast Firewall because bad actors are likely to concentrate their efforts on attacking the default security systems used by Windows - such as Windows 10 Firewall - on the basis that the majority of users aren’t tech-savvy or paranoid enough to switch to something else.
Getting back on topic: does anyone know what’s going on with my Avast Firewall saved networks? I have never connected to a network called “BN16” and I’m freaking out about the prospect of someone having pwned a) my laptop or b) my entire home network. All it would take to set my mind at ease is for someone to confirm that this is a bug with Avast.
I’ll only repair or uninstall-reinstall as a last resort. Avast appears to be working properly, the only thing I’m worried about is this phantom firewall profile.
If I repair or reinstall Avast, all I’ll be doing is hiding the symptom (i.e. wiping Avast’s list of firewall profiles) without treating the disease.
The behavior of the networks list in FW has changed in 19.1.
The list now includes all the networks that OS (Windows) knows about in NLA. Meaning that a FW profile does not have to exist for the network (new network toaster would be displayed when connecting to it), but it is still listed.
The list is ordered by “last connected” with the most recent connections on top.
Does this explanation suffice?
Do you think this new behavior is OK, or would you rather see it behave differently?
By “NLA”, do you mean Network Level Authentication? I thought that was just for use with RDP?
Alternatively, are you referring to the list of previously connected networks that Win10 stores in [i]HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles[/i][…]? Embarrassed to admit I hadn’t thought to check that, but I will. I suppose it’s possible that the “BN16.com” connection could be a hangover from the configuration process that my laptop’s manufacturer might have run on it. I will take a look a post my findings here.
In terms of tweaking the behaviour or presentation of these Avast Firewall settings in future: it was quite alarming to see a set of new networks appear in the firewall settings menu. It may help reassure Avast users who are a little too security-conscious (such as myself) if the firewall only displayed networks that it was involved in managing. For most users this would mean that Avast only listed the network they were using at the time Avast was installed, and any network that the “toaster”/pop-up prompted them to set to private or public afterward.