Avast firewall newbie questions

Discussion in 'other firewalls' started by jasonbourne, Jan 30, 2011.

Thread Status:
Not open for further replies.
  1. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Hi,

    I hope it's okay to ask here (hoping that avast IS users can help me..)

    How can I creat a block rule for a single and a range of ports in avast firewall? I am a bit confused on the layout of the avast firewall and the Application Rules shows only "Allowed Applications". I have selected Public/High Risk Zone so all incoming is blocked(stealth all ports...right?)

    In the SYSTEM it says,

    Allow connections to all networks.
    Outbound ports: All or 80 Inbound ports: 445
    For all other connections: Auto-decide or Block/Ask

    I do not want it to allow all connections and prefer to block some like the infamous port 445 and 135-139. But I am at a loss as to how I can create it.

    I also need to block programs fro calling home but seem nt to find "terminate connection" option....is there one in the avast firewall? How can I block an application from calling home?

    Appreciate the help and replies!

    Thanks very much!:)
     
  2. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Try going to the Firewall>Packet Rules section and add a rule.
     
  3. Spruce

    Spruce Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    291
    Best would be to ask at Avast forums or contact their support.
    Blocking programs from calling home...sounds like crack method :doubt:
    :ninja:
     
  4. Morro

    Morro Registered Member

    Joined:
    Jul 11, 2009
    Posts:
    353
    Location:
    Netherlands
    How would using the firewall from Avast IS to block a program from calling home be a crack method?
     
  5. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Thanks for the reply. I appreciate it.

    I posted at the avastForums but there is no reply as of this time...that's why I opted to ask here instead..maybe an avast IS user will know..

    I do not use crack software because it usually borks the system, as much as possible if I cannot buy I enter contests/giveaways/promos or ask a friend for a license. My Cyberlink is not crack it's a 30day trial that was extended to 2 months courtesy of my request last December(trying it on Windows 7...I don't use it in XP but use Ashampoo software..also from promos).

    There are programs like Wondershare's DVD Slideshow Builder which I won in WebTalk that frequently calls home. I would want to block that as mentioned like Cyberlink eats up my connection. A lot of Wondershare software like DVD-Ripper platinum, DVD Creator, DVD Video Converter calls home and all of mine are licensed and registered. There are also a lot of alternatives out there to use instead of "crack".
    There are legit programs that always calls home.

    Like Java which if not configured when you install it auto-updates itself and eats up our bandwidth without you knowing and here you are after you have done something you find out that your download is not yet finished because the bandwidth is cut in half. I was talking of scenarios like that.

    Maybe I ought to remove the firewall component and go back to Privatefirewall or either Outpost/OA Premium. In my XP SP3 I have Privatefirewall, there is no option to terminate a connection so I use Processhacker ver2.8.

    Testing out combinations here( and wanted to check if avast firewall is good --all they say is that it's a silent firewall but what...?--- ).

    Thank you. :)
     
    Last edited: Jan 31, 2011
  6. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    You can edit rules for applications in Firewall -> Application Rules, there you can change the automatically created rules for the programs phoning home. You can also set Avast to Ask on every connection attempted for which there is no rule yet by going to Firewall -> Firewall Settings -> Expert settings. Or if you find that too much of a hassle you can also check the option Show notifications about newly created "allow" rules. From that notification you can go straight to Application rules if you want to change it to Deny. Terminating connections is not possible though.

    For the ports you can change the rules in Packet rules in Expert settings, but I'm not really experienced with that.
     
  7. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    @BoerenkoolMetWorst,

    Thanks for the reply.I tried it and it works. Only thing is Adobe Updater and Java update keeps running although I have made rules for them...it can't seem to apply it. Is there a whitelist of some sort with avast firewall which when a program is included auto-allows everything concerned with the whitelisted program? Anyway, I'll still observe and then decide i I'll keep it.

    Thanks:)
     
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Avast doesn't have a HIPS, so while it denies internet access to the applications it doesn't stop them from running. With v5.1 there is sort of a behaviour blocker if you set the behaviour shield to Ask, maybe that will throw a pop-up about adobe and java updater?
     
  9. jasonbourne

    jasonbourne Registered Member

    Joined:
    Aug 26, 2010
    Posts:
    247
    Yeah(Behavioral shield --seems benign no alerts or pop-ups..not the kind of the likes of Prevx...) tried that but still it didn't stop Adobe Updating itself....to terminate it I had to use Processhacker ver2.8 still.
     
  10. eugene91

    eugene91 Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    189
    The behavior shield is only passive if not mistaken, it will not do anything now, as it is still on learning mode according to avast!.
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Perhaps you need to disable Adobe readers processes in the startup list, readersl.exe is preloading the reader for faster startup and adobearm.exe is for the update I think. Or switch to a nicer reader :)

    Yes, but you can set it to Ask yourself in expert settings since 5.1
     
  12. constantine76

    constantine76 Registered Member

    Joined:
    Dec 18, 2010
    Posts:
    178
    @eugene,

    Oh is that so...that explains it why it seems to do nothing on my extra machine. Well I have Prevx SOL in tandem with Avira Premium(w/out ProActive) loving it:)

    @BoerenkoolMetWorst,
    -- I am using PDF-Xchange Viewer doesnt call home and doesn't bug you on updates. You should try it jasonbourne...looks good too:)

    @jasonbourne,

    imo, a firewall should have an option to terminate a connection..but that's just me:)
     
    Last edited: Feb 6, 2011
  13. eugene91

    eugene91 Registered Member

    Joined:
    Jun 18, 2010
    Posts:
    189
    But it wouldn't do anything too :rolleyes:
     
  14. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    It only asks about things it deems suspicious and the whitelist has grown too, so it may be more difficult to get a pop-up, but I've seen quite a few pop-ups, mostly when installing software.
     
Loading...
Thread Status:
Not open for further replies.