HELP!!! AVAST AFFECTS WINDOWS FIREWALL RULE!!

[kwamectc]

HELLO!

I'm a Avast user for almost 5 years now, and I never have this issue until now, It seems avast affects Windows Firewall Rules When Im trying to block programs to connect to the internet (to avoid ads), after disabling web and network shield.. its fine now... Is there any way to fix this? without risk of infected? (Web & Network Shield is disabled?)

THANKS!

[Asyn]

avast! GUI -> Web Shield -> Expert Settings -> Main Settings
Enable: Scan traffic from well-known browser processes only

[gdiloren]

avast! GUI -> Web Shield -> Expert Settings -> Main Settings
Enable: Scan traffic from well-known browser processes only

I don't see how this solves the problem. It's the web shield scan that interferes (being a proxy) with all firewalls, now!
See: http://forum.avast.com/index.php?topic=93953.120

[Asyn]

I don't see how this solves the problem.

Well, as I didn't answer to you, it doesn't really matter.

[DavidR]

<snip unrelated quote>
I don't see how this solves the problem. It's the web shield scan that interferes (being a proxy) with all firewalls, now!
See: http://forum.avast.com/index.php?topic=93953.120

I can't see how you can arrive at that conclusion (highlighted) from the link that you posted.

[gdiloren]

Sorry for being a ball b... But I admit this flaw of Comodo firewall or avast and reports of other related trouble are very keeping me disturbed. But I can report I have detected no problem on PFW and AVAST FREE (all parts working together!). Now Comodo says they'll fix the issue in version 6 next January and there is no dispute between Avast and Comodo. In the end, all this is generating mor bad and confusion than good. End of discussion. Thanks!

[Asyn]

Sorry for beigne a ball b... But I admit this flaw of Comodo firewall or avast and reports of orner ce trouble are verront me diseurbed. But I can report I havé détectes nô problème situ PFW.

This topic is not about the Comodo FW..!!!

[gdiloren]

All right, it "affects Windows FW rules" as in the other topic on Comodo about a program (Firefox) not being stopped...

[lukor]

Hi Guys,
we can confirm this - this is indeed happening with avast, and possibly with other proxy like apps - like proxies for removing adds, parental control apps and such. Localhost communication is not a network traffic per se - no packets are leaving your PC - so some developers prefer the simple user experience and others like the complete protection. Hence some firewalls choose to ignore local traffic and others filter it like any other connection. This is a surprise for Comodo, but rather expected for Windows Firewall, where simplicity was always important.


Windows firewall was originally intended for inbound protection only, and as such works great. It can be tweaked to handle localhost traffic and outbound protection as well - so this is not a problem with the underlining technology. Those who want to try tweaking it, please read the following post from Dch48 for nice suggestions.

You can use either Windows 7 Firewall Control, which superimposes an outbound monitor over the Win Firewall or another app called Windows Firewall Notifier which actually turns on the outbound filtering in the Windows Firewall and alerts you to connection attempts allowing you to decide whether they should be allowed or not. The advantage of WFN over W7FC is that WFN only runs when connection attempts happen and shuts back down after a decision has been made. If you desire, you can also set it to make seperate rules for each Windows service that uses  svchost instead of just globally allowing svchost itself.  The problem with the loopback still exists though. Personally I just use the Win Firewall in it's default state and the Avast Firewall set on auto-decide.

As the whole proxy based process of filtering connections brings some confusion (such as this) over time, we are planning to remove the proxy from future versions of avast and replace it with other techniques. Please stay tuned. 


Lukas.


Edit: creding Dch48 properly. Thanks Charyb

[Asyn]

As the whole proxy based process of filtering connections brings some confusion (such as this) over time, we are planning to remove the proxy from future versions of avast and replace it with other techniques.

Very interesting...!!

[DavidR]

Hi Guys,
we can confirm this - this is indeed happening with avast, and possibly with other proxy like apps - like proxies for removing adds, parental control apps and such. Localhost communication is not a network traffic per se - no packets are leaving your PC - so some developers prefer the simple user experience and others like the complete protection. Hence some firewalls choose to ignore local traffic and others filter it like any other connection. This is a surprise for Comodo, but rather expected for Windows Firewall, where simplicity was always important.

Windows firewall was originally intended for inbound protection only, and as such works great. It can be tweaked to handle localhost traffic and outbound protection as well - so this is not a problem with the underlining technology. Those who want to try tweaking it, please read the following post from Charyb for nice suggestions.
<snip quote>
As the whole proxy based process of filtering connections brings some confusion (such as this) over time, we are planning to remove the proxy from future versions of avast and replace it with other techniques. Please stay tuned. 

Lukas.

Twang, just getting tuned.

Is this a long term aspiration, e.g. avast8 or medium term, avast 7.1 or 7.5 program increment ?

[gdiloren]

Finally, somethinng is moving!

[curious!]

You can use either Windows 7 Firewall Control, which superimposes an outbound monitor over the Win Firewall or another app called Windows Firewall Notifier which actually turns on the outbound filtering in the Windows Firewall and alerts you to connection attempts allowing you to decide whether they should be allowed or not. The advantage of WFN over W7FC is that WFN only runs when connection attempts happen and shuts back down after a decision has been made. If you desire, you can also set it to make seperate rules for each Windows service that uses  svchost instead of just globally allowing svchost itself.  The problem with the loopback still exists though. Personally I just use the Win Firewall in it's default state and the Avast Firewall set on auto-decide.

Just a hint for those trying to set up Windows 7 Firewall with outbound protection without using the tools mentioned above:

This thread at Wilders originally written for Vista but IMO still very useful gave me all the info I needed (and much more) to set up
my Win 7 Pro 64 bits with outbound protection some months ago.

This is the best info I could dig up half a year ago and it really helped me.

It will take some time setting it up, because no info on blocked outbound connections in real time,
but logging of blocked and/or allowed connections is possible.

Here you go, be warned and have fun:

http://www.wilderssecurity.com/showthread.php?t=239750