Author Topic: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO  (Read 9425 times)

0 Members and 1 Guest are viewing this topic.

Offline 1tb

  • Jr. Member
  • **
  • Posts: 71
We have a few SQL server apps running on some workstations (small database loads) that require SQL ports to be open. The default BPP settings don't open these ports, yet they are already open by GPO in the windows domain profile.

As soon as you install BPP we cannot connect to our 'local SQL servers'. Why doesn't BPP firewall follow the same rules set up by our domain profile Group Policy?

This also happened with File and Printer sharing- enabled for domain profile for localsubnet, but as soon as avast BPP firewall installs it is blocked!

We just want to open up the ports in the group configured in the BPP console, but I cannot see how you do this for specific firewall ports? Where is it?

As it stands we have to go around to each workstation and customise the settings that are not exposed in the BPP console- too much work. We have decided to just disable Avast firewall on the clients and rely on the SBS GPO's to manage the firewall ports.

studio_two

  • Guest
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #1 on: September 20, 2011, 03:55:01 PM »
This is a bit of a show stopper for me too.

How did you disable the firewall on the Workstations?

I have "unchecked" the firewall shield within the default group (the only group I have), but this does not seem to have had any lasting effect on the workstation settings. Initially they were disabled (and the users received a warning notification), but now they are all enabled again.


Regards,
Stephen

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4088
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #2 on: September 20, 2011, 07:19:30 PM »
Is possible, if you disable the firewall, that a person see the alert notification.
If this person click on the "Fix", of course, re-enable the firewall again, but I think it will turn off the firewall again when you restart the computer,  it's possible?

The only thing you can try to do, is disable the notification of firewall in status bar on the policy group

When i turn of the firewall or antispam in a group, all computers in that group turn yellow and the client tells me its not fully secured
Via the advanced settings it is possible to control the firewall and antispam. In a later release there will be better GUI access
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarFirewall -> 0
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarAntispam -> 0
(thanks Soaked for the correction)

Unfortunately I've not the ABPP but only ABP, then I can't try to investigate with firewall shield :(, but I did some tests with other shields..
« Last Edit: September 20, 2011, 09:47:44 PM by giogio »
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

studio_two

  • Guest
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #3 on: September 21, 2011, 11:51:21 AM »
Is possible, if you disable the firewall, that a person see the alert notification.

Hello.

Many thanks.

Yes, that is what happens. However, the alert is from the Avast Client in the Taskbar Notification Area (not the windows Security Center).

Since the Windows Firewall is still running in ADDITION to the Avast One (as far as I can tell), editing Group Policy to surpress security warnings would not help.


Kind Regards,
Stephen

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4088
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #4 on: September 21, 2011, 12:09:19 PM »
Since the Windows Firewall is still running in ADDITION to the Avast One (as far as I can tell), editing Group Policy to surpress security warnings would not help.

There is a misunderstanding..For policy group I mean the policy configurable by avast console.. not the Windows policy! Can you try to modify the avast settings in this mode?

When i turn of the firewall or antispam in a group, all computers in that group turn yellow and the client tells me its not fully secured
Via the advanced settings it is possible to control the firewall and antispam. In a later release there will be better GUI access
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarFirewall -> 0
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarAntispam -> 0
(thanks Soaked for the correction)
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

studio_two

  • Guest
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #5 on: September 22, 2011, 10:53:47 AM »
Ah, Ok.  ;D

I will try your suggestion this evening.

Many Thanks,
Stephen

studio_two

  • Guest
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #6 on: October 24, 2011, 05:13:03 PM »
Unless I am mistaken, there is now a slightly easier way of disabling the Firewall:

[1] Edit Group Settings -> Shields -> Firewall (Uncheck)
[2] Edit Group Settings -> Status Bar -> Firewall (Uncheck)

Unchecking those TWO settings will:
[1] Disable the Firewall
[2] Prevent the Status Bar issuing a Warning.

Is this a NEW option? I don't recall seeing it before, so make sure you have the latest version of the workstation client installed.


HTH
Stephen

Offline giogio

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4088
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #7 on: October 24, 2011, 05:18:44 PM »
I think this is a new feature of new console version 1.1.131.7 released on 06-10-2011...
Prima di scrivere sul forum per favore leggi le istruzioni qui https://forum.avast.com/index.php?topic=144453.0
Non inviatemi MP per supporto,grazie-No support PM please
Home: E8400-4GB RAM-500GB HDD-Win10.0.15063x64-Avast! Free 17.3.2291-CryptoPrevent-MBAM 2.2free-Chrome 57(uBlock origin)-TB52
Work: i5-2400-4GB RAM-500GB HDD-Win 7sp1x64-Avast!Business Security 12.3.2515,     
Cloud Console 2.18
-FF52-TB52

studio_two

  • Guest
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #8 on: October 24, 2011, 05:26:16 PM »
I think this is a new feature of new console version 1.1.131.7 released on 06-10-2011...

Ah, thank you for the clarification.

It is important to update the CONSOLE to get this to work.

Many thanks,
Stephen

Offline spi

  • Poster
  • *
  • Posts: 514
  • 1st Services
Re: BPP Firewall exceptions - interaction with Windows Domain Profile by GPO
« Reply #9 on: October 26, 2011, 06:15:38 AM »
I don't know is right or not, in version 1.0.x is already has the feature disable or enable service by check mark and in version 1.1 this disable and enable service was move and changed as button on/off.


Windows 10 Pro 64-bit + avast Premium 11.1.2241
Network tools: Wireshark+CACE Pilot | Android Softphone + Grandstream UCM61xx | MI4i | Running Out of Time (1999)