Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Hermite15 on January 23, 2010, 07:09:15 PM
-
I just deleted all rules, switched back from Home zone to Work zone, set policy on auto-decide, rebooted:
OK launching Firefox, and I'm being asked, although auto-decide was set:
(http://i349.photobucket.com/albums/q389/fantome_02/ffalert.jpg)
Then I look at the rule that was created, and although the alert stated "friends in/out", the rule states "friends and internet out otherwise ask me" ... I guess the alert was only related to the web shield interference.
(http://i349.photobucket.com/albums/q389/fantome_02/ffrule.jpg)
also noticing that all system related rules that were automatically created after the software install, once deleted, and not created again.
-
sounds like many rules are created in the background now, whether policy is set to ask or auto-decide :-\ ... I've lauched some apps that didn't trigger any alert, no rule was automatically created, at least visibly...
-
I conclude from parsing the threads here that the firewall module is an overlay for the Windows firewall. You won't have much control over it.
I'm thinking that's why my posting
http://forum.avast.com/index.php?topic=53789.0
has remained unanswered.
Looks like you can make any rules you want as long as they're avast! rules. 8)
Clearly, this forum needs a separate board for firewall users. Way too much Free and Pro chatter in this one.
Good luck!!
-
I conclude from parsing the threads here that the firewall module is an overlay for the Windows firewall. You won't have much control over it.
<snip>
I doubt that as in the beta tests many people disabled the windows firewall, although there is supposed to be no conflict with it or need to disable it. So to me that would indicate it isn't simply an overlay.
I'm thinking there very few people outside of the Alwil team that have that much experience on the avast firewall to respond to or much less help with the question. I think what Alwil have been trying to do with the firewall is similar to what they are doing with the antivirus, take the questions away from your average user. So perhaps it isn't as configurable as the old style firewalls.
-
It's a new concept I'm sure about it and that's why I'm interested in it and I'm running it for now. A concept obviously meant to avoid a maximum of alerts to the user if fw is set to ask. I'd just like to have more precisions about the auto-decide behavior, as it also seems to interfere when the firewall is set to ask. Also, we badly need a neutral and professional test with it. I hope Matousec will take care of that soon or later, where soon would be better ;D I know there's been some controversy about Matousec but I can't think about anyone else doing the tests so deeply. Any suggestion welcome ;)
Another obvious thing is that we don't have here a tweak-able firewall, like protocols aren't accessible in the application rules as well as many other things. If the firewall is leak-proof I don't care, but I'd like to be sure.
-
I would have thought that ShieldUp at grc.com would be a start as essentially firewalls are about stealthing your system and secondly about outbound connections and what gets out, etc.
-
OK so I should have added outbound-proof, because network security is not just a matter of port, but also how good a firewall is good at blocking unwanted outbound connections. To stealth ports, my router's firewall does the job alone ;)
-
Yes a router would do that or most would accomplish that, but it was more a test of the firewall if the router could be bypassed.
-
I know... OK so, on ShieldsUp, except for ping that I allowed purposely just now on the router for the test, so ping failed (ie system responded), all ports are stealth when router's firewall deactivated ;) ... sounds good, but I need to know how solid is the outbound protection. There are tests available that you can run yourself, but Comodo made them so ;D ...not sure about neutrality there :D
-
A promising start apart from the ping, a common knock, knock, to see if anyone is home ;D
Understand what you mean by neutrality.
-
two other questions about how rules are made:
1) deleting a rule (made after a first alert) for an application doesn't necessarily mean that you'll get a new alert when launching this same application again
2)WLM rule: I get three alerts, all of them on MS IPs on port 80, the rule is already created after the first alert has been answered, why do I get two new alerts ??? same protocol etc... just the IP changes...and of course no sub-rule gets added to the list.
-
I'd like to insist on that because I just tried it again: deleting an application rule and launching this app doesn't trigger anything, no alert, nothing, even with "auto-decide" on. I got the feeling the rule is kept, after deletion, somewhere in the firewall configuration files and therefore will never appear again in the UI list...
-
no alert, no rule, nothing when an application launches a link in a browser, like Thunderbird or TweetDeck >>>> Firefox...
-
I see now in the log that an app running in the background (something that I know) has been blocked, and it refers to rule *8 ???
-
I see now ( I should have opened the file before ::) ) that tens of rules that don't appear in the GUI are still stored in:
C:\ProgramData\Alwil Software\Avast5\fw\rules.xml
cool, why isn't that reflected in the GUI ? also some rules that I deleted are still there :D
-
just deleted the rules.xml file and rebooted, with the firewall set to ask, found when logging in that it was as expected created again, but unexpectedly filled with the same content as previously, tens of rules created again automatically with no prompt and nothing appearing in the application rule panel.
edit: so there must be another way to reinitialize the firewall more effectively, and have it behave like it did just after the install, with prompts ??? no ? ;D but how ? must be another file to take care of...
-
avast has in the past had an integrity checker, so I can only assume that some thing like this is going on here, where it replaces the missing file, but must as you suggest have a backup of your settings/rules somewhere.
-
don't want to go into the details,off topic here and would be too long I went through some sort of disaster on my system this afternoon, that I could have avoided but I made a mistake in the process of recovering. Anyway, it all started when I deleted the content of rules.xml (edited, I didn't delete the file) and rebooted. Found an empty desktop, logged out, could log back in and found tens and tens of entries in Windows events related to DCom and NT/authority errors. I rebooted another time and got the empty desktop again. How I recovered from that is another story but I think what happened is that by deleting all the content of the firewall rules, all internal traffic in Windows got blocked ;D
-
back on AIS, I started this thread while back on "free": after upgrading to 5.0.393, I found that the firefwall seems to behave much better now, with rules created automatically when config on "auto-decide". More on this as it comes and as needed.
-
just to mention the pop up about new network detection is still there after each reboot, as if after a fresh install. Also, I just uninstalled an app that had a rule, and I don't want to delete this rule as I still have no idea if it will appear again in the UI rules panel if I ever reinstall this same app. It use to never appear again there, but was kept in rules.xml after deletion in the UI.
-
don't want to touch anything ;D Firewall seems to work great on default settings.
-
Hi, when deleting the app from the GUI it should also disappear from the rules.xml.
Concerning the popup dialog -- well, me working from a notebook I actually pretty much like it the way it is now - it pops, yes, but it also informs me in what network I am connected right away, which is handy for me. So even though at first we thought this should get changed, currently I sort of lean to keeping it poping. Perhaps a checkbox in the gui, for Desktop PCs to skip the popup migh be a good compromise?
-
Hi, when deleting the app from the GUI it should also disappear from the rules.xml.
Concerning the popup dialog -- well, me working from a notebook I actually pretty much like it the way it is now - it pops, yes, but it also informs me in what network I am connected right away, which is handy for me. So even though at first we thought this should get changed, currently I sort of lean to keeping it poping. Perhaps a checkbox in the gui, for Desktop PCs to skip the popup migh be a good compromise?
thanks for the feedback ;) so now I can delete uninstalled apps and that will be indeed reflected in the rule.xml file, fine. No problem for me on such a compromise concerning the pop up, with an option to turn it off for those on Desktop PCs and not switching networks as often as those on mobile devices :)
-
OK bad new I deleted CIS (comodo) entry from the rules panel, because I left it on (just the HIPS) after I reinstalled AIS, and finally changed my mind and removed CIS completely...I just edited rules.xml just for viewing, and the Comodo rule is still there ???
edit: I deleted the group, so the rule in it should be gone as well... I think that's where the mistake comes from, the rule is kept is in the xml file but doesn't appear anymore in the GUI
-
Hi, can you send me the rules.xml file ?
-
Hi, can you send me the rules.xml file ?
OK ;) (mail)
-
just wanted to mention again, when something like that happens, if you reinstall the same app, as its rule wasn't deleted in the xml file, it will never appear again in the GUI list. Same goes if you simply delete the rule of an existing app from the GUI, relaunching the app doesn't recreate it in the GUI.
-
just wanted to mention again, when something like that happens, if you reinstall the same app, as its rule wasn't deleted in the xml file, it will never appear again in the GUI list. Same goes if you simply delete the rule of an existing app from the GUI, relaunching the app doesn't recreate it in the GUI.
This does not reproduce for me at all! I'll try to find something in your rules.xml, probably it got somehow corrupted...
-
just wanted to mention again, when something like that happens, if you reinstall the same app, as its rule wasn't deleted in the xml file, it will never appear again in the GUI list. Same goes if you simply delete the rule of an existing app from the GUI, relaunching the app doesn't recreate it in the GUI.
This does not reproduce for me at all! I'll try to find something in your rules.xml, probably it got somehow corrupted...
Hello,
OK, the thing is it happened already, and that's a new install now, hard to imagine the list would be corrupted...
-
just to mention that too many programs are listed in the "other" section in application rules list, although their publishers are well recognized. For instance Adobe Reader is well listed under the adobe group, while adobe air is listed in "other"...