Configuring Vista firewall outbound rules

[jellaby]

I have blocked all outbound connections on my Vista firewall, and I am making outbound rules to allow Avast to update and run normally.  I have made an outbound rule for every .exe file in the Avast folder, but when I update Avast, it says that the file that is not allowed to connect to the internet is something called, "avast.setup" and "avastXX.setup" (where XX is a number). 

This is true, because I have not been able to locate the file within Vista Firewall's Outbound rule making wizard.  From what I can gather from some other forums, Avast creates avast.setup when it updates and then deletes it when the update is completed.  So, the question is, how can I make a rule for an .exe file (I think it is an .exe file) that Avast creates and deletes when updating?

Please help...I need to update Avast.

btw-except for this problem, although I've found Vista's firewall to be somewhat tiresome in forcing me to create a rule for every program that wants to make an outbound connection, I am finding it easy to use as an amateur.  The challenge is finding all the little .exe files that you need for all your programs to function.  It is frustrating when you can't seem to find the program that you need to allow your software to function normally.  I wish there was a list somewhere.  Note to Avast: you need to post a primer on how to config Vista Firewall Outbound rules to allow Avast to connect seamlessly.   

[DavidR]

There should only be one occurrence of avast.setup so it would appear that there were multiple occurrences which shouldn't happen. Perhaps if you initiated a manual update whilst the auto update is running (or had stalled) that might happen, but I can't say for sure.

The avast.setup file isn't a permanent file and is only created at the time of update (and is removed when the update is complete), so I don't know if that might also be a factor in the windows vista firewall.

Two other files/providers that require internet connections, ashMaiSv.exe (the Internet Mail Provider, email scanner) and ashWebSv.exe (the Web Shield provider, scans http content).

I don't know if you might find this helpfull - Vista Firewall Control, check out this topic for some user friendly help for the Vista Firewall, Outbound protection, http://forum.avast.com/index.php?topic=30234.0

[oldman]

What I've done with other firewalls to catch this elusive little guy. I waited for an auto update to occur, then answered yes and remember answer. This put the file name in the firewall's allowed list. from there it can be configured. Maybe this will also work with Vista's firewall?

[Lisandro]

Into the firewall settings, the following programs should be allowed to connect:

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.

Don't need rights to connect:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service). Although, ashServ.exe sends ping packets to find out if the Internet connection is alive. You can turn this off by checking the "My computer is permanently connected to the Internet" box in the avast Program Settings > Update (Connections) page.

[jellaby]

You are telling me stuff I already know.    I know that avast.setup is created and goes away when there is an update.  It's in my original post.  Apparently this file needs to get through Vista's firewall to run the updates for Avast, and I need to create an outbound rule to allow it to do so.  I'm not sure how to do that.  I've made rules for all the other files mentioned in the other replies (and more), so I know it is not those. 

Vista's firewall does not alert when an outbound program tries to connect to the internet, so I have no way of knowing when Avast is updating, and more importantly, I have no option to make the exception.

Do you see the problem?   

[Lisandro]

Yes, I can only tell you that setup.ovr file from <avast>\setup folder is 'transformed' into avast.setup. This file, and not an executable, connects the Internet to update. This transformation, as far I know, is done by VisthUpd.exe at system account.
More, only the programmers could say. Sorry if I'm not being useful.

[DavidR]

If Vista firewall allows you to just enter the full path to the file (rather than navigate to it) then copy and paste this path, C:\Program Files\Alwil Software\Avast4\Setup\avast.setup, avast.setup isn't an exe file. This assumes you installed avast in the default location.

[jellaby]

Thanks, guys.  I will try it this evening.  I apologize if I sounded snippy.  I do appreciate your help.

[DavidR]

No problem, welcome to the forums.

Good luck.

[Lisandro]

I apologize if I sounded snippy.

Don't worry

[oldman]

Yes, let us know if that will work. Hmm, just learned something about vista firewall. 

[jellaby]

I got it working!    For anyone who may stumble on this post in the future:

I followed the directions found at this link to block all outbound connections through windows firewall.
http://www.komando.com/tips/index.aspx?id=2973
The document tells you in a very clear way how to create rules to allow outbound programs to go through the firewall.  I created a rule for every .exe file that was in the Avast folder in my Program files.  I probably didn't need to do it for every one, but it was easier than trying to figure out which ones didn't need it. 

Then, I couldn't update.  Avast tried to connect to the server, but was being blocked by the firewall.  I only knew it was the firewall because it updated fine before I followed the directions to block all outbound connections, as Vista's firewall does not alert when a program attempts to connect and is blocked. 

The problem is, that when Avast updates, it needs a specific file called avast.setup to connect to the server.  It is located in the "Setup" folder.  To create a rule for it, in the rule making wizard, I could not browse to choose the program, because avast.setup is not an .exe file.  So, I did what DavidR said to do above: type in the path to the file, instead of navigating to it.  That did the trick.  I feel somewhat silly for not trying that, but oh well.  Live and learn. 

Now if only I could figure out how to allow a Windows Update without creating an outbound rule for svchost.exe, which I am told creates a vulnerability. 

Many thanks, gents.

[oldman]

Glad you got it going. I have a question.

Since vista firewall doesn't ask/notify when something is trying to access the internet, what happens when that particular exe is modified? Is there a provision in the firewall to notify you something has changed?

For example, when the avast program is updated, webshield for example, is a different version. Most firewalls will notify you that it has changed since you last used it. It will not be allowed access until you allow it. Question is, does vista firewall allow for this, or does it block/allow according to name and path?

Just trying to learn a bit about this firewall.

[Lisandro]

Since vista firewall doesn't ask/notify when something is trying to access the internet, what happens when that particular exe is modified? Is there a provision in the firewall to notify you something has changed?

No there isn't... the check is done only by the path basis.