Re point 1 in the first post - I hope I understand the question, and if yes, here's what I can add, and I hope it really is related.
TCPview might help you see what Avast is doing..
I don't know if avast v9 aka 2014 still uses local host proxy ports, but if it does, this is my v8 list in the firewall
by TCP to Remote IP = 121.0.0.1 (localhost) on these ports:
12025 avast mail 25 proxy
12080 avast http 80 proxy
12110 avast mail 110 proxy
12119 avast mail(?) 119 proxy
12143 avast mail 143 proxy
12465 avast SSL mail 465 proxy
12563 avast SSL mail 563 proxy
12993 avast SSL mail 993 proxy
12995 avast SSL mail 995 proxy
27275 avast games(?)
proxy
Allow internet facing programs to use the http proxy for webshield, block all other programs.
Allow mail programs to the mail proxy ports, block all other programs.
Avast service will be listening to those proxy ports and it, not the application, will make connections.
If that's not what you're after, my apologies