Hello, this is a sequel to
Internet security blocking a port.
Even by accepting the one-blocked-one-passed behavior (which is just annoying) I've managed to get my job done.
At this point, some additional introduction is needed. I'm an hobbyist software developer and I'm now working on some open source software. It is now time to release and I had to prepare the installer (NSIS for the time being). The installer uses
netsh with admin privileges to set up a windows firewall exception.
I have verified the firewall exceptions are correctly installed and removed (in the windows firewall).
Problem is how avast reacts.
- If I install a win firewall exceptions (both send and listen ports) windows firewall will not complain. Avast does not complain either, except connection will not succeed.
- If firewall exceptions are not installed then windows will ask for permissions. Avast will also ask for permissions, which is the right thing to do. If both permissions are given, connections will be successful.
Neither behavior is ideal but (1) is particularly broken: somehow avast decides to not complain because... the windows firewall is already set? This leaves the user no chance to know what's going wrong.
Because of various reasons, I've decided to go with (2), which at least makes some sense but... this is in both cases very invasive. It sounds like "if you are a not well known application you don't have the right to run properly".
Please reconsider your blocking policies.
