Author Topic: Firewall Logs  (Read 3798 times)

0 Members and 1 Guest are viewing this topic.

Offline Wittmann

  • Pegasus
  • Sr. Member
  • ****
  • Posts: 228
  • Retired professional engineer BSc.Eng M.I.Mech.E
Firewall Logs
« on: May 14, 2015, 12:30:13 PM »
I have been using PrivateFirewall for a long time and it works perfectly for me, does a fine job.
 
When I recently changed my AV from AVG 2015 Free to Avast Free, the number of FW logs increased enormously. On checking the Local IP`s they are all private addresses. My FW blocks them. If I rate these IP`s as "trusted", it reduces the number of logs, but as the Remote IP`s often differ for the same Local IP`s, the logs keep coming.
 
I  see no reason to rate IP`s as "trusted" when I do not know what they are, who they belong to or what they are trying to do.

Why did this happen when I changed my AV to Avast and how can I stop it ?

This avalanche of FW logs only happened when I installed Avast.
 
My puzzle is that if Avast is generating these private IP`s for some process reason, then my FW is blocking them - Catch 22. Does that mean Avast is being restricted ? I have no idea what all these IP`s mean or what they are supposed to be doing.
 
An example is shown below. Most of these logs appeared whilst my PC was on Standby. The up arrow is outgoing and the down arrow is incoming.

UTRINQUE PARATUS
Windows 10 version 20H2 - Avast free AV - ZoneAlarm Firewall

REDACTED

  • Guest
Re: Firewall Logs
« Reply #1 on: May 14, 2015, 01:05:36 PM »
You probably had a learning mode when you first installed the firewall software and it allowed AVG.  Now that you've switched AV's it's trying to block everything from Avast.

Put the following exceptions in Outbound:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe

Offline Wittmann

  • Pegasus
  • Sr. Member
  • ****
  • Posts: 228
  • Retired professional engineer BSc.Eng M.I.Mech.E
Re: Firewall Logs
« Reply #2 on: May 14, 2015, 05:00:13 PM »
You probably had a learning mode when you first installed the firewall software and it allowed AVG.  Now that you've switched AV's it's trying to block everything from Avast.

Put the following exceptions in Outbound:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
Thank you for that.
The only place in PFW to put this kind of data is :-
settings>advanced>detected applications>parents>processes

Currently lists :-
Parents


Processes


AVAST Software\Avast\setup\instup.exe is not there, I will add it. The others on your list are there.

UTRINQUE PARATUS
Windows 10 version 20H2 - Avast free AV - ZoneAlarm Firewall

Offline Wittmann

  • Pegasus
  • Sr. Member
  • ****
  • Posts: 228
  • Retired professional engineer BSc.Eng M.I.Mech.E
Re: Firewall Logs
« Reply #3 on: May 19, 2015, 10:21:03 AM »
What exactly does training mode do ?
UTRINQUE PARATUS
Windows 10 version 20H2 - Avast free AV - ZoneAlarm Firewall

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88755
  • No support PMs thanks
Re: Firewall Logs
« Reply #4 on: May 19, 2015, 04:01:52 PM »
What exactly does training mode do ?

Many firewalls have a training/learning mode, you can set it in some cases (7 days or so). Basically it monitors your activity, what processes that access the internet and what/how they do that and create rules to allow that activity.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Wittmann

  • Pegasus
  • Sr. Member
  • ****
  • Posts: 228
  • Retired professional engineer BSc.Eng M.I.Mech.E
Re: Firewall Logs
« Reply #5 on: May 19, 2015, 09:20:41 PM »
What exactly does training mode do ?

Many firewalls have a training/learning mode, you can set it in some cases (7 days or so). Basically it monitors your activity, what processes that access the internet and what/how they do that and create rules to allow that activity.
Thanks for that. Perhaps when training has finished, the number of logs will reduce. i have set training for 3 days at the moment, you can have 7 or 14 days.
Almost all the blocked logs are ICMP or IGMP.
« Last Edit: May 19, 2015, 09:22:46 PM by wittmann44 »
UTRINQUE PARATUS
Windows 10 version 20H2 - Avast free AV - ZoneAlarm Firewall

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88755
  • No support PMs thanks
Re: Firewall Logs
« Reply #6 on: May 19, 2015, 11:06:08 PM »
Well ICMP is Internet Control Message Protocol and Internet Group Management Protocol, try a search on those to find out more detail on what may be using them.

I would have thought the firewall logs would give more information on, the process making the connection and the domain/IP address it is trying to access. Without full information it is almost impossible to speculate as to the reason for these connections.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48461
  • 63 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Firewall Logs
« Reply #7 on: May 20, 2015, 12:25:47 AM »
A place to find many tools that may help:
https://wiki.wireshark.org/Tools
Way beyond my knowledge but, they certainly have a lot of tools. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet