Avast Asking for Incoming Connection Permission in Firewall

[REDACTED]

I have the Avast Security free version for Mac, which is now asking my MacOS firewall for incoming connection permission, specifically "com.avast.proxy". Why would Avast need permission for INCOMING connections? Thanks!

[REDACTED]

I've had the same thing start up in the past day with Little Snitch. Tons of connections through com.avast.proxy that I'd never seen before, and basically makes it useless. What the heck just changed?

[REDACTED]

I've had the same thing start up in the past day with Little Snitch. Tons of connections through com.avast.proxy that I'd never seen before, and basically makes it useless. What the heck just changed?

Yes tons of outgoing requests from Avast, which I'm not as concerned about, although still strange that it needs so many. I don't see why Avast would ever need incoming permissions though, unless for some sort of push updates, but Avast checks for those on a schedule as far as I know. It would be nice if staff could respond with some info.

[REDACTED]

It would be great if one of the staff could shed some light on this!

[jakub.bednar]

We did this to solve a problem with Safari and printers on local network. Bonjour protocol finds the printer and returns an IP + an interface on the machine to use to send the data through. When we redirected the connection to a port listening on localhost, it was immediately dropped by macOS and it just did not work. So we have opened one port on each interface and are redirecting connections to the correct interface.

I have just installed Little Snitch 4.0 demo and I do not see any incoming connections to the proxy at all. I have seen requests for outgoing connections and that is correct as the proxy is connecting to the servers on behalf of the browser to inspect the data.

Jakub

[REDACTED]

We did this to solve a problem with Safari and printers on local network. Bonjour protocol finds the printer and returns an IP + an interface on the machine to use to send the data through. When we redirected the connection to a port listening on localhost, it was immediately dropped by macOS and it just did not work. So we have opened one port on each interface and are redirecting connections to the correct interface.

I have just installed Little Snitch 4.0 demo and I do not see any incoming connections to the proxy at all. I have seen requests for outgoing connections and that is correct as the proxy is connecting to the servers on behalf of the browser to inspect the data.

Jakub

Here is the request from MacOS firewall for incoming connection that I get every time I start my Macbook and intermittently when it's on. If I understand correctly, your explanation applies to outgoing connections only?

[jakub.bednar]

Hello,

I still can't reproduce the issue. I'll try to be more specific and hopefully we can come up with the root of the cause. I have the following questions.

1. What version of macOS are you using?
2. Do you have problem with Little Snitch or macOS built-in firewall?
3. If it is Little Snitch, can you send me its version?
4. If it is macOS built-in firewall, what are your settings?

What you can do for now is to try and "Deny" the incoming connections to the proxy. I suppose it should not block our local redirected connections and we really do not want to get any connection from outside. After you do that, please try whether you can browse Internet or not. If you can, I suppose there is a permanent way how to set the "Deny" option so you do not get bothered anymore.

If you can't use the internet, than try to find a way how to permanently "Allow it". Although we keep open ports, any connection that was not redirected from our driver is automatically rejected so you should not be in any security risk.

Best regards,

Jakub

[jakub.bednar]

Hi again,

so I have managed to get the built-in firewall popup from your screenshot. I denied the access and everything seems to work as expected.  For some reason the built-in firewall pops this permission dialog when the socket is created and not when someone is trying to actually connect to it.

Unfortunately I did not find a way how to add the proxy to the DENY list permanently so it does not ask after reboot. I think we have a solution though. We can try to setup the built-in firewall before we open the socket so the pop-up should not appear. In the mean time, our application is properly signed so you can check the "Automatically allow signed software to receive incoming connections" checkbox and the popup will go away.

Please let us know more details in case you have problems with some 3rd party firewall SW as well so we can test it.

Best regards,

Jakub

[sabgigo]

I have noticed that com.avast.proxy in the macOS Mojave firewall resets from "Allow incoming connections" to "Block incoming connections" frequently - I'm not certain but I believe that it reappears with every avast update (I use the free version - sorry).
I like to have my settings for my Mac "clean", so it is an annoyance that I always see "Block incoming connections"; changing it to "Allow incoming connections" won't stick.
Maybe there is some way to correct this issue, but I have as yet to find it. Any suggestions would be appreciated.

[ondrej.kolacek]

Hello,
Avast Proxy currently listens for incoming connections on public interfaces, however these connections are only initiated locally on the machine (our kernel extension needs to work around limitations of Apple's infrastructure, thus listening on localhost is not enough). Due to this workaround, we have started to trigger popups from Apple's firewall. Because of this, we set firewall rules for proxy as deny; this prevents outside connections from probing the ports opened by proxy, which is safer.
I recommend not changing the deny rule.
Kind regards,
Ondrej Kolacek