can't update virus database from behind _hardware_ firewall

[krebstar]

I've been using avast home for quite some time, but after installing a hardware firewall I've noticed that my antivirus database can no longer update, either automatically or manually.  When attempting a manual update, I get this:

Information about current update:
Total time: 13 s
Server: download96.avast.com (75.126.130.170)
Downloaded files: 3 (0.03 KB)
Download time: 7 s

After checking my firewall's logs, I've noticed that it's catching null payloads (basically pings) to various destinations which, after looking up the host, seem to be avast servers.  I'd hate to have to create a rule to permit all null payloads out of my systems, but the addresses that avast seems to attempt communication with seem to be fairly random.  If any of you out there are also using a hardware firewall, have you had this trouble?  Is there a suggested workaround?  I should note that I did try to allow outgoing traffic to only the address specified above (75.126.130.170), but it didn't work.

(Before suggesting that I allow outbound communication from a particular application, please be aware that hardware firewalls are different than software firewalls and they know nothing of the applications on your system.  Instead, they only analyze traffic.  Therefore, a hardware firewall can't be configured to allow outbound traffic from a particular avast exe or dll).

Thanks in advance for any help anyone can give...

[Lisandro]

I'd hate to have to create a rule to permit all null payloads out of my systems, but the addresses that avast seems to attempt communication with seem to be fairly random.

Yes, that's the point, fortunately I'll say, because other antivirus release updates with so few servers that we can't update easily and fast.

The file servers.def has these information that is constantly updated, i.e., the IP list can (in fact it does) change.
Path: C:\Program Files\Alwil Software\Avast4\Setup\servers.def
If you want, you can download the servers.def file: http://files.avast.com/iavs4x/servers.def

[DavidR]

You say there is no outbound checking yet you also say "I've noticed that it's catching null payloads (basically pings) to various destinations which, after looking up the host, seem to be avast servers." So something is checking outbound connections.

This is where the flexibility of a software firewall allowing an application and port, etc.

Here is a extract of my firewall log Outpost Pro it may help you with a more general rule.

[krebstar]

Oh, it definitely checks outbound traffic.  It just can't correlate the traffic to an application (such as avast.setup).

You say there is no outbound checking yet you also say "I've noticed that it's catching null payloads (basically pings) to various destinations which, after looking up the host, seem to be avast servers." So something is checking outbound connections.

This is where the flexibility of a software firewall allowing an application and port, etc.

Here is a extract of my firewall log Outpost Pro it may help you with a more general rule.

[krebstar]

I solved the problem by turning off Avast's automatic network detection, which was sending out pings looking for a proxy server.

[DavidR]

Thanks for the feedback it may help others in the future.

Though I believe it should be set to Direct connection (no proxy) by default.