I create corresponding FD rules for avast.setup, avast.ovr, ashdisp.exe and aswserv.exe.
avast.setup is a temporary file created in each update, so, if you're excluding it from SensiveGuard checking, ok. If not, is SensiveGuard checking it in fact? I don't think so.
Into the firewall settings, the following programs should be allowed to connect:
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.
Don't need rights to connect:
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service)
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashdisp.exe (icon on system tray)