Author Topic: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting  (Read 3507 times)

0 Members and 1 Guest are viewing this topic.

Offline Scott503

  • Newbie
  • *
  • Posts: 6
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #15 on: October 31, 2021, 02:26:16 AM »
I should be more specific: is there any detriment to allowing the TCP/UDP inbound connections. Yours isn't having any issues but yours is still on Block, as per the default. I want to make sure having it on Allow won't cause any issues, whether it is functional issues or other security issues. It seems like your answer in your second point means that giving Avast the Allow function in the advanced settings isn't dangerous or bad, it's just functionally useless (hence the giving a friend I trust a key to the door they don't need since they're already using the other door) and thus won't cause any problems.

You mentioned the taskbar processes, so I attached a screenshot of all the Avast-related task background processes for shits and gigs, if maybe this provides any other insight.
I'd leave those alone even Windows Defender UI has those blocked by default.

Offline Dinobot2

  • Sr. Member
  • ****
  • Posts: 390
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #16 on: October 31, 2021, 02:31:11 AM »
By leave them alone, you mean change them back to Block? (currently on Allow. Nothing else in the settings for those were changed, however).

Offline Scott503

  • Newbie
  • *
  • Posts: 6
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #17 on: October 31, 2021, 02:34:12 AM »
By leave them alone, you mean change them back to Block? (currently on Allow. Nothing else in the settings for those were changed, however).
Yep AvastUI doesn't use them and by having them on Allow could make you more vulnerable. The only time you ever change Firewall settings is when it's absolutely necessary.

Offline Dinobot2

  • Sr. Member
  • ****
  • Posts: 390
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #18 on: October 31, 2021, 02:38:13 AM »
Will do, Thanks!

Another stupid question though: if Avast doesn't use TCP or UDP, what do they use? Googling "what protocols does Avast use" didn't give me any answer.
« Last Edit: October 31, 2021, 02:46:38 AM by Dinobot2 »

Offline Scott503

  • Newbie
  • *
  • Posts: 6
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #19 on: October 31, 2021, 02:23:49 AM »
Will do, Thanks!

Another stupid question though: if Avast doesn't use TCP or UDP, what do they use? Googling "what protocols does Avast use" didn't give me any answer.
Not sure but generally AV companies don't usually make the protocols they use public for obvious reasons. Or at least I haven't heard of any doing that.

But definitely some form of encrypted communication.
« Last Edit: October 31, 2021, 02:41:12 AM by Scott503 »

Offline Dinobot2

  • Sr. Member
  • ****
  • Posts: 390
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #20 on: October 31, 2021, 02:38:06 AM »
Someone on the WindowsHelp subreddit (I know I know, like saying "my friend's cousin's neighbour's coworker", so take with a grain of salt I guess) said that it's likely Avast is acting as a "service hooked deep into Windows" if it's able to function without TCP/UDP connections allowed. Does that mean it's basically being treated like a Windows service/process instead of a third party app? For example, Avast is recognized by Windows Security as the core antivirus software that overrides the Windows Defender Antivirus, so maybe it's being treated as "part of Windows" that connection through the firewall through TCP/UDP isn't necessary for that reason?

I admit this is all just speculation and banter on my end, but one piece of information leads to another set of questions, etc.

Offline Scott503

  • Newbie
  • *
  • Posts: 6
Re: Avast Antivirus inbound 'rules' in Windows Defender Firewall setting
« Reply #21 on: October 31, 2021, 02:40:55 AM »
Someone on the WindowsHelp subreddit (I know I know, like saying "my friend's cousin's neighbour's coworker", so take with a grain of salt I guess) said that it's likely Avast is acting as a "service hooked deep into Windows" if it's able to function without TCP/UDP connections allowed. Does that mean it's basically being treated like a Windows service/process instead of a third party app? For example, Avast is recognized by Windows Security as the core antivirus software that overrides the Windows Defender Antivirus, so maybe it's being treated as "part of Windows" that connection through the firewall through TCP/UDP isn't necessary for that reason?

I admit this is all just speculation and banter on my end, but one piece of information leads to another set of questions, etc.
Or it's also possible it unblocks itself when it needs to and then puts the block back on when it's done doing what it had to do.

But yes it's possible it's using WSUS to get through the firewall.
« Last Edit: October 31, 2021, 03:10:00 AM by Scott503 »