Remote Access Shield exceptions do not work?

[Tom610]

Is anyone aware of mailfunction for exceptions within Remote Access Shield of the Avast managed by the hub?

I have a customer with mobile devices (Laptops) where we enabled RAS. Customer is using some kind of software distribution solution and has setup the IP address of this server as an exclusion but Avast RAS is still blocking it. We can see that in the hub mails and of course in the antivirus reports...

I guess RAS is independent from the Avast firewall so exclusions should work regardless of firewall settings?

What I found within Avast online help is this: https://businesshelp.avast.com/Content/Products/AfB_Antivirus/ConfiguringSettings/RemoteAccessShield.htm?Highlight=remote%20access%20shield
and this:

FAQ: If I enable "Block all connections except the following" and add the IP address I want to allow, why is the connection still blocked?

The option is not a true "exception" list, brute-force detections will not be overridden by the list. In most cases, there is a misconfigured device in the network causing false alerts.

If there is an incorrect block, contact Avast Business Support.

I don't get this... if this is not an exception list then why does this option exist? 

[Infratech Solutions]

More info: https://businesshelp.avast.com/Content/Products/AfB_Management_Consoles/ConfiguringSettingsandPolicies/RemoteAccessShield.htm

[Tom610]

Thanks@ Infra!!!

@Avast: You gotta be kidding me?!?

I mean this setting is just for allowing RDS connections!!!!!

One point that I must admit: I was so naive to assume that I could rely on the menu description to some extent. Of course, I should have researched more thoroughly.

On the other hand, software developers and product managers should design their applications to be as intuitive and logical as possible and structure the menu accordingly. Only in this way can it be ensured that an application can be used easily and user-friendly.

My suggestion at this point, which I will of course present to the Product Board: move this setting directly under "Enable RDP Protection" so that it is unequivocally clear that this setting can only be used for that purpose.

In addition, I would like to propose an exception option for the entire component in the interest of the customers. As it stands, I am unfortunately forced to either completely disable the component in the policy, create a separate policy, or enable policy override for individual clients. None of these three alternatives are truly viable solutions but rather workarounds that render this protection component absurd.