Author Topic: AIS firewall: auto-decide mode question(s)  (Read 9208 times)

0 Members and 1 Guest are viewing this topic.

Offline Hexo

  • Full Member
  • ***
  • Posts: 131
    • Blog
Re: AIS firewall: auto-decide mode question(s)
« Reply #15 on: January 07, 2011, 07:59:03 AM »
There is no really whitlist?
Thats very bad.
So i have to change my firewallsettings to the "ask mode".
I thought, that the avast! FW is as good as the Gdata FW. But i see, that isn´t true.

I would be better to have an global "community" whitslist with trusted programms, and each other programm has to ask if it want to connect to the www.
Main PC: Windows 7 64bit, Core I5 2500K, F-Secure IS2012
Notebook: Dell XPS 1530, Windows 7 64bit, Kaspersky IS 2012
Second PC: Windows XP 32bit, F-Secure IS2011 | Asus Eee PC 1000H: Windows XP 32bit, avast! IS

Offline superhumanbean

  • Poster
  • *
  • Posts: 414
Re: AIS firewall: auto-decide mode question(s)
« Reply #16 on: January 07, 2011, 08:30:42 AM »
There is no really whitlist?
Thats very bad.
So i have to change my firewallsettings to the "ask mode".
I thought, that the avast! FW is as good as the Gdata FW. But i see, that isn´t true.

I would be better to have an global "community" whitslist with trusted programms, and each other programm has to ask if it want to connect to the www.


There is a whitelist... Where did you hear that there wasn't? ??? I don't think that its a community whitelist though. As said, it is managed by avast.
On a side note, I found that Gdata's firewall service could be disabled at startup (either manually, or if a piece of malware gets through). I don't know if they fixed that.

GG
Windows 10 Pro 64-bit / Intel Core i7-7700HQ CPU / 16 GB RAM / Avast Ultimate / MBAM Free

Offline Hexo

  • Full Member
  • ***
  • Posts: 131
    • Blog
Re: AIS firewall: auto-decide mode question(s)
« Reply #17 on: January 07, 2011, 08:54:37 AM »
I looked up in the manuel and there is no information about a whitlist.
Did you ever notice a "Firewall" block?
Main PC: Windows 7 64bit, Core I5 2500K, F-Secure IS2012
Notebook: Dell XPS 1530, Windows 7 64bit, Kaspersky IS 2012
Second PC: Windows XP 32bit, F-Secure IS2011 | Asus Eee PC 1000H: Windows XP 32bit, avast! IS

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: AIS firewall: auto-decide mode question(s)
« Reply #18 on: January 07, 2011, 09:28:59 AM »
Quote
Did you ever notice a "Firewall" block?

yeah once... recently, an unexplained inbound connection
w7 - ais7

Offline Hexo

  • Full Member
  • ***
  • Posts: 131
    • Blog
Re: AIS firewall: auto-decide mode question(s)
« Reply #19 on: January 07, 2011, 09:47:40 AM »
LOL.
Any outbound blocks?
Main PC: Windows 7 64bit, Core I5 2500K, F-Secure IS2012
Notebook: Dell XPS 1530, Windows 7 64bit, Kaspersky IS 2012
Second PC: Windows XP 32bit, F-Secure IS2011 | Asus Eee PC 1000H: Windows XP 32bit, avast! IS

Offline logos

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 9442
Re: AIS firewall: auto-decide mode question(s)
« Reply #20 on: January 07, 2011, 10:04:45 AM »
LOL.
Any outbound blocks?

no, no reason to either, must download a trojan first before you see this happen...if it's intercepted by the fw, which as I saw in a recent case here may not be the case at all (not mentioning tha AV that doesn't always do its job either with rogues). And legit apps, unless infected or hacked, rarely attempt to establish forbidden connections.
w7 - ais7

Offline Hexo

  • Full Member
  • ***
  • Posts: 131
    • Blog
Re: AIS firewall: auto-decide mode question(s)
« Reply #21 on: January 07, 2011, 10:38:09 AM »
[ironic]When a trojan try to connect... normaly it is the job of the antivirus to kill the trojan ^^
What is, when a trojan use a programm like a browser to connect the internet? The Firewall sees only the conection of the browser ^^ [/ironic]

Did someone test the Firewall with an infected system?
Main PC: Windows 7 64bit, Core I5 2500K, F-Secure IS2012
Notebook: Dell XPS 1530, Windows 7 64bit, Kaspersky IS 2012
Second PC: Windows XP 32bit, F-Secure IS2011 | Asus Eee PC 1000H: Windows XP 32bit, avast! IS

Offline smage

  • Jr. Member
  • **
  • Posts: 43
Re: AIS firewall: auto-decide mode question(s)
« Reply #22 on: January 08, 2011, 06:19:07 AM »
To me it seems like this.

In auto decide mode, all programs which are detected by the AV will also be blocked by the firewall while all programs which are classified as clean by the AV will be automatically allowed.  Now there might also be some behavioral analysis to determine if files are performing malicious activities.

All suites do the same thing because users do not want to answer alerts.
For real protection, you have to switch to ask mode.

Offline CBell

  • Full Member
  • ***
  • Posts: 151
Re: AIS firewall: auto-decide mode question(s)
« Reply #23 on: January 08, 2011, 08:23:04 AM »
I think this would help explain a bit better: http://forum.avast.com/index.php?topic=64233.msg548190#msg548190
Win7 64bit / Avast Premier / Malwarebytes Pro