I'm using the trial version of avast! Internet Security 6.0, and I noticed a few strange things (which may be bugs) when testing the firewall rules. I use Remote Administrator 3.4 server, and when the RA service was started, IS automatically created the appropriate firewall packet rule to allow incoming traffic.
If I change the RA "Internet In" packet rule from Allow to Block, and then try to connect, then the connection is blocked (as it should be). For each blocked connection attempt, the firewall log shows the local and remote address and port, but the Application field is blank (so there's no way to know which rule caused the block).
Here's where it gets strange. If I restart the RA service while the rule is set to Block, then the firewall log will show a Block entry with the time set to the time the service was restarted, the local and remote addresses set to 0.0.0.0, the remote port set to 0, and the application set to the program's path/filename. From that point forward, IS will block connection attempts without adding a Block entry to the firewall log (so you won't know if anyone tries to connect), and IS will continue to block connection attempts even after you change the rule to Allow. The "Network Connections" tab shows RA listening on port 4899, but the firewall is blocking the connection attempt, even though the rule is set to Allow.
In order to allow connections again, you have to change the packet rule to Allow and then restart the RA service. If you do not restart the RA service while the packet rule is set to Allow, then IS will continue to silently block connection attempts. This will be very confusing to the user because the active (in-use) firewall policy will not match the rules displayed on the firewall's application rules screen.
For info, I'm using WinXP SP2 with the Windows Firewall turned off.
