Windows Server - Firewall rules for Avast ping home?

Asked By AndyHancock

12-Apr-08 06:29 PM

Crossposted to http://forum.avast.com/index.php?topic=34656.0

I just installed Avast antivirus (home edition).  According to the
online help, I should configure the firewall to allow access to

* URL: http://www.asw.cz/iavs4pro
IP: 195.70.130.34

* URL: http://www.avast.com/iavs4pro
IP: 64.246.6.135

* URL: http://www.iavs.net/iavs4pro
IP: 207.44.156.15

* URL: http://www.iavs.cz/iavs4pro
IP: 62.168.45.69

According to
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25,
the programs that should be allowed access are

* avast.setup
* avastXX.setup (where "XX" are some numbers)
* aswUpdSv.exe
* ashServ.exe
* ashWebSv.exe

However, I'm getting firewall access requests that correspond to
neither the IP addresses or applications listed above.  The requests
are pings (ICMP[8]) to sl2XX.avast.com, where X varies from 09 to 14
(and probably beyond, except that I got tired of them and created a
blocking rule).  The IP addresse are 75.126.203.67-72.  There was also
one to sl205.avast.com (75.126.130.172).  The firewall lists the
application as tcpip kernel driver.

I haven't found any information on legitimate IPs for the pings.  Do I
have to open up the firewall to all outgoing pings?  What is the
impact on Avast functionality or updatability if I don't?

Security Discussions

AvastXX.setup
(1)

Firewall
(1)

Avast
(1)

Viewarticle
(1)

Kbarticleid
(1)

Avast.setup
(1)

Iavs4pro
(1)

Tohttp
(1)

AndyHancock replied...

13-Apr-08 11:48 PM

I've brought this discussion over to the Avast forum under
http://forum.avast.com/index.php?topic=34656.0.  With luck, it will be
feasible for Avast to provide a complete set of firewall rules
(fingers crossed).

---------- Forwarded message ----------
From: AndyHancock <AndyMHanc...@gmail.com>
Date: Apr 12, 3:12 am
Subject: Firewall rules for Avast ping home?
To: microsoft.public.security

Crossposted tohttp://forum.avast.com/index.php?topic=34656.0

I just installed Avast antivirus (home edition).  According to the
online help, I should configure the firewall to allow access to

* URL:http://www.asw.cz/iavs4pro
IP: 195.70.130.34

* URL:http://www.avast.com/iavs4pro
IP: 64.246.6.135

* URL:http://www.iavs.net/iavs4pro
IP: 207.44.156.15

* URL:http://www.iavs.cz/iavs4pro
IP: 62.168.45.69

According tohttp://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kb...,
the programs that should be allowed access are

* avast.setup
* avastXX.setup (where "XX" are some numbers)
* aswUpdSv.exe
* ashServ.exe
* ashWebSv.exe

However, I'm getting firewall access requests that correspond to
neither the IP addresses or applications listed above.  The requests
are pings (ICMP[8]) to sl2XX.avast.com, where X varies from 09 to 14
(and probably beyond, except that I got tired of them and created a
blocking rule).  The IP addresse are 75.126.203.67-72.  There was also
one to sl205.avast.com (75.126.130.172).  The firewall lists the
application as tcpip kernel driver.

I haven't found any information on legitimate IPs for the pings.  Do I
have to open up the firewall to all outgoing pings?  What is the
impact on Avast functionality or updatability if I don't?

Previous Discussion: security system

Windows Server Remote Web Workplace - Cannot Connect to Server Desktop, but can use outlook web access, timing out or network error, sbs2003.

possible network problems. . . please try again later. if the problem persists please contact admin. Router Firewall - uPnP, now manually entered: Today I was trying to setup the router using the uPnP solution. The firewall rules in the uPnP table would vanish whenever the router was updated or that table So today I went through the wizard and manually entered the same rules into the firewall. The rules remained after I power cycled the router. Everything seemed to work ok on the IP had already changed! :-( My theories: 1 - I've missed something on the router firewall setup. 2 - There is a problem with the certificate, and this is causing the auth 20 problems. . . please try again later. if the problem persists please = contact = 20 admin. Router Firewall - uPnP, now manually entered: Today I was trying to setup the router using the uPnP solution. The = 20 firewall rules in the uPnP table would vanish whenever the router was = 20 updated or that today I = went = 20 through the wizard and manually entered the same rules into the = firewall. = 20 The rules remained after I power cycled the router. Everything seemed = to = 20 work the IP had already changed! :-( My theories: 1 - I've missed something on the router firewall setup. 2 - There is a problem with the certificate, and this is causing the = auth

Windows Server sbs2008 dns issue

and had our provider point it to our public address, opened the ports on the firewall and natted to the inside address. I think I am missing a step somewhere on and had our provider point it to our = public address, opened the ports on the firewall and natted to the = inside = 20 address. I think I am missing a step somewhere the outside. I have the ports open as in the = book on the router and firewall. . Glad to hear that you are enjoying the book? when you're checking the outside had our provider point it to = our = 20 public address, opened the ports on the firewall and natted to the = inside = 20 address. I think I am missing a step somewhere 3DContent-Type> have the = 20 ports open as in the book on the router and firewall. . < / FONT> < / DIV> style = 3D"BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; = PADDING-RIGHT: 0px the outside. I have the ports open as in the = book on the router and firewall. . Glad to hear that you are enjoying the book? when you're checking the outside had our provider point it to = our = 20 public address, opened the ports on the firewall and natted to the = inside = 20 address. I think I am missing a step somewhere 20 = I have the = 20 ports open as in the book on the router and firewall. . < / FONT> < / DIV> style = 3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT

Windows Server allow standard user to install drivers

pda.intrabeg.net Group Policy slow link threshold: 500 kbps Applied Group Policy Objects - -- -- -- -- -- -- -- -- -- -- -- -- -- -- CLOCK FIREWALL SECURITE MESSENGER RIS HOTFIX Default Domain Policy The following GPOs were not applied because they N / A File System Settings - -- -- -- -- -- -- -- -- -- - N / A Public Key Policies - -- -- -- -- -- -- -- -- -- N / A Administrative Templates - -- -- -- -- -- -- -- -- -- -- -- - GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ StandardProfile \ GloballyOpenPorts \ List State: Enabled GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ DomainProfile \ IcmpSettings State: Enabled GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ StandardProfile \ GloballyOpenPorts \ List State: Enabled GPO: HOTFIX Setting: Software \ Policies WindowsUpdate \ AU State: Enabled GPO: CLOCK Setting: Software \ Policies \ Microsoft \ W32time \ Config State: Enabled GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ DomainProfile \ GloballyOpenPorts State: Enabled GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ StandardProfile \ IcmpSettings State: Enabled GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ StandardProfile \ GloballyOpenPorts \ List State: Enabled GPO: MESSENGER RIS Setting: Software Client State: Enabled GPO: HOTFIX Setting: Software \ Policies \ Microsoft \ Windows \ WindowsUpdate \ AU State: disabled GPO: FIREWALL Setting: SOFTWARE \ Policies \ Microsoft \ WindowsFirewall \ DomainProfile \ AuthorizedApplications \ List State: Enabled GPO: FIREWALL Setting: SOFTWARE \ Policies

Windows Server CEICW fails at network

for IPropertyPagePropertyBag () returned ok. Call to Initializing the StringrayUtil () returned ok. Call to Reading the firewall selection () returned ok. Firewall selection: 0 Call to CStingrayCommit::ValidatePropertyBag () returned ok. 13 / 04 / 2007 3:48 PM C for IPropertyPagePropertyBag () returned ok. Call to Initializing the StringrayUtil () returned ok. Call to Reading the firewall selection () returned ok. Firewall selection: 0 Call to CStingrayCommit::ValidatePropertyBag () returned ok. Call to Validating the property bag () returned returned ok. Call to Doing general configuration () returned ok. 13 / 04 / 2007 3:48 PM Firewall Rule: SBS DHCP Client Cannot find the firewall rule, ignoring the error Firewall Rule: SBS HTTP 80 Out CustomFilter Cannot find the firewall rule, ignoring the error Firewall Rule: SBS FTP 20 In CustomFilter Cannot find the firewall