This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Advanced Firewall Settings

This Article Applies to:

  • Avast Business CloudCare

IMPORTANT: The CloudCare console does not support opening multiple tabs in the same browser session. Please use multiple browsers or incognito mode instead.

 

Avast Firewall is another major component of Antivirus protection offered alongside Core Shields, and it is available for Windows workstations. Our Firewall monitors all network traffic between devices and the outside world to help protect you from unauthorized communication and intrusions.

 

The following advanced features are available for Avast Firewall:

  • Leak Protection: Helps protect the device from leaking potentially sensitive data by enabling packet rules to block certain types of communication.
  • Port Scan Alerts: Warns about detected hacker and/or malware attempts to scan the device for open ports.
  • ARP Spoofing Alerts: Warns about detected attempted Address Resolution Protocol spoofing attacks (when an attacker exploits the ARP to trick a device into communicating with an external device controlled by the attacker).

To manage these features from the console:

  1. Go to the Policies page (at partner level for master policies or customer level for customer policies)
  2. Select the desired policy from the left-hand pane
  3. Under Endpoint Protection, expand the Firewall and Antivirus Add-ons section
  4. Go to the Firewall tab, then select Advanced Settings
  5. Use the toggles next to the features to enable/disable them

At the bottom of the settings, you also have the option to revert rules to Avast default settings anytime if needed.

When Port Scan and ARP Spoofing alerts are enabled, the detection dialogs will offer the following options to the user:

  • Disconnect and block this network (recommended): Immediately disconnects from the current network and blocks any future connections to it. The Blocked message is displayed next to this network on the Network screen in Firewall settings.
  • Stay connected but block the suspicious device: Remains connected to the network while blocking the external device conducting ARP spoofing. This allows continued internet usage but is not recommended due to potential additional threats on the network. Blocked devices can be managed in the Firewall settings.
  • Ignore this potential threat — I trust this network: Takes no immediate action. It is not recommended unless the user is certain about the network's security.

Note that the Firewall advanced features are only activated in public (untrusted) networks.