This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Firewall Application Rules

This Article Applies to:

  • Avast Business CloudCare

 

Application Rules are specifically meant to control the access for various applications that may run on your devices. You can choose whether connections for applications with no defined rules are auto-decided by the Firewall, chosen by the user, or allowed/disallowed in the drop-down menu. We recommend you ensure these rules are controlled by your Console for maximum security across your network.

Adding Application Rules

  1. Click on the name of the policy you would like to alter
  2. Expand Firewall and Antivirus Add-ons
  3. Navigate to Firewall ▸ Application rules
  4. Click Add application rule
  5. Fill out the full application name and path
  6. Select what connections are allowed: all, none, or Internet out only
    1. You can also select custom rules for various ports and protocols by clicking Custom, then adding or altering the packet rules in the table
  7. Click Add
  8. Click Save & Apply to Devices when you are done adding rules
    • If you are editing a Master Policy, this will say Save & Apply to Customers instead

Custom Application Rules

  1. Click the pencil icon to the right of the application name to edit the rule
  2. In the Allow column, click Custom in the drop-down menu
  3. Click + Add packet rule
  4. Fill out the following:
    • Rule name
    • Action: allow, block, ask user, or auto-decide
    • Protocol
    • Direction
    • IP Address
    • Local Port
    • Remote Port
    • ICMP type
    • Profile
  5. Click Save
  6. Click Add
  7. Click Save & Apply to Devices when you are done adding rules
    • If you are editing a Master Policy, this will say Save & Apply to Customers instead

Environment Variables

Firewall will not allow entire directories/folders nor accept wildcards (such as * or ?), but you may also use system variables for specific filenames.

Use this if you need to specify an executable file located in a folder where applications are stored in the users' profiles

  • %UserProfile%\AppData\Local\app.exe → C:\Users\(UserName)\AppDate\Local\app.exe

Use this if you need to specify an executable file located in a folder where shared program files for 32-bit applications are stored

  • %CommonProgramFiles(x86)%\app.exe → C:\Program Files (x86)\Common Files\app.exe

Use this if you need to specify an executable file located in a folder where program files for 32-bit applications are stored

  • %ProgramFiles(x86)%\app.exe → C:\Program Files (x86)\app.exe

Use this if you need to specify an executable file located in a folder where shared program files are stored

  • %CommonProgramFiles%\app.exe → C:\Program Files\Common Files\app.exe

Use this if you need to specify an executable file located in a folder where program files are stored

  • %ProgramFiles%\app.exe → C:\Program Files\app.exe

Use this if you need to specify an executable file located in a core folder of the operating system

  • %WINDIR%\SysNative\app.exe → C:\Windows\System32\app.exe

Use this if you need to specify an executable file located inside an operating system folder

  • %WINDIR%\app.exe → C:\Windows\app.exe

Use this if you need to specify an executable file located anywhere else on the system drive

  • %SYSTEMDRIVE%\(Folder)\app.exe → C:\(Folder)\app.exe

 

Other Articles In This Section:

Firewall General Settings

Firewall Network Settings

Firewall System Rules

Firewall Advanced Packet Rules

Advanced Firewall Features

Related Articles:

Configuring Antivirus Exclusions

Scheduling Scans

Wildcards