This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Advanced Firewall Features

This Article Applies to:

  • Avast Business Hub

 

Avast Firewall is another major component of Antivirus protection offered alongside Core Shields, and it is available for Windows workstations. Our Firewall monitors all network traffic between devices and the outside world to help protect you from unauthorized communication and intrusions.

 

The following advanced features are available for Avast Firewall:

  • Leak Protection: Helps protect the device from leaking potentially sensitive data by enabling packet rules to block certain types of communication.
  • Port Scan Alerts: Warns about detected hacker and/or malware attempts to scan the device for open ports.
  • ARP Spoofing Alerts: Warns about detected attempted Address Resolution Protocol spoofing attacks (when an attacker exploits the ARP to trick a device into communicating with an external device controlled by the attacker).
  • Enable checking device blocker gateway in the firewall (available from AV 24.10): Automatically excludes any records of gateways from the list of blocked devices in Firewall to ensure they are not entered there.

To manage these features from the console:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Select the Settings tab, then Firewall
  4. Expand the Firewall Settings section
  5. Select the Advanced tab
  6. Use the toggles next to the features to enable/disable them

When Port Scan and ARP Spoofing alerts are enabled, the detection dialogs will offer the following options to the user:

  • Disconnect and block this network (recommended): Immediately disconnects from the current network and blocks any future connections to it. The Blocked message is displayed next to this network on the Network screen in Firewall settings.
  • Stay connected but block the suspicious device: Remains connected to the network while blocking the external device conducting ARP spoofing. This allows continued internet usage but is not recommended due to potential additional threats on the network. Blocked devices can be managed in the Firewall settings.
  • Ignore this potential threat — I trust this network: Takes no immediate action. It is not recommended unless the user is certain about the network's security.

Note that the Firewall advanced features are only activated in public (untrusted) networks.