Application Rules
On this page, you can set the communication rules for specific applications. The firewall will then follow the application rule whenever a particular application tries to establish a connection with the Internet or with another network.
Default rules will be created automatically for applications from trusted sources when the application is first started. To add an application to an existing group, just click on “New application rule”, select the group and browse for the application to be added. Then select the level of access allowed by clicking on the group name and then clicking the orange bars displayed next to the added application. Alternatively, you can create a new group by clicking the “New Group” button and then adding the new application rule. You can name the new group at the moment it is created, or you can re-name it later using the right-click context menu. You can also move an application to another group by right-clicking on it and selecting “Move”.
Five levels of access are possible:
- Friends out
- Friends in/out
- Internet out
- Friends in and Internet out
- All connections
“Friends out” is the most secure setting as no incoming connections will be allowed and outgoing communication will only be allowed with networks defined on the Friends page in the expert settings.
Connections to the Internet automatically include connections to Friends. For example, “Internet out” automatically includes “Friends out”. If “Friends in and Internet out” is selected, outbound connections to the Internet will be allowed, plus both inward and outbound connections with Friends. If “All connections” is selected, all incoming and outbound connections will be allowed.
You can further specify how to deal with connections above the selected level, for example, if an incoming connection from the Internet is detected, but the access level is set only to “Internet out”:
“Block” means that such connections will never be allowed.
“Auto-decide” means the connection will normally be allowed, however any suspicious connections will be automatically blocked. This will be based partly on a large white-list database of safe applications maintained by avast!
If “Ask” is selected, you will see a message asking you to confirm whether or not the connection should be allowed.