Avira free antivirus with Windows 7 firewall

I use a third-party firewall that allows full control.

But some of my friends use the firewall built in to Window 7. To each their own.

I've taken a look at that firewall, and it's actually fairly flexible.

It has quite of bit of incoming traffic blocked by default, but leaves outgoing traffic wide open. I want to help them restrict outgoing traffic on their systems.

Many of them use Avira's free antivirus. I would like to configure their Windows 7 firewall (aka Windows Firewall with Advanced Security) to work with Avira, while still blocking as much outgoing traffic as possible for them.

Blocking all outgoing traffic with the Windows firewall is trivial, but I haven't found any documentation on Avira's site on how they recommend configuring the Windows 7 firewall to work with their product (perhaps because they want you to buy their pro version that has a firewall, but as of this post, their pro firewall does not even support IPv6!).

So before I reinvent the wheel and figure it out myself, has anyone already set up the Windows 7 firewall's outgoing traffic rules to work properly with Avira free antivirus (that is, not break it or impair its functionality in any way)?

Also, interestingly, I see no Incoming Rules for the Windows 7 firewall for Avira on their systems. How is this possible given that they regularly get program and definition updates?

There isn't any special configuration required, they're just separate programs with completely different functions and won't interfere with each other at all. You just need to allow the antivirus engine to update itself, for which it will require an outgoing connection. The only difficult part is determining the exact program/port/protocol that it used, but Google can greatly help you here.
Of course, if the antivirus itself bundles a firewall, you'll want to disable it. Don't use two at once, configure one and disable the other.

SevenOfNine said:

Blocking all outgoing traffic with the Windows firewall is trivial, but I haven't found any documentation on Avira's site on how they recommend configuring the Windows 7 firewall to work with their product

You don't really want to block everything . I guess that at the very least you'll want a browser working, maybe a few other programs too, in addition to updates. Once again, Avira has nothing to do with any firewall other that their own. The only piece of information you need is what network connection does it use for updates, then configuring your firewall goes beyond their documentation.

SevenOfNine said:

that is, not break it or impair its functionality in any way)?

The only network requirement I can think of are updates of its database. Everything else works entirely local.

SevenOfNine said:

Also, interestingly, I see no Incoming Rules for the Windows 7 firewall for Avira on their systems. How is this possible given that they regularly get program and definition updates?

That's completely normal. The antivirus will never listen for external connections (doing so would be a very serious vulnerability). It instead initiates the connection itself to the update server, that's why it's an outgoing connection, like every other program.
While outgoing connections occur frequently, incoming are even more rare on home computers, specially without a local network. There is normally little need for incoming rules, only very specific cases.

No matter what you do, make sure to test it before going on. Make use of every function of the antivirus and see if it works as it should. Maybe throw the eicar test file to trigger a real virus alert to be sure.

Alejandro85 said:

SevenOfNine said:

Also, interestingly, I see no Incoming Rules for the Windows 7 firewall for Avira on their systems. How is this possible given that they regularly get program and definition updates?

That's completely normal. The antivirus will never listen for external connections (doing so would be a very serious vulnerability). It instead initiates the connection itself to the update server, that's why it's an outgoing connection, like every other program.
While outgoing connections occur frequently, incoming are even more rare on home computers, specially without a local network. There is normally little need for incoming rules, only very specific cases.

Thanks for the tips Alejandro.

I have a question regarding the above: With some firewalls, "Incoming" means the transmission of data to a port/service/app/etc., and "Outgoing" means the transmission from one of those.

From what you are saying, the Windows 7 built-in firewall uses different definitions.

For example, in order to request AV definition updates, the AV program typically transmits data to a server, and then the server transmits data back to the AV program (there are exceptions with "streaming" updates, but that's another discussion). So, with some firewalls, you would need to create an Incoming and an Outgoing rule for the updates to be successful. But from what you're saying, the built-in Windows 7 Firewall doesn't work that way, and an Outgoing rule is sufficient.

Am I understanding correctly?

Never seen such usage of the terms, but I don't believe that's right, at all. In pretty much every context "incoming" and "outgoing" always refer to who initiates the connection, but don't cares about what happens once established. For example, a browser connects to a server and then can either download or upload something, but that's always an outgoing connection (and in turn an incoming for the server side). Antiviruses updating their databases, submitting samples or anything else will initiate the connection to their servers too, and never the other way around. File sharing is incoming for the one publishing the shared folders and outgoing for the one accessing them.

In which way data transmission goes is irrelevant. For one, in every connection there is always two-way exchange, at the very least of commands and acknowledgements (a browser sends a request to download a file, and the server sends the file back, all over the same connection). More advanced firewalls might inspect something inside the connection, but the basics of incoming and outgoing remain the same.

You only need outgoing connections for AV updates because it's the AV that will initiate the connection. There is no way the server can ever call you back, for a number of reasons. You'll use incoming connections when hosting something yourself (like shared folders) or using "peer-to-peer" protocols, like Skype or BitTorrent that often uses both.
Most likely you missed some other configuration needed for allowing the AV to work, or the firewall has a horribly broken user interface.