OA Firewall rule bypassed when Avast web shield also running

[Arto 0]

I Just upgraded to OA version 6.0.0.1736.  Was previously on V5xx.  I am also running Avast version 7.0.1474 (which I hav been running for a while now).  Each program is excluded from being scanned by the other.

 

My problem is that programs that I have blocked in OA (using Firewall rules) from accessing the internet are being allowed through.  This only happens when Avast's web shield is active.  If I deactivate the web sheild, OA blocks the traffic as expected.

 

I saw an older post (http://support.emsisoft.com/topic/8326-online-armor-and-avast-web-shield/?hl=avast) where this topic was also discussed.  There were references to posts on other forums that indicate that there is no such problem between avast and OA.  However, I am definitely experiencing the problem.

 

I enabled full firewall logging in OA, and noticed that when the avast web shield is active, there is no mention of the program I am blocking in the firewall log.  There are only entries for Avast stuff.  If I disable the web shield, I see multiple entries in the log, indicating that the program was blocked.

 

Is there a setting I might need to change in OA, or is something wrong with my OA instal?

 

I'm running XP SP3.

 

Thanks;

[Fabian Wosar 390]

What Avast does when the web shield is enabled is to route all web request through it's own process. So instead of connecting to an IP on the internet, a program accessing the web will connect to the Avast web shield proxy process instead. The actual internet access is then done from the Avast proxy process, that you most likely allowed to access the internet. There is no real solution for this problem as the way Avast chose to implement the web shield is just inherently incompatible with any software firewall.

[Arto 0]

How is it that Avast can 'intercept' the request, but OA cannot.

[Arto 0]

I just found a work around for this.  Not perfect, but since I don't have many programs I need to block, it works.

 

I basically to Avast that my program should be excluded from the web shield.  Thus it allows OA to examine, and apply its ow rules.

[Fabian Wosar 390]

The problem is not the intercepting. The problem is that with the web shield enabled all HTTP traffic is done on behalf of your browsers and HTTP clients by the Avast proxy process. Since that is allowed, all HTTP traffic is allowed as Online Armor can't possibly know which process the Avast proxy is requesting a web page for.

[Nick 10]

@Arto

 

I have never seen this issue on my system. I have mutually excluded both programs.

 

In your original post you wrote that "each program is excluded from being scanned by the other" but you also wrote that "there are only entries for Avast stuff" in the firewall log. I suspect that you might still have some items related to Avast in the Firewall program list and/or in the Programs list and/or in the Autoruns list of OA.

You may want to try deleting those Avast's entries in OA and then reboot.

 

System Information:
Win XP Pro SP3
Avast! Free AV 8.0.1483
Online Armor Free 6.0.0.1736

(Avast!/OA mutually excluded)

 

[Arto 0]

Nick;

 

In my autoruns, I have 2 entries related to Avast, and both are set to Allowed.  In the Firewall section, there is nothing specific for Avast.  In programs, there are no entries for Avast.  In Options"Exclusions, I have 2 entries for Avast:  One is the main program folder, and the other is the Avast folder under Documents and Setting/All Users/Application Data.  I've had these entries for years.  Without it, really bad things happen.

 

Are you suggesting I remove these entries from the exclusions?

[Nick 10]

Are you suggesting I remove these entries from the exclusions?

 

Absolutely not.

 

Since you have Avast excluded in OA, I just wanted to suggest that you should try deleting all the Avast related items in OA's Autoruns, Programs and Firewall lists and then reboot your system.

If Avast is fully excluded in OA, there's no reason for any possible related item to be present in Autoruns, Programs or Firewall lists, in my opinion.

 

As far as I know, the issue you described doesn't affect OA + Avast (also according to the Avast forum).

[Arto 0]

Nick;

 

I removed the Avast entries from the autoruns, and rebooted.  The services started up fine (as they should have).  As for the firewal rules in OA being bypassed, it is still happenning, unless I tell Avast web shield to exclude the program that I want OA firewall to block.

 

I found a few threads that seem to indicate that OA is not affected by this problem, but since I am experiencing it, the problem is there.  I did see mention of setting the Avast web shield to 'scan traffic from well known browser processes only'.  That works, but I don't know what protection I am loseing be setting that option.

 

Thanks;

[Nick 10]

I did see mention of setting the Avast web shield to 'scan traffic from well known browser processes only'.  That works, but I don't know what protection I am loseing be setting that option.

 

Thanks;

 

I have not enabled that option. If you enable it, basically Avast will monitor HTTP traffic only for common browsers (e.g., Firefox, Internet Explorer, Chrome and perhaps Opera), ignoring  HTTP traffic generated by any other application, though.

Obviuously the  File System Shield should still  take care of any possible malware that could find its way into your system...

 

You might want to try asking also some other user on the Avast Support Forum - several people there use OA + Avast.

Perhaps, someone else will confirm your issue and let the developers know,,,

Edited April 4, 2013 by Nick

[trujwin 1]

Has the Menu>>options>>Firewall >> intercept loopback interfaces been ticked on??

Download Accelerator plus downloads all the files thru AVAST proxy (all the shields incl Webshield active).

 

For a test I blocked it in Menu>>Firewall>>Programs. Now DAP is not able to connect to the internet. I have attached the history tab of the action , where OA is blocking DAP's attempt to connect to the AVAST proxy , rightly so.

 

Hope this is relevant to the issue.

[Nick 10]

Yes, with an AV like Avast (which basically uses its own web proxy), the "intercept loopback interfaces" option should be enabled.

 

Do you have VLC Media Player on your system? Try blocking it in Firewal/Programs (OA) then open VLC and go to Help/Check for Updates. OA should prevent it from looking for updates - and VLC should show you some error message.

[Arto 0]

Finally got around to trying this.  Sure enough, enabling the intercept loopback interfaces in OA work perfectly.  Any reason it is not enabled by default?  Will it cause a slowdown on all network traffic?

 

Thanks again.

[Nick 10]

You're welcome. Happy to hear that you solved the issue.

 

Will it cause a slowdown on all network traffic?

 

No, I don't think so.

 

However, I don't know the reason why it's not enabled by default. Perhaps, it's uncked just to avoid some pop-ups that may result a bit confusing for some users?...