Web Shield allows outbound connections blocked by Windows Firewall

[abruptum]

I know I can check - Scan traffic from well-known browser processes only, but then Web Shield is
not scanning AdFender which works as local proxy. Is there some other workaround for
outbound rules to work with Web Shield enabled ? Do I need to exclude something in
Web Shield's settings?
I am using Avast 8.0.1489 and WF , Windows 7 SP1 32-bit.

[DavidR]

That is a problem with the windows firewall not being able to determine the process going through the web shield localhost proxy (avastSvc.exe) rather than only seeing the web shield proxy.

You would have to coordinate the AdFender proxy with the web shield proxy (adding the proxy port to the redirect ports) and uncheck the Ignore local communication (this may be the main issue/problem as the proxy is effectively local traffic)). These settings are in the avastUI > Settings > Troubleshooting >Redirect Settings > WEB - add the proxy port used by AdFender to the HTTP port(s): has to have a comma separating port numbers. See image, click to expand.

Personally I would be looking at using an ad blocker that is integrated into a browser, like the AdBlock Plus firefox add-on.

[abruptum]

That is too complicated for me.Thank you anyway.
I use AdFender only with IE10 and I use ABP in other browsers.
I don't think that this is WF's fault since it is native Windows 7 firewall.
Obviously it is Web Shield's bug.All I want to do is to block some apps
from "phoning" home.I am not talking about normal checking for updates.
I guess If I want to block apps from connecting to the internet I should buy AIS 8 (with firewall) ?
I found out that there is Web Shield conflict with other firewalls also.

[DavidR]

There are a few firewalls that are unable to determine what is actually being redirected through the proxy (parent process) and not the avast proxy itself.

My firewall Outpost Firewall Pro can block the parent process before it is redirected through the avast proxy on both my XP Pro and win7 netbook systems.

It might seem complex, but really it isn't, the image show all the changes required (2) adding the AdFender port and unchecking the Ignore local communication.

[abruptum]

It didn't work.I tried your settings suggestion and Web Shield is not working in IE10.
Is there some software (not firewall) that can block apps from connecting to internet?
All I found was some old app for Windows XP.I believe it is called NoNet or something similar.

[DavidR]

Reading through the topic again I'm a little confused in what it is you are trying to achieve.

You say that rules you make for applications to connect to the internet aren't working because of the web shield proxy effectively tunnelling through the rule. Yet you are trying to get avast's web shield to scan AdFender's content/traffic.

So what program is it you are trying to block with the firewall rule ?
As surely it wouldn't be Adfender as you want avast to scan its content/traffic.

The win7 firewall doesn't have outbound protection enabled by default and if enabled the rules have to be manually created by the user and this isn't very user friendly. You could try the - Vista & Windows 7 Firewall Control, http://www.sphinx-soft.com/Vista/index.html and this, http://www.sphinx-soft.com/Vista/faq.html. Which is meant to be more user friendly.

[Arnold72]

I use comodo firewall 5.12 and it can block successfully when avast is installed.
I have never experienced a problem with this combination.

Thanks.

[abruptum]

@DavidR
I am using Firewall App Blocker to easily create outbound rules.
    http://www.softpedia.com/get/Security/Firewall/Firewall-App-Blocker.shtml
For example I am trying to stop some player from "phoning" home every time I open video file with it.
That is working great when Web Shield is disabled or option for known browser processes is checked.

@Arnold72
Is Comodo 5.12 version light on system ?

Edit:
Actually,I found out that Comodo firewall is also affected with this bug in Web Shield.
I know many Avast fanboys  will say that culprits are firewalls and i would agree with that if WF is
not affected also.It is native built-in Windows 7 firewall that should work with Avast Free (and Web Shield).
Otherwise,Avast simply is not compatible with Windows 7.
Thanks.
Very angry Avast Free user

[Arnold72]

Hi,
Comodo firewall is extremely light.It is running at around 4000k ram here.
Also i would like to add the so-called problem with comodo firewall and avast webshield does NOT exist when i used them.
To be perfectly honest why on earth would you wish to be blocking anything on your computer..the suggestion is preposterous.
If you do not trust any connections from any installed programs then why have it installed at all...!

I tried to get outpost firewall installed but upon the reboot my laptop went into a never ending crashloop and this was after several attempts.
Privatefirewall is another hit and miss installation procedure which if it goes haywire then it causes no end of mischief.Plus the GUI is plain rubbish and looks like it belongs on a zx spectrum.

Yes for lightness the comodo and windows firewall take some beating and comodo is rich with its settings and customizations and as i said before i never experienced any issues when running with avast.
I highly recommend it.

Thank You.

[abruptum]

Is this relevant for my problem ?
     http://public.avast.com/~rypacek/avast/webshieldfilter.exe
from this Topic :
http://forum.avast.com/index.php?topic=99617.0

[Arnold72]

Is this relevant for my problem ?
     http://public.avast.com/~rypacek/avast/webshieldfilter.exe
from this Topic :
http://forum.avast.com/index.php?topic=99617.0

You asked in your previous post if comodo firewall was light and i told you yes it was so my reply was relevant to your enquiry.
Would you please be so kind in future not to appear aggressive in your responses please as i was merely trying to help you and did not expect you to be rude and abrupt about it....

Thanks.

[DavidR]

Is this relevant for my problem ?
     http://public.avast.com/~rypacek/avast/webshieldfilter.exe
from this Topic :
http://forum.avast.com/index.php?topic=99617.0

Yes it is relevant as it outlines why the windows firewall is unable to see the redirect (by a program you have a rule for) into the web shield proxy.

Avast version 7 uses supported API of Windows 7, that is created solely for the purpose of redirecting network connections. It uses it to redirect connections. It is new in avast7, however Windows7 is not such a brand new OS and the redirect api (REDIRECT layers in WFP) are there since the Win7 launch (2 years? More?). There is no other supported way of doing it.

The tool can create windows 7 firewall rules to get round the fact that the windows firewall uses an older api for redirects.

[DavidR]

Is this relevant for my problem ?
     http://public.avast.com/~rypacek/avast/webshieldfilter.exe
from this Topic :
http://forum.avast.com/index.php?topic=99617.0

You asked in your previous post if comodo firewall was light and i told you yes it was so my reply was relevant to your enquiry.
Would you please be so kind in future not to appear aggressive in your responses please as i was merely trying to help you and did not expect you to be rude and abrupt about it....

Thanks.

The OP isn't being abrupt or aggressive, certainly not in the text you quoted. He is merely asking a question if the webshieldfilter.exe that he has found (a fix, referred to in another topic) is relevant to the problem he is experiencing.

[abruptum]

So should I use that tool and how ?
I cannot see this topic :
   http://forum.avast.com/index.php?topic=99502.msg793862#msg793862
I guess I am not allowed.
Thanks.

[DavidR]

Sorry I didn't notice that was a closed area of the forums. This is an extract of the information on the tool.

Hi guys,
I have created a small tool that can "fix" this case for Windows Firewall.


It is a command line tool, just to test the possibility to block the connections to WebShield by the means of Windows Firewall, if such functionality would be required and useful, we might consider adding it to the future versions. Tested on Windows 7.


If you are interested, download the tool here:
http://public.avast.com/~lukor/avast/webshieldfilter.exe


There are 3 options:
-a <filepath> = adds new app as an allowed program for use by webshield (and also install the "block all others" filter if not already installed)
-e = enumerate all currently installed filters and allowed programs
-d = delete all filters and blocks


What is does is creating several firewall rules, that block all connections to 127.0.0.1:12080 for all apps with the exception of the application path specified.


Example:

D:\>webshieldfilter.exe -e

Success: 0 filters

D:\>webshieldfilter -a "c:\Users\lukor\AppData\Local\Google\Chrome\Application\chrome.exe"
Adding filter to block all traffic to 127.0.0.1:12080, with the exception of c:\Users\lukor\AppData\Local\Google\Chrome\Application\chrome.exe.
Retrieving application identifier for c:\Users\lukor\AppData\Local\Google\Chrome\Application\chrome.exe
Successfully identified as \device\harddiskvolume2\users\lukor\appdata\local\google\chrome\application\chrome.exe

D:\>webshieldfilter.exe -a "c:\Program Files\Internet Explorer\iexplore.exe"
Adding filter to block all traffic to 127.0.0.1:12080, with the exception of c:\Program Files\Internet Explorer\iexplore.exe.
Retrieving application identifier for c:\Program Files\Internet Explorer\iexplore.exe
Successfully identified as \device\harddiskvolume2\program files\internet explorer\iexplore.exe

D:\>webshieldfilter.exe -e
Filter: 1. Default filter to block all outbound connect attempts to 12080
Filter: 2. Filter to permit outbound connect attempts to 12080
Filter matches: \device\harddiskvolume2\program files\internet explorer\iexplore.exe
Filter: 3. Filter to permit outbound connect attempts to 12080
Filter matches: \device\harddiskvolume2\users\lukor\appdata\local\google\chrome\application\chrome.exe

Success: 3 filters