Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Sido on February 25, 2005, 03:07:44 PM
-
Hi all, sorry for raising this ugly beast again but I'm still having troubles. I have searched the forums and I think I have got information overload on this topic ???
My software versions:
avast 4.6.603
Outpost 2.5.375.4822 (374)
Can someone confirm if the following Outpost rule is correct and do I need any others?
Partially Allowed Programs:
ASHWEBSV.EXE - TCP, Outbound, Remote Port 80 (HTTP), Allow.
The problem I have is that every program that accesses the net then needs a rule like:
Internet Explorer - TCP, Outbound, Remote Host: localhost (127.0.0.1), Remote Port: 12080, Allow.
Firstly, are these rule sets correct for Oupost and secondly, is this the "normal" behaviour (ie. in relation to creating a localhost allow rule for each program that accesses the net)?
Thanks heaps in advance ...... I'm down to my last couple of strands of hair :'(
Cheers,
Sido.
-
Yes, it seems correct - if it works for you. Additionally you may also need the rule for ashWebSv.exe: TCP, Inbound, local port: 12080, but I am not sure right now if outpost requires this kind of rules or if it controlls localhost listen by some other (global) option.
-
Hi :)
I use Outpost Pro 2.5 as well & that rule U have is the same as one i have for it, the reason U are being asked for localhost access is because the webscanner kinda acts like a proxy, so U will get TCP, Outbound, Remote Host: localhost (127.0.0.1), Remote Port: 12080, Allow. popups for most of Ur net apps, it perfectly ok to allow this, if U dont then they wont be able to connect.
U must have the global Allow loopback rule unchecked if U are gettin these prompts.
Hope it helps :)
BaNzI
-
Thanks heaps BaNzI & lukor, greatly appreciated!! I may not go bald after all ;D
BaNzI, I have the global Allow loopback rule checked, that ok?
Would it be possible to set a global rule (as follows) instead of a localhost rule for each app. that accesses the net, or would that be opening a can of worms?
Custom Global Loopback Rule
TCP
Outbound and Packet Type: Local
Remote Host: localhost (127.0.0.1)
Remote Port: 12080
Allow
Thanks again. ;)
Sido.
-
Hi Sido :)
Strange, if U have the global Allow Loopback rule checked then u shouldnt be prompted for the localhost rules if memory serves me right, unticking the Allow Loopback is recommended at the outpost forum by the guru's there (never really been sure why) & thats the setup i have.
It can be annoying allowing or creating rules for these localhost connections, but luckily Avast makers limited it to the one port, so when a prompt to allow appears on mine, i just leave everything in the custom rule & only tick Allow & call the rule Appsname Avast.
It sure is a great firewall, but i still find it a bit buggy sometimes (ie the constant freezing of firefox due to a my address (127.0.0.1) attack, this can be stopped by unticking My address attacks in the attack detection'splugin (advanced tab\Edit list at top of advanced tab)
As for Ur custom rule, it might be better to post about it here along with any outpost probs U have :)
http://www.outpostfirewall.com/forum/
BaNzI ;D
-
Partially Allowed Programs:
ASHWEBSV.EXE - TCP, Outbound, Remote Port 80 (HTTP), Allow.
@ Sido
All I did was to add ashWebSv.exe to the Trusted Applications list (no rules applied) and no prompts for other programs.
-
BaNzI
Strange, if U have the global Allow Loopback rule checked then u shouldnt be prompted for the localhost rules if memory serves me right, unticking the Allow Loopback is recommended at the outpost forum by the guru's there (never really been sure why) & thats the setup i have.
Yeah, that is one of the things that is confusing the heck out of me. Everything I am reading says exactly that, but in my case I have it checked/switched on cause it causes problems if it isn't.
As for Ur custom rule, it might be better to post about it here along with any outpost probs U have :)
Thanks for that, I am going to head over there now and see if I can get some help. ::)
DavidR
All I did was to add ashWebSv.exe to the Trusted Applications list (no rules applied) and no prompts for other programs.
Thanks DavidR. Is that a safe ruleset to apply? I thought that it may effectively allow any program to access the web without you knowing (ie. trojans, etc.). I also remember reading that it should be a Partially Allowed rule in the Outpost forums (somewhere ???). Back to the Outpost forums for me.
Thanks again guys.
Cheers,
Sido.
-
It might not be the safest (outpost should still recognise a different program, using the web shield localhost loopback), but first get it working, and then you can tweak it if required. If you have it as partially allowed, you will obviously get more queries from Outpost, you might try the grc.com leak test and see if it gets through. I tried a while ago and it didn't get through, so it was being checked by outpost. The problem is I can't remember if I was using the beta version of ashwebsv.exe.
I haven't seen anything on the outpost forum recently, if you have a link I would be interested to see what it is about and if this would relate to web shield.
-
I haven't seen anything on the outpost forum recently, if you have a link I would be interested to see what it is about and if this would relate to web shield.
Sorry DavidR, upon checking the Outpost Forums it was in relation to avast! beta:
http://outpostfirewall.com/forum/showthread.php?t=12937 (see post #6 - minoka)
But I guess it still has some merit for the final release.
My Outpost rules seem to work:
avast! Web Scanner
(TCP, Outbound, Remote Port: 80, Allow)
All Other Porgrams that Access Net (ie. localhost rule)
(TCP, Outbound, Remote Host: 127.0.0.1, Remote Port: 12080, Allow)
Global System Rule
(TCP, Inbound, Remote Host: 127.0.0.1, Allow)
However, I am not sure how secure they are. I am also wondering if the following rule could be applied without "opening" my system up too much ???
Global System Rule
(TCP, Outbound, Remote Host: 127.0.0.1, Remote Port: 12080, Allow)
I'll try the Outpost Forums as well. Thanks again for your help, greatly appreciated.
-
Why would you create a global
(TCP, Outbound, Remote Host: 127.0.0.1, Remote Port: 12080, Allow)
rule? You should simply allow to connect to 127.0.0.1:12080 only to those apps that you'd normally allow to connect to the Internet on port 80.
-
True true. Thanks for that Vlk ..... I think I have it under control finally :o
Thanks all.
Sido.
-
......is it correct : " the only System-Rule has to be
the Global System Rule
>(TCP, Inbound, Remote Host: 127.0.0.1, Allow) < ::)
and All Other Porgrams that Access Net (ie.FireFox ect.)
(TCP, Outbound, Remote Host: 127.0.0.1, Remote Port: 12080, Allow) ?
regards horbar