Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: DukeNukem on March 17, 2005, 11:06:39 PM
-
Hello.
Am I right in saying that with sygate + webshield, If I set IE or FF to ask, sygate wont ask me to allow them to access the internet?
Or if i block IE and FF they can still access the internet?
-
Yes that is correct.
For 4.6.603, this was the case not only for say IE or FF but also for VeryUglyTrojanSendingOutTheContentsOfYourHarddriveViaHttp. This has changed in 4.6.623 though...
The reason is tha Sygate works on NDIS level and therefore doesn't see any communication that doesn't actually hit the wire (i.e. is localhost only).
-
I have been using sygate since the beta version of the webshield and sygate has always asked my if I want to allow FF or IE to access the internet when set to ask.
And when I set them to block, they are blocked,.
However I did a reinstall of windows xp today, put sygate back and noticed that IE and FF were able to access the internet without sygate asking me. Furthermore when I blocked them both they could still access the internet.
Anyway I think I know why.
Before my reinstall I have always had this option unticked,
Enable smart DNS
It is located @ Tools > options > security > Enable Smart DNS.
I also have smart dhcp unticked but I find its the dns one thats causing the problem.
With smart DNS unticked sygate will always ask me to allow FF or IE to access the internet when I set to to ask :)
And when i block them they do not work .
Is this a cure for the local proxy issue with sygate and webshield?
-
As Vlk told you, Sygate wont ask you for browser access. And there is nothing you can do about it. But is that such a big problem?
It is Sygate issue and Avast's webshield don't pass trojans and like without asking, so it should be ok.
-
As Vlk told you, Sygate wont ask you for browser access. And there is nothing you can do about it. But is that such a big problem?
It is Sygate issue and Avast's webshield don't pass trojans and like without asking, so it should be ok.
Please read my post above yours
-
Sygate will ask you for other applications!!!
Really wonder how you got asked for browsers before?
Maybe your webShield was not turned on then.
-
Jarmo.p
I am not an idiot.
I suggest you try it yourself.
-
Sorry if I sounded rude. I cannot do that cause I don't have pro version of the firewall. Just I have never heard that Sygate proxy could be fixed with that smart dns or any other setting. I might be wrong and you are right.
-
I should have said that I am using the Pro version.
If there is anyone with the pro version, can you please give my solution a try?
-
DukeNukem,
You're not alone with this problem, check out my posts here: http://forum.avast.com/index.php?topic=11662.0...
Regards,
=AirCeej=
-
AirCeej, i do not have any problems :)
I do however have a possible fix for sygate 5.5 Pro and webshield problem whereby internet explorer and FireFox can access the internet even if they are blocked or if set to ask sygate does not ask you to allow them access.
-
in the free sygate version, smart dns and dhcp are enabled by default and cant be disabled (in free version only). so it seems its normal to keep them enabled.
Ive re-installed sygate free and all works fine with latest avast. It didnt with previous avast, so I was using zonealarm..
NB I dont have proxy server checked in IE connections. Webshield redirected port is the default 80.
-
I cannot do that cause I don't have pro version of the firewall. Just I have never heard that Sygate proxy could be fixed with that smart dns or any other setting. I might be wrong and you are right.
Jarmo, I don't have the Pro version too.
The Smart DNS cannot be unchecked in the free version (as all other users posted here).
But I do have a local proxy and, sorry Vlk, but this is still present in the 4.6.623 version and the OptIn=0 (avast4.ini file setting).
As Vlk told you, Sygate wont ask you for browser access. And there is nothing you can do about it. But is that such a big problem?
It is Sygate issue and Avast's webshield don't pass trojans and like without asking, so it should be ok.
For it's not good to have allowed all outbound HTTP traffic through the proxy without asking for permition :( :'(
Privacy and security issues or, like Vlk joked (maybe because it's not his computer ;D): VeryUglyTrojanSendingOutTheContentsOfYourHarddriveViaHttp will be allowed to connect.
-
Stevejrc,
Unless something’s been changed in the latest version of Sygate Free PF (I’m using 5.5 build 2710 – as there are allegedly too many bugs with 5.6), then the problem with 80 as the Web Shield’s redirected port is: programs are no longer checked by Sygate PFF before gaining access to the ‘net – which means (at least in my version) you now have a mostly one-way firewall (see the various entries here: http://forum.avast.com/index.php?topic=11925.0). You can test this by configuring programs to ask for rights before gaining access to the ‘net. With 80 as the redirected port, they should get through unscathed; however if you blank the redirected port in the WS, then Sygate should ask you for permission before the program gets out.
The solution in the above thread to blank port 80 in the Web Shield solved the Sygate permission problem, although routing Firefox through the Web Shield brought about different problems discussed here: http://forum.avast.com/index.php?topic=11662.0. So for now the trade-offs with the current solution are:
· Programs are checked by Sygate PFF before accessing the Internet
· Firefox (in my case) with “Direct connection to the internet” checked - doesn’t get the advantages of the Web Shield, yet it doesn’t suffer from the current anomalies either.
=AirCeej=
-
The solution in the above thread to blank port 80 in the Web Shield solved the Sygate permission problem
No, it does not solve. It just 'disable' WebShield. When you enable it again (writting port 80), the firewall does not use that 'allow rule' but connect anyway through WebShield (and not through the browser itself). I did the test right now...
-
Yeah, I’m afraid in this case Technical - it does; and what you stated in your reply only mirrors what I found as the problem. I certainly want Sygate checking traffic in both directions and working in concert with Avast so a rouge program/virus/other wont get through. If I redirect through 80 then half of my Internet protection (all outbound traffic) through the firewall is lost. So considering I still have protection with Avast’s other shields and all I/O is checked to and from the ‘net through Sygate w/80 blanked in WS; this is far better than having the use of the Web Shield, routing Firefox through it and getting the certain URL display problems I’ve cited - along with not having any outbound protection through the firewall.
As checking two-way traffic to and from the computer has my highest priority in conjunction with the other shields in Avast, then I currently have the level of protection I enjoyed before Alwil added the Web Shield, and none of the problems since its introduction. Obviously it would be better if I could employ the use of the Web Shield, route Firefox through it without any display anomalies, AND have Sygate check traffic in both directions, but evidently that is not a current option.
-
Update:
Wow!
When version 4.6.603 was first downloaded on 4 different computers (3 running XP Home SP2 w/Sygate PFF 5.5 builds 2637 and 2710; 1 running XP Pro SP 1 w/Sygate PFF 5.5 Build 2710) I had the following problems:
· Firefox wasn’t being checked by the Web Shield though it was running.
· Programs that should’ve asked for rights through Sygate no longer did (which is what prompted me to write in the first place).
Interim Part 1:
· Upon getting the initial fix (as it were) from Jarmo P, Sygate once again was checking outward-bound programs, but I was getting display anomalies in Firefox on certain URL’s.
Interim Part 2:
· Some time on the 15th, I manually downloaded 4.6.623 and the same problems persisted (at least I think I tested for them anyway) ;).
Now (3/18/2005) with the current version of Avast and the following default settings reinstated:
· Web Shield redirected to Port 80
· Firefox set for “Direct connection to the internet”
All the problems (with which I experimented a few different ways, before and after reboot on all 4 computers) have been corrected! I presume Alwil downloaded a new version of 4.6.623 (mine is set for automatic), and this cleared it up! If this is the case, WAY TO GO AVAST TEAM!!!!!
Regards,
= AirCeej =
-
What an interesting topic! I do use Sygate PFPro and was unaware of the new developments till I saw this thread. So I had to run my own test. SPFPro is set to 'ask' and I utilize advanced rules to controll access to the internet. This is what happened:
1. I disconnected from and reconnected to the internet. An SPF popup appeared asking whether to allow avast! Web Scanner to contact download.windowsupdate.com. Permission was given.
2. I directed FF to a site in my bookmarks for which no advanced rule exists in my ruleset. The connection was promptly made.
3. The traffic log shows that it was not FF that contacted the site but avast! Web Scanner (ashWebSv.exe).
It would be deeply appreciated if anyone can fill me in on the following:
1. Since security seems to have been breeched, what did the avast gurus have in mind when they came up with this new twist?
2. If FF can hitch a free ride to uncharted territory, shouldn't Mr Trojan claim (and enjoy) similar priviledges?
3. How exactly can one implement (idiot-style, i.e., click on... etc.) the redirections and direct connections of the last post?
4. What cause (if any) is there not to ditch avast at this point and go back to, let's say, Norton?
-
kpfuser,
untick the smart dns option in sygate pro security tab.
Now try your experiment again.
And report back :P
-
As checking two-way traffic to and from the computer has my highest priority in conjunction with the other shields in Avast, then I currently have the level of protection I enjoyed before Alwil added the Web Shield, and none of the problems since its introduction. Obviously it would be better if I could employ the use of the Web Shield, route Firefox through it without any display anomalies, AND have Sygate check traffic in both directions, but evidently that is not a current option.
In fact, this is not a WebShield leak. It's a Sygate (at least the free version) problem.
My problem - which will be of anyone who uses an IP annonimizer, Proxomitron, MultiProxy, etc.) - is the local proxy. Sygate has a problem/bug and cannot handle the connections.
All the problems (with which I experimented a few different ways, before and after reboot on all 4 computers) have been corrected! I presume Alwil downloaded a new version of 4.6.623 (mine is set for automatic), and this cleared it up! If this is the case, WAY TO GO AVAST TEAM!!!!!
Built 623 updated to a new WebShield behavior. This is well known: http://forum.avast.com/index.php?topic=1647.msg100190#msg100190
Only allowed browser are automatic added to the white list of WebShield.
Until now, nobody proves me that we're not losing the DDD authentication features of the firewalls. If a DLL uses the browser for connection, WebShield will serve as a tunnel (proxy) and the firewalls (at least Sygate free) won't detect this. WebShield is making us lose this firewall feature.
Of course, if I'm wrong, I have no doubt to regret 8)
-
I have realplayer, windows media player, ad-aware, spywareblaster etc set to ask and sygate does ask me. Which it didnt with the previous avast version. Only crap cleaner (temp cleaner update) doesnt ask, this uses an IE window. So it has helped a bit and enough for me.
NB. I dont have use any other proxies - like proximatron etc.
-
In fact, this is not a WebShield leak. It's a Sygate (at least the free version) problem.
My problem - which will be of anyone who uses an IP annonimizer, Proxomitron, MultiProxy, etc.) - is the local proxy. Sygate has a problem/bug and cannot handle the connections.
Technical,
Thank you for your responses. If you’ve kept track of my posts, then you’ll realize that I’ve been aware of this for quite some time. My concern (and that of many others) is not necessarily what development team dropped the ball (Sygate in this instance), but that it all works together seamlessly on my computer without the need for putting out additional fires – let alone taking valuable time to research them (already a vast commodity in a day in the life). That the good folks at Team Alwil provided a solution where everything works together in the utilities I use (and recommended to a few hundred people) – in such a relatively short time – only further raises the bar of class in an industry sorely needing such a good example.
Built 623 updated to a new WebShield behavior. This is well known: http://forum.avast.com/index.php?topic=1647.msg100190#msg100190
Only allowed browser are automatic added to the white list of WebShield.
Uh no. The notion that Michael Jackson is a sexually deviated, surgically altered, androgynous byproduct of an ill-gotten youth - is relatively “well known”. The very idea of the one heading the US as a loose canon has certainly gained notoriety; however, “Built 623 updated to a new WebShield behavior” is so far off the radar for the general populace (let alone the tiny fraction of those whom I represent) as to be totally unaware of its existence (save for some in this forum and others on it’s periphery).
-
untick the smart dns option in sygate pro security tab.
Now try your experiment again.
And report back
After unticking 'Smart DNS,' I had to allow svchost.exe access my ISP's DNS servers via an advanced rule for things to work. Without doing this, FF could not connect anywhere.
When I tried to connect to the same site as earlier, it was ashWebSv.exe who requested permission to connect and not FF. Thereafter, a 'deny' sellection makes any connection impossible while an 'allow' one channels all traffic through the Avast Web Scanner. As if to underscore the point, the traffic log recorded outgoing TCP traffic to an unknown Akamai IP address.
All this brings me to the questions
1. how do I disable ashWebSv.exe and
2. what do I lose by doing so.
-
I am behind a router, I think this is why i get different results.
Did you set FF to ask or delete FF from your apps lists?
The websheild is a great feature in avast as it prevents a virus from being downloaded to your PC.
-
Did you set FF to ask or delete FF from your apps lists?
FF is set to 'ask.'
The websheild is a great feature in avast as it prevents a virus from being downloaded to your PC.
Maybe, but this must be weighed against allowing trojans and spyware to call home with impunity. In my opinion, it breaks more than it fixes.
Anyway, how can I disable it for now?
-
Avast Web Sheild works fine with Kerio 2.15 with software proxy loopback rule set to exclude port 12080, all sites get scanned using either Opera, FF or IE.
Web Shield also works fine wth Jatico, Kerio 4 as well as Zone Alarm Free.
In case you dont want the extra protection, turn it off in the control panel: right click taskbar>On Acess Protection Control and terminate Web Shield.
-
Arup, can you post details of your advanced rule for proxy loopback?
Ports (remote/local), IP (remote/local), traffic (income/outcome/both), protocols, etc.
Thanks. 8)
-
It would be deeply appreciated if anyone can fill me in on the following:
1. Since security seems to have been breeched, what did the avast gurus have in mind when they came up with this new twist?
2. If FF can hitch a free ride to uncharted territory, shouldn't Mr Trojan claim (and enjoy) similar priviledges?
3. How exactly can one implement (idiot-style, i.e., click on... etc.) the redirections and direct connections of the last post?
4. What cause (if any) is there not to ditch avast at this point and go back to, let's say, Norton?
ad 2.) Under normal circumstances you give FF full access for outgoing connections? Or do you explicitly permit every access? What prevents you from applying the same "security measures" to WebShield process? Does you firewall prevents your apps to execute other apps or what stops your Mr Trojans from using FF or IE to access the web? Oh man, we must be talking only about Trojans that run in the process of Internet Explorer or Firefox, otherwise WebShield wouldn't redirect them - so you after all cannot trust all firefox connections, cause some of these might be from the in-process Trojans. And if your Trojans cannot hijack your browser (as of some other reason) then WebShield does not change the behavior - Trojan accessing the net would get caught by Sygate.
Explain this to me please!
-
I connected my cable modem to my pc network card.
And unticking the smart dns option has no effect. FF or IE can access the internet even if they are blocked and if set to ask sygate does not ask.
EDIT
I have got it to work, I terminated the following windows service, DNS client
Now sygate will always ask to allow FF or IE to access the internet, and if i block them both they do not work.
KPFuser, i am quite sure that if you have sygate pro and
untick smart dns
stop/disable the windows service DNS client
FF or IE wont be able to access the internet if blocked or set to ask sygate will prompt you.
BTW i didnt have to create any special rules for svhost. Im am not sure if disabling the DNS client is a good idea as some isps may need it on but it works for me.
ANOTHER EDIT - regarding the DNS client service
http://www.theeldergeek.com/dns_client.htm
Seems safe to disable.
-
Yet another Sygate setup variation. I am not an IE user and consider it the "most popular hijackee" for lots of malware. So I went back to the use of browser proxies in .623. I have set up Opera and Firefox to use 127.0.0.1 port 1280 for http proxy, removed port 80 from the avast! redirect, and set IE to "ask". So there are two trusted browsers and one untrusted browser now, with virus scanning on the trusted and disuse of the untrusted, except where Microsoft (or other) forces me to use it on trusted sites. So if it pops up in Sygate, I will pay attention. Also watch for the avast! ball to be spinning unexpectedly. And use a longer Sygate traffic log. ::)
-
Sorry if this is getting confusing but it shouldnt make any difference if your behind a router or connected directly to the internet
as long as
DNS client is stopped/disabled (Windows XP / 2K)
Smart DNS is unticked
Sygate Pro will prompt you to allow FF or IE to access the internet if set to ask or if they are not in the trusted apps list. Also blocking both will prevent them from accessing the internet.
The reason I didnt pick this up is because being that I use a router i tend to disable non required services. So when I connected my modem directly to my network card I re-started the DNS client thinking that it would be needed in order to gain an ip from my isp. However this is not the case plus enabling it contibutes to the problem.
-
Something discussed in this thread are too technical for me to understand. Can anyone tell me:
1. Am I now not safe enough as I am using Avast 4.6.623 together with Sygate 5.6 Built 2808?
2. Is the work-around mentioned above not workable for me as my machine is running Win 98 (under which the re-direct feature is unavailable)?
3. Are there any other work-arounds?
-
Lukor,
Under normal circumstances you give FF full access for outgoing connections? Or do you explicitly permit every access?
I explicitly permit every access (IP address range, protocol, traffic direction, application/service).
What prevents you from applying the same "security measures" to WebShield process?
Hmmmm!!! That's a worthwhile idea! And to avoid the tedium of constructing a whole bunch of new rules just add ashWebSv.exe as a second application in each advanced rule written for FF. A good start but there are still kinks to be ironed out.
Does you firewall prevents your apps to execute other apps or what stops your Mr Trojans from using FF or IE to access the web?
Indeed my firewall stops apps from piggybacking on other apps! In fact I will get a warning even if an app tries to send FF to a site that is explicitly allowed in my ruleset. The mere fact that the request is not initiated by me will trigger an alert. So this is then the problem with ashWebSv.exe: Unless one can explicitly cover every possible destination, protocol/direction, etc. via advanced rules (a near impossibility), sooner or later he will have to give ashWebSv.exe a one-time permission to connect somewhere and this will lead to loss of control thereafter as to who can connect to where for the remainder of the session. This is due to a peculiarity of Sygate which, once an app is allowed to connect somewhere via an 'allow'/'deny' request, it gets the green light subsequently to connect anywhere it wishes for the current session without raising an alert.
Oh man, we must be talking only about Trojans that run in the process of Internet Explorer or Firefox, otherwise WebShield wouldn't redirect them - so you after all cannot trust all firefox connections, cause some of these might be from the in-process Trojans
Do you mean to say that only FF can get out hitching a ride on Web Scanner and no other app? Sygate suffers from a known loopback vulnerability. If a local proxy is present, then any app can get out through the local proxy. So the problem here is not confined to FF.
So just to repeat an earlier request, how can one prevent the Web Scanner from starting rather than disabling it manually after it starts with every bootup?
-
So just to repeat an earlier request, how can one prevent the Web Scanner from starting rather than disabling it manually after it starts with every bootup?
1. Uninstalling the provider (through Control Panel)
or
2. Using msconfig and disabling the startup item + disabling the Windows Service
-
DukeNukem,
Thanks for the post. I will try disabling DNS Client. However, the problem as I see it is not so much whether FF will ask for permission to connect or not. What I am afraid of is that in the presence of WebShield other apps can get out using WebShield as their local proxy due to a known Sygate loopback vulnerability. If this is the case, whether FF asks for permission to connect or not may be a moot point. It could be that I am getting a bit paranoid about this point. However, I do recall reading enough about Sygate's vulnerability in the presence of a local proxy to get more than a little unnerved.
Technical,
Thanks for the info.
-
However, the problem as I see it is not so much whether FF will ask for permission to connect or not. What I am afraid of is that in the presence of WebShield other apps can get out using WebShield as their local proxy due to a known Sygate loopback vulnerability. If this is the case, whether FF asks for permission to connect or not may be a moot point. It could be that I am getting a bit paranoid about this point. However, I do recall reading enough about Sygate's vulnerability in the presence of a local proxy to get more than a little unnerved.
That's my problem too... Indeed, I have two, this one and another local proxy.
The effect is the same, tunnelling HTML traffic due to Sygate loopback vulnerability
-
Technical,
Look at the bright side of it. You got two local proxies for the price (to pay) of one!
Which other local proxy do you have? It seems that having avast antivirus is like having a wife. A lot of compromises and work-arounds are called for. It is most probably worth it but...
Arup,
Avast Web Sheild works fine with Kerio 2.15 with software proxy loopback rule set to exclude port 12080, all sites get scanned using either Opera, FF or IE.
I confirm that I've seen no problems with WebShield in a Win98 pc with Kerio 2.1.5. In fact, I haven't even seen ashWebSv.exe at all despite setting every relevant rule to log. Everything else though shows that WebShield exists in my system. I guess I can live with it for now. As for your loopback rule, let me second Technical's request for a complete disclosure. Good to know that there are some folks like me out there still using good ol' kpf 2.1.5.
-
well this answers the question...I am using the free version of sygate 5.6 build 2008 and webshield will not work, even with the patch for webshield. I have XP sp1 and also running the spybot immunizations. I suppose for now I shall just have to disable webshield until I find another firewall that I am happy with.
RJB
-
Well what you could always do is disable the transparency of the WebShield proxy (e.g. by deleting the "80" from the list of redirected ports in webshield's settings) and manually set up your browser to use a proxy server, with the following parameters
proxy server name: localhost
proxy server port: 12080
This has been discussed in a bit more detail in other threads here on this forum...
Thanks
Vlk
-
Vlk,
Would you please give the details (i.e., go to ... click on ..., etc.) on how to adjust these settings?
Thanks
-
Hi Vlk,
Please also tell me what work-arounds I can have with my machine running Window 98. The setting of transparent web scanning and redirection in avast is dimmed for Win98.
-
The solution that Avast team have made to Web Shield in 4.6.623 is satisfactory to me as a Sygate user.
Other applications besides FireFox and IE browsers are in control of the firewall. So no app checks for updates or sends info out, etc. without my acceptance.
What Vlk told is also possible to do and adds an added security level I think. It was really IMO needed only with build 4.6.603. Some sites did not work though with it, I mention one adult chat site that used port 9000 TCP for video or needed that connection otherwise.
Not going to give you link guys :P
I have no problem that Firefox don't get asked from the firewall. I would allow it anyways. It does get asked though with other ports than TCP 80.
This is due to a peculiarity of Sygate which, once an app is allowed to connect somewhere via an 'allow'/'deny' request, it gets the green light subsequently to connect anywhere it wishes for the current session without raising an alert.
That is not so. You have allowed all the client remote tcp and udp ports by default. When Firefox first gets asked for connection, you permit it to use all those ports. You have also allowed the whole IP range in your browser application rule. That is why you dont get asked again.
-
The step-by-step instructions on how to set up a proxy server depend on which browser you're using.
For IE, the procedure is described in the avast Help file. Here's an excerpt:
Proxy server setting when using the local area network (LAN):
1. Start Internet Explorer.
2. Select Tools -> Internet Options... from the main menu.
3. Switch to page Connections.
4. Click on the LAN Settings... button.
5. Check the option Use a proxy server for your LAN
6. Write localhost into the Adress field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
7. Enter 12080 into the Port field.
8. Confirm with OK button.
Proxy server setting when using dial-up connection (modem):
1. Start Internet Explorer.
2. Select Tools -> Internet Options... from the main menu.
3. Switch to page Connections.
4. Select your dial-up connection from the list and click on the Settings... button.
5. Check the option Use a proxy server for this connection.
6. Write localhost into the Adress field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
7. Enter 12080 into the Port field.
8. Confirm with OK button.
For FireFox, the procedure is similar except that the settings are in Tools -> Options -> Connection Settings -> Manual proxy configuration. Uncheck the "Use the same proxy for all protocols" box and fill in the boxes next to "HTTP proxy".
Hope this helps,
Vlk
-
Vlk,
Thank you very much.
Jarmo P,
My experience with Sygate PFPro does not coincide with yours but let's leave it at this. It is up to the individual user to check on his/her own what is what.
-
Other applications besides FireFox and IE browsers are in control of the firewall. So no app checks for updates or sends info out, etc. without my acceptance.
I have no problem that Firefox don't get asked from the firewall. I would allow it anyways. It does get asked though with other ports than TCP 80.
That is not so. You have allowed all the client remote tcp and udp ports by default. When Firefox first gets asked for connection, you permit it to use all those ports. You have also allowed the whole IP range in your browser application rule. That is why you dont get asked again.
So no app checks for updates or sends info out, etc. without my acceptance.
This is unfortunately not true in the free version (in my current understanding) if those apps do it through IE or Firefox; even if you set-up an advanced rule to make the browsers ask for permission - once they do and it’s granted, then another program has free access through that browser without the browser having to ask for permission again (unless you reboot). To substantiate this, I made a rule, made sure Firefox and Web Shield were flagged to ask for permission, fired-up Firefox and it asked for permission (through the Web Shield asking to get on the 'net); I then updated CCleaner (nice freeware for cleaning the registry among other things, which was also marked to “ask” for permission), and it went right to its website through Firefox without ever being flagged for rights.
For those with the free version of the firewall wanting to experiment with this procedure, try it via:
· Right-click on the Sygate System Tray Icon.
· Click on Advanced Rules.
· Click on the OK to acknowledge the message.
· Click Add.
· Type a description of what the rule will do.
· Click on the Ports and Protocols Tab.
· Select UDP.
· Type 53 in the Remote Window.
· Click OK.
· Click OK.
Make sure you have the Web Shield marked to “ask” for permission as well as your browser and whatever programs you’re going to experiment with.
I think this needs to be done in conjunction with:
· Click on Start in the “Start Bar”.
· Select Control Panel.
· Select Administrative Tools.
· Select Services.
· Right click on DNS Client.
· Click on Stop.
· In the pull-down window above that, make sure that Disabled is selected.
· Click on Apply.
· Click on OK.
· X (close) out of Services.
· X (close) out of Administrative Tools.
The problem with this is and Sygate in general (at my current knowledge level) - it’s only a one-shot approach: once the program is granted permission, it doesn’t have to do it again for the current runtime (if you will) of the computer. Given that, it would be far better if Sygate updated their permission granting to provide the ability to grant or deny program access for:
· Every time it asks
· Until reboot
· Always
If anyone knows how to write a rule to make sure a give program asks every time it wants the ‘net during the current session, would you please list that procedure here point-by-point? That way Avast/Sygate users will have an excellent, stable, non-resource hogging, somewhat user-friendly mechanism for protecting them on a much more assured level.
Regards,
=AirCeej=
-
Well what you could always do is disable the transparency of the WebShield proxy (e.g. by deleting the "80" from the list of redirected ports in webshield's settings) and manually set up your browser to use a proxy server, with the following parameters
proxy server name: localhost
proxy server port: 12080
This won't help if the user has another local proxy application like Proxomitron, annonimizer tools, etc.
I know it won't be a WebShield error, but can we 'remove' transparency of the other proxies into the firewall settings?
Thanks for your time and patience Vlk ;)
-
Right-click on the Sygate System Tray Icon.
· Click on Advanced Rules.
· Click on the OK to acknowledge the message.
· Click Add.
· Type a description of what the rule will do.
· Click on the Ports and Protocols Tab.
· Select UDP.
· Type 53 in the Remote Window.
· Click OK.
· Click OK.
You made an advanced rule. Advanced rules dont get asked in Sygate and they take precedence over normal application rules. They can be disabled or abled, that is all. What sounds bad is that you made an advanced rule that allows ALL the applications you have. Even advanced rules should be application specific most of the times.
Browsers don't get asked, when webshield is running, that is true to 80 tcp traffic connection. I am not sure how Sygate would work in case there is a 'browser hijack', some other app launching a browser.
For me Avast's webshield works for me nice when running it for normal everyday surfing. When installing new software, I would not rely on the new release restrictions, and would disable it temporarily.
If not too lazy :P
-
Thanks, Vlk, for the setup procedures.
But my question is what I can do in Win 98 with regard to the loopback problem of Sygate. Is there anything I can do to work around as I am using avast and Sygate on my computer running Win 98???
If no, any other firewall software would work better with avast when using WebShield???
-
But my question is what I can do in Win 98 with regard to the loopback problem of Sygate. Is there anything I can do to work around as I am using avast and Sygate on my computer running Win 98???
I paste more from the Avast Help:
The provider works as a local proxy server. On NT-based operating systems (Windows NT/2000/XP/20003) the protection is completely transparent and it is usually not necessary to configure anything special. To enable the Web Shield on Windows 9x/ME operating systems, it is necessary to modify one setting in the Internet Options - in particular, the address and port of local proxy. So, if you want to use Web Shield on an older operating system, do the following:
Proxy server setting for Windows 95, 98, and Millennium using the local area network (LAN):
Internet Explorer:
Start Internet Explorer.
Select Tools ® Internet Options... from the main menu.
Switch to page Connections.
Click on the LAN Settings... button.
Check the option Use a proxy server for your LAN
Write localhost into the Adress field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
Enter 12080 into the Port field.
Confirm with OK button.
Proxy server setting for Windows 95, 98, and Millennium using dial-up connection (modem):
Start Internet Explorer.
Select Tools ® Internet Options... from the main menu.
Switch to page Connections.
Select your dial-up connection from the list and click on the Settings... button.
Check the option Use a proxy server for this connection.
Write localhost into the Adress field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
Enter 12080 into the Port field.
Confirm with OK button.
Note: If you use multiple connections
So I would expect that you HAVE to do that workaround, whereas XP/2000 users dont.
Does your other applications get asked from Sygate?
I bet they do, unless you hace other local proxy software, like Technical. If so, there is nothing Avast or Sygate can do to help you, you need to accept the loopback issue and live with it or change to another firewall.
-
You made an advanced rule. Advanced rules dont get asked in Sygate and they take precedence over normal application rules. They can be disabled or abled, that is all. What sounds bad is that you made an advanced rule that allows ALL the applications you have. Even advanced rules should be application specific most of the times.
Browsers don't get asked, when webshield is running, that is true to 80 tcp traffic connection. I am not sure how Sygate would work in case there is a 'browser hijack', some other app launching a browser.
Jarmo,
How is it that you took the time to write such a “response” just to be so incredibly wrong – in a public forum nonetheless? Not only does it work as I said it does for each session repeatedly, but the rights of all other programs are unaffected (those that need to ask – ask, and those that don’t need to – don’t). The only thing I haven't been able to do (the machine is behind a router, which is currently buried) is test the computer's ports from the 'net.
In the future, it would be better if you took the time to experiment with the stated software (Sygate Personal Firewall Free and Avast HE in this case) and communicate that you’ve done so given the subject at hand (with any variations in versions or setup), before embarrassing yourself while incorrectly downing someone else’s work and reputation. This will not only help your credibility in such matters, but will offer consistently reliable points or counterpoints for those needing assistance (as long as you don’t deviate).
Moreover, after you’ve actually taken the time to experiment with a poster’s findings (something you’ll need to do before doing the following) it would be better if you communicated thusly:
• “After following the poster’s list point-for-point, I couldn’t replicate it. Are you sure everything you did is listed here? Has anyone else tried this, and if so, what results did you get?”
• “In the pro version of that application I couldn’t get it to work like he said, but it does (in this version) work like this ____. I attribute this to changes in functionality between the two programs.”
• “I followed the directions of _____ and it works as described on my machine with the following additions and/or subtractions...”
In closing, if I take the time to research, experiment, and communicate certain results on my machine, it is as I say it is.
=AirCeej=
Further Observations
One nice thing about the configuration I listed on the previous page is that if FF wants to connect to a different port in the current session, Sygate asks you if it's alright; interestingly, this activity went unnoticed in my previous setup – so I obviously didn’t know it existed. Therefore, as long as there are no drawbacks to the current configuration I will continue to use it and recommend it to those with whom I consult, as it currently seems to be the most reassuring method of security with Avast HE and Sygate PFF 5.5 build 2710. What’s bothersome is I don’t know if there’s a way to get a program to “ask” for permission every time it wants the ‘net during the current session (same program/same port).
Nonetheless in this circumstance, Alwil certainly provided a means of better security, functionality, and reassurance with 4.6.623 - well done indeed!
-
jarmo is correct, even the sygate help states that advanced rules take precidence:
"Advanced rules, on the other hand, are rules that you can create directly that affect all applications. If you create an advanced rule that blocks all traffic between 10 PM and 8 AM, the rule will override all other schedules and configurations that have been set for each application.
Rules in the Advanced Rules window will apply to all applications unless they are specifically tied to an individual application"
Also enabling smart DNS allows outbound DNS UDP 53 for reply within 5 secs and blocks inbound.
Your rule will allow UDP 53 permanently
-
AirCeej, we must have misunderstood each other somehow. ???
My words were not meant as a personal attack to you.
I do know SPF quite well in the environment I run it, as a single computer connected to internet, no router or HW firewall. So it is limited I agree,
I have also experimented quite a lot with Avast regarding WebShield proxy.
But these forums, it is useless to arque about things and sorry if I started it.
Jarmo
-
jarmo is correct, even the sygate help states that advanced rules take precidence:
"Advanced rules, on the other hand, are rules that you can create directly that affect all applications. If you create an advanced rule that blocks all traffic between 10 PM and 8 AM, the rule will override all other schedules and configurations that have been set for each application.
Rules in the Advanced Rules window will apply to all applications unless they are specifically tied to an individual application"
Also enabling smart DNS allows outbound DNS UDP 53 for reply within 5 secs and blocks inbound.
Your rule will allow UDP 53 permanently
You’re kidding with this right? Unfortunately for you and Jarmo it performs– EXACTLY the way I said it does. Didn’t you read where I said that it not only works but repeatedly? Did you actually try to substantiate the findings or are you going on mere theory? Again, it will be better for you if you actually did what someone experimented with before arriving at a very incorrect conclusion while casting umbrage.
Here is a listing of the advanced rule:
• Name for the rule = Browser rule
• All hosts
• UDP remote port(s)53; both incoming and outgoing traffic
• Scheduling is disabled
• All network interface cards
• Action = blocked
• Screen saver mode = both on and off
• All applications
The above is the outcome in Sygate PFF in the way I wrote the rule with instructions from the Sygate Forum, step-by-step on the previous page.
In the meantime, instead of shooting-down some else's correct work and making yourself look foolish in the process, see if you can actually (you're gonna have knuckle-down and do the work here Steve) prove it/disprove it yourself with the stated software versions and setup (including turning-off the DNS client in Services) THEN offer supporting or contrasting fact instead of fluff-based opinion. To that end, I don't give a damn what excerpts from the help file states, it works the way I stated on my machine having obtained some insight from the Sygate Forum – so evidently in this case, they knew what they were doing. If you don’t like that there’s a discrepancy with your theory given what’s in the Sygate Help File and the proven work of others, take it up with Sygate. After you’ve actually done the work and come to supporting or contrasting results, then take it up with the poster in question.
So, here's a reeeeeeeal simple albeit freindly challenge: peform the EXACT steps I outlined on the previous page with the stated software versions in question (and just for a refresher, I'm also running XP Pro SP1), then state your outcome. In the meantime don't impugn my work when you don't know better.
-
AirCeej, we must have misunderstood each other somehow. ???
My words were not meant as a personal attack to you.
I do know SPF quite well in the environment I run it, as a single computer connected to internet, no router or HW firewall. So it is limited I agree,
I have also experimented quite a lot with Avast regarding WebShield proxy.
But these forums, it is useless to arque about things and sorry if I started it.
Jarmo
Jarmo,
We're cool. Though you may know it well on your system, you evidently don't know the free version well enough given this particular subject matter. So, instead of offering opinion in a matter you haven't specifically tried, peform the EXACT steps I outlined on the previous page with the stated software versions in question (I have PFF and if I remember right, you have the pro version, this in itself may skew the results, I don't know. But at least wipe any rules you have from the pro version, then try what i wrote), then state your outcome. In the mean time don't impugn my work when you don't know better.
-
Heh AirCeej, I have a free version of the firewall, but I think there is no difference between free and pro.
I am too lazy to continue what you or me have said, cause I am not really sure what you have said, maybe I misunderstood.
I did participate in the Sygate pro forum though with the Avast Web Shield thread. There you can read my words, if I said here something that mislead you:
http://forums.sygate.com/vb/showthread.php?s=c490e7731492d8caf6f037a9fdc854be&threadid=12947
Jarmo
-
I must have gotten lost in the discussions here. What is supposed to happen with the advanced rule/ask/no DNS service. Set up the advanced rule and turned off DNS service to see if I could figure out what was really happening. Set ashwebsv and all the browsers to ask. First observation was the traffic log filled up with blocked UDPs to ndisuio.sys from my ISPs DNS servers and started getting popup messages (from Sygate or ?) that ndisuio was blocked from accessing the network. Then accessed the network with IE, got a message asking for ashwebsv permission, said ok but not remember, went on as usual. Stopped and started IE with no more messages. Other than the ndisuio log messages and popups things appeared normal. Brought up Opera and Mozilla to access the internet, got no messages from Sygate, accessed as usual with no further requests for permission. What did I not do or misinterpret? What was supposed to happen? Didn't seem to observe any useful change in behavior. BTW, XP Pro with SP2, SPF 5.6 free, avast! 4.6.623. Could use of SP2 be different or ? BTW, tried with the DNS service both on and off; only difference was lots of retries to contact ndisuio with it off. Also tried wired and wireless NICs with no observable difference.
-
AirCeej, I thought you meant allow, but saw you put Action = blocked. your rule makes sense now, my misunderstanding. ;)
-
I have had trouble with Sygate and Webshield since the new 623 upgrade. I tried the patch and they would not work together. Sygate would work alone, or if I disabled Sygate, Webshield would work. Looking at another thread, someone suggested "repairing" the Avast install through the add remove function in the control panel.
I ran the "repair" function, rebooted my system, and now Webshield and Sygate seem to be working together without any problems so far, and this seems to have worked on both my notebook and my desktop.
Not being an expert, its worth a try, and perhaps this will help some of the others...it can't hurt.
RJB
-
AirCeej, I thought you meant allow, but saw you put Action = blocked. your rule makes sense now, my misunderstanding. ;)
Cool Steve!
-
So just to repeat an earlier request, how can one prevent the Web Scanner from starting rather than disabling it manually after it starts with every bootup?
1. Uninstalling the provider (through Control Panel)
or
2. Using msconfig and disabling the startup item + disabling the Windows Service
All you have to do is terminate the proccess in the AVAST program itself. No need to uninstall or modify start up.
-
All you have to do is terminate the proccess in the AVAST program itself. No need to uninstall or modify start up.
Ok, the user will have to do this all times and each time. That way I suggested, it will be the default behavior (i.e., disabled). :)
-
All you have to do is terminate the proccess in the AVAST program itself. No need to uninstall or modify start up.
Ok, the user will have to do this all times and each time. That way I suggested, it will be the default behavior (i.e., disabled). :)
??? Huh?
If you terminate the porcess its done. It will not restart after the next boot up.
-
The thread that'll never die!
http://www.tk421.net/gallery/sounds/itsalive.wav
-
I use Sygate PFW Pro.
Not to beat a dead horse.....
So the fix is to remove the port 80 from Avasts webshield and set up a manual proxy on my FireFox web Browser?
Or just disable Webshield alltogether?
-
So the fix is to remove the port 80 from Avasts webshield
Doing that is the same as disabling it...
Set up a manual proxy on my FireFox web Browser?
You can do that using the port 12080 ;)
-
So the fix is to remove the port 80 from Avasts webshield
Doing that is the same as disabling it...
Set up a manual proxy on my FireFox web Browser?
You can do that using the port 12080 ;)
So essentially there really is NO FIX. There are two options leave WebShield running or just disable it altogether.
Unless Sygate ever decides to fix the issue. (Holding Breath)
-
So essentially there really is NO FIX. There are two options leave WebShield running or just disable it altogether.
Unless Sygate ever decides to fix the issue. (Holding Breath)
When the transparent redirect is disabled (no 80 port) and only the browser is set to use the localhost:12080 as a HTTP proxy you would just change your previous warnings from firewall:
"Browser is trying to access the internet" for
"WebShield is trying to access the internet".
I don't see this as a great security risk unless the spyware is specially crafted for this particular setup. You can call it a fix if you like.
-
Hello All,
I also use sygate free ( version 5.6 build 2808 ), and of course a continuously updated avast home edition 4.6.623 . Lately..my computer has been acting differently, in the sense that it's been connecting to the internet by itself. And yes...I still use a dial-up connection, I can't say for sure..but it seems like this started shortly after I re-enabled the webshield function. I have the hijackthis software installed on my system, and it didn't show anything out of the ordinary. Has anyone else had this problem ? Right now...the only way I can prevent this from happening is go into internet options-connections, and choose never dial a connection. I didn't have to do that previously. Thanks for any suggestions.. ??? :)