Avast WEBforum

Business Products => Avast Business => Cloud Management Console & Clients => Topic started by: iComms on October 05, 2015, 12:01:50 AM

Title: SSL Site Blocked with Strange Message by Avast!
Post by: iComms on October 05, 2015, 12:01:50 AM

Hello, been using the product for a while and I really do like it.

I found a potential problem with at least one SSL site, the URL is below and it is a valid online banking one we use:

https://my.if.com/Security/Auth/Logon

I have attached the images the web page shows in Safari/Firefox and Chrome.

As soon as I add it as an exception in the Avast! Web Shield, the page opens fine.

Can you put some sort of message on the web page when Avast! does this please? 

At least then we know what is causing it rather than troubleshooting other possible issues or thinking the site is down.

Thanks,

Adrian.

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: polonus on October 05, 2015, 01:46:54 AM

I see delegation problems, see DNS report http://dnscheck.sidn.nl/?time=1444001492&id=1831200&view=basic&test=standard
See: http://toolbar.netcraft.com/site_report?url=https://my.if.com
Custom errors :Fail and warnings:
https://asafaweb.com/Scan?Url=https%3A%2F%2Fmy.if.com%2FSecurity%2FAuth%2FLogon
Certificate chain issues on external link, see: https://www.virustotal.com/nl/domain/se.symcd.com/information/
-> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fse.symcd.com

But naturally the final verdict has to come from an Avast Team member as why this url was blocked.
We are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: iComms on October 05, 2015, 05:59:06 PM

Thanks for that, totally agree.

I would prefer it if a message on the webpage appeared indicating that Avast! had encountered a problem, would you like to add an exception to the web filter etc. etc. rather than a generic page failure.

Adrian.

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: iComms on October 07, 2015, 10:47:58 PM

I have logged this one with tech support, maybe somebody here can help.

Forgot to mention these are Apple Macs we are talking about.

If I add a web exception to Avast! from the portal through a template, for https://my.if.com (or other combinations e.g. https://my.if.com/*), the settings show up in the Avast! client  but the website gets the SSL error, no warning that it is Avast! doing it and the site does not load.  So the portal is pushing the settings to the Mac but not working.

If I add an exception to the Avast! program itself on the Mac for my.if.com, I firstly get a prompt for an admin username and password on the Mac (Common practice when a program tries to change system settings) then the site is added and it loads fine. The entry looks exactly the same as if I added it from the portal but it works.

Any ideas?

Adrian.

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: Michael P. on October 08, 2015, 04:02:39 PM

Hello,

In our testing environment, if you add the exclusion in the portal as (my.lf.com), without the parenthesis, and use HTTPS as the service, it should sync to the client and allow access to the site.  What version of OS X are you running and what program version of Avast?

Thanks,

Michael P.
AVAST Support Team

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: iComms on October 08, 2015, 05:01:19 PM

Hi Michael, thanks for replying:

Mac OS X 10.10.5 (Yosemite)

Program is up to date: version 11.2.45153, release date 09/07/2015

I have added all sorts in, wildcards, my.if.com, it picks the setting up from the portal but does not allow the website through.

Do it locally and it works just with HTTPS as the service and my.if.com as the URL

Adrian.

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: Michael P. on October 08, 2015, 07:01:38 PM

Quote from: iComms on October 08, 2015, 05:01:19 PM

Hi Michael, thanks for replying:

Mac OS X 10.10.5 (Yosemite)

Program is up to date: version 11.2.45153, release date 09/07/2015

I have added all sorts in, wildcards, my.if.com, it picks the setting up from the portal but does not allow the website through.

Do it locally and it works just with HTTPS as the service and my.if.com as the URL

Adrian.

Adrian,

I changed your portal to reflect the exclusion as (my.if.com) instead of (my.if.com/*).  Please allow it a few minutes to sync and let us know via a ticket in our support system (support.business.avast.com)  if it still does not allow, as we may need to collect log files.

Thanks,
Michael P.
AVAST Support Team

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: iComms on October 08, 2015, 08:37:21 PM

Yep, I can see it on my Mac, but site is still blocked.

Will log a call and quote this thread.

Thanks!

Adrian.

Title: Re: SSL Site Blocked with Strange Message by Avast!
Post by: polonus on October 10, 2015, 04:01:11 PM

Certainly not enough minusses to qualify a blocking, it coud pass all green, but there is enough insecurity found up for a downgrade to C-status: https://globalsign.ssllabs.com/analyze.html?d=my.if.com&s=195.171.220.120
Downgrade attack prevention   No, TLS_FALLBACK_SCSV not supported (more info) etc. etc. Weak SSL and so not "the best value for your money" to put it ironnically, ;)

polonus