Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Vlk on October 17, 2008, 11:50:20 AM
-
The new version has now been officially released (as 4.8.1282). Thanks to everyone who helped testing!
Hi *,
here I'm again. The next program update of avast 4.x Home/Pro is approaching, and as usual, it is my pleasure to provide you with a stable (even though pre-release) build for you to test.
How to install it (provided you have a previous version of avast Home/Pro already installed):
1. NEW! go to avast settings, and on the Troubleshooting page, disable the avast self-defense module (this is NECESSARY for the update to complete successfully)
2. download and run the following program: URL removed
3. after it completes, re-enable self-defense module (disabled in step 1.)
That's about all it takes.
This build contains quite a number of new features, but most of them are actually hidden under the hood (related to the AV engine). One nice new feature is malware URL blocking in the Network Shield provider. That is, we now block access to malware distribution sites before you even have a chance to download the bad stuff. Also, as has already been said, there's a new option to report false positives (directly from the virus alert dialog) as well as submit statistical info about a malware occurrence. We also fixed the long-standing issue related to actions on infected files with non-Latin character names and many other things that have been reported since the last update.
Any comments on this release are welcome and appreciated!
Thanks
Vlk
-
Any comments on this release are welcome and appreciated!
Great news!
Will try it soon!
Edit: Have just updated the program, all working just fine!
-
Update to Avast 4.8.1256 went smoothly without a problem, not that I expected any ;)
-
One nice new feature is malware URL blocking in the Network Shield provider.
Will we get the ability to turn this off?
-
Well, you can turn off the Network Shield provider, if you need...
-
Well, you can turn off the Network Shield provider, if you need...
Well, I'm hoping it won't have to come to that.
IMO ESET's implementation of this feature was a major annoyance at best, and I'd hate to see avast! become this way as well. Any chance of maybe a checkbox somewhere to toggle this feature on/off?
-
How this new feature of blocking malware urls works? Its like the link scanner of AVG (that now have a database of the links with malwares, so every site you visit its checked against this database, if matchs, the url is blocked)?
Thanks!
-
What's wrong? eicar.com is not being detected ???
Neither right clicking the files and scanning with ashQuick.exe ???
-
What? Don't you have some exclusions set?
-
New feature is malware URL blocking in the Network Shield provider. That is, we now block access to malware distribution sites before you even have a chance to download the bad stuff.
Well... I see no changes in the Network Shield settings... can the URL blocking be configurated? White and blacklists?
-
No, it can't; the detected URLs are in the virus database, just like the ordinary detections.
-
What? Don't you have some exclusions set?
I've removed the *.txt exclusion.
Neither of the eight variants is detected ???
-
No, it can't; the detected URLs are in the virus database, just like the ordinary detections.
Is there any site to test it? Maybe you can post an edited link ;)
-
What's wrong? eicar.com is not being detected ???
Neither right clicking the files and scanning with ashQuick.exe ???
Interesting, really... This is definitely not reproducible here. Doesnt a reboot help?
No, it can't; the detected URLs are in the virus database, just like the ordinary detections.
Is there any site to test it? Maybe you can post an edited link ;)
You can try e.g. www.gooogle.com
Well, you can turn off the Network Shield provider, if you need...
Well, I'm hoping it won't have to come to that.
IMO ESET's implementation of this feature was a major annoyance at best, and I'd hate to see avast! become this way as well. Any chance of maybe a checkbox somewhere to toggle this feature on/off?
Why was it a major annoyance? I.e. what specifically did you dislike about it?
Thanks
Vlk
-
Interesting, really... This is definitely not reproducible here. Doesnt a reboot help?
Tested again... they're not detected... I've booted after the installation... I'll do again...
You can try e.g. www.gooogle.com
It was redirected to http://www.google.com.br/ in my case on Firefox 3.0.1.
-
You can try e.g. www.gooogle.com
It was redirected to http://www.google.com.br/ in my case on Firefox 3.0.1.
This means it has NOT worked.
Seems like your avast install is somehow seriously broken, not detecting eicars and not blocking the URL above. :-\
-
One day I promise to read the instructions, guess who forgot to disable the self-defence module again ;D
Downloading now, whipping the mice to put more boost into the dial-up connection.
-
You can try e.g. www.gooogle.com
I've tried it here, with Firefox 3.0.3, Maxthon 2.1.4.443 and IE7, and it work as it should, I got an warning from avast:
"Network Shield: Blocked access to suspect site, www.gooogle.com" (or something like that, I translated the swedish message)
Nice feature, keep up the good work!
The eicar-test work also just fine, avast warned me as it should!
-
You can try e.g. www.gooogle.com
It was redirected to http://www.google.com.br/ in my case on Firefox 3.0.1.
Tech are you using OpenDNS as that might redirect misspelt URLs before your browser tries to open them ?
-
Thnx Awil Team :)
Network Shield and Eicar test are working fine here :D I Posted this pre-release on Comodo Forums :
http://forums.comodo.com/anti_virusmalware_productsother_security_products/prerelease_version_of_next_avast_update_now_481256-t28529.0.html
Greetz, Red.
-
Tech are you using OpenDNS as that might redirect misspelt URLs before your browser tries to open them ?
We'd block that either. :)
-
So the Network shield is working on outbound connections (DNS to resolve the domain name to the IP address) and not just inbound as it was previously then ?
The reason I ask is DNS is on port 53.
-
One day I promise to read the instructions, guess who forgot to disable the self-defence module again ;D
No, I didn't.
I've forgot to turn it on after ;D
We'd block that either. :)
What do you mean? I'm indeed using OpenDNS.
I'll repair my installation.
-
OK, I use OpenDNS as my dns server and the Network Shield it appears to block this before it even gets there.
My only comment is that whilst it does block and alerts 'silently' no normal avast audio visual pop-up window, just an understated listing at the bottom of the screen which disappears after about 5 seconds. The browser, Firefox 3.0.3 displays a page not found pop-up, see images.
So all in all I feel this is a very understated alert, perhaps too understated as it could go unnoticed by the user if they miss the list at the bottom of the screen, they might just wonder what the problem is with the page not found browser pop-up.
-
I'll repair my installation.
Strange... booted once and now it keep asking to boot again...
-
Sounds like something is preventing some changes in avast! folder...
What does setup.log say?
-
17.10.2008 12:01:19.000 1224255679 system Reboot set by changed resident C:\Windows\system32\drivers\aswTdi.sys
17.10.2008 12:03:24.000 1224255804 registry Cannot set reg. key:SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
17.10.2008 12:05:29.000 1224255929 registry Cannot set reg. key:SOFTWARE\Classes\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32
17.10.2008 12:07:34.000 1224256054 registry Cannot set reg. key:SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32
-
After the four tentative, and booting, eicar file is being detected and the Network Shield shown it's warning while trying phising websites. Don't ask me what happened...
By the way, we can't read the log... column width change impossible...
Also the counter of Network Shield did not increase...
-
The missing scrollbar in the NeEtwork Shield properties window will be fixed, thanks.
The scan count doesn't go up, that's by design (these are not scans per se).
Now, since you started using Comodo (with Defense+) it sounds like a logical culprit. It seems like it's blocking some file writes occasionally.
Hmmm...
I wonder if you could retry the beta install with D+ disabled.
Cheers
Vlk
-
I followed the instructions but it prevented to load Windows normally (boot start-up) so I had to expose myself naked to malware and reinstall the old version. Hope you'll solve this problem soon! :o
-
Everything is working great here and thanks Avast.
-
Awesome! Can't wait to get home from work and test this baby. I just had this feeling like avast! pre-release update is ready. And it actually was lol.
As strange as it might sound i actually missed any kind of warnings from the Network Shield.
It's sooooo cool to see it doing something lol. Yeah i know, i'm weird... ;D
(http://forum.avast.com/index.php?action=dlattach;topic=39392.0;attach=27908;image)
Will "infected count" increase when something is blocked and will "last infected" display URL of the blocked website?
-
I wonder if you could retry the beta install with D+ disabled.
I'll wait the next beta release and, if I do not forget, try to do so.
-
No problems Vista SP1 ;D
-
All fine ... very good work!
Even outlook plug-in works perfectly.
Thank you Avast Team.
Tevion
-
I followed the instructions but it prevented to load Windows normally (boot start-up) so I had to expose myself naked to malware and reinstall the old version. Hope you'll solve this problem soon! :o
We'd certainly need some more info. What exactly happened?
If there was a bluescreen or restart... is there any corresponding minidump (in Windows/Minidump folder)?
-
Funny. It seems that my ISP checks Google's URL and corrects it by itself if there are any typing errors. Tried typing www.gooogle.com and i was simply redirected to www.google.si. And i'm NOT using OpenDNS. Is there any other URL that i could use as checking tool for this new feature?
-
Why was it a major annoyance? I.e. what specifically did you dislike about it?
There have been occasions where legitimate (non-viral) content was blacked out entirely simply because of one questionable hosted file or link. There was also no option of whether you wished or not to bow to ESET's decision to control what you can or cannot view on your own computer; the only way to bypass that was to disable the HTTP scanner entirely.
I'm wondering if avast! has my ass covered if the Network Shield does indeed turn out like this, by giving me the option to disable this feature.
-
What about checkmark option like this (enabled by default):
(http://shrani.si/f/2f/4q/4CzP9QLj/blocker.png)
-
What about checkmark option like this (enabled by default):
That would be a very welcome addition indeed.
-
I followed the instructions but it prevented to load Windows normally (boot start-up) so I had to expose myself naked to malware and reinstall the old version. Hope you'll solve this problem soon! :o
We'd certainly need some more info. What exactly happened?
If there was a bluescreen or restart... is there any corresponding minidump (in Windows/Minidump folder)?
No Igor,
Everything went OK except it blocked loading programs at start-up (I restarted ( but it did not restart twice, although when it stopped loading I was nervous and shut my computer off the normal way: tried to boot a second time but same result with loading)) (no blue screen, normal windows desktop but taskbar incomplete, no internet connection, no online armor firewalll...). First time this happens with AVAST, even in beta software. No minidump file in Windows. I have to admit I have major issues with major Windows installations (some critical Windows Update installations) and my ONLINE ARMOR FW HIPS was on. But usually even with Comodo D+ I had no problems. Giving it a second try??? I have to make up my mind. Thanks! :'(
I uninstalled the beta with Revo in safe mode and downloaded the more stable and final version of AVAST HOME and tested it with EICAR.com and it works. What more?!! :) Oh yes, AVAST is installed in D:/PROGRAM FILES /AILWIL SOFTWARE :P
-
When I click on www.gooogle.com, it opens up normally as http://www.google.co.uk/
Is this what should happen?
-
No it isn't, just check my reply #23, http://forum.avast.com/index.php?topic=39392.msg330481#msg330481 (http://forum.avast.com/index.php?topic=39392.msg330481#msg330481) for what is trying to be achieved, check the images.
-
No it isn't, just check my reply #23, http://forum.avast.com/index.php?topic=39392.msg330481#msg330481 (http://forum.avast.com/index.php?topic=39392.msg330481#msg330481) for what is trying to be achieved, check the images.
I didn't receive any pop up messages when I used that www.gooogle.com link, and I don't have a Network Shield either, just a standard Shield, is that normal due to having 98?
-
Bone, who is not an "update" current, major improvements will not?
When will the final version? (NOT beta)
Thank you
-
Funny. It seems that my ISP checks Google's URL and corrects it by itself if there are any typing errors. Tried typing www.gooogle.com and i was simply redirected to www.google.si. And i'm NOT using OpenDNS. Is there any other URL that i could use as checking tool for this new feature?
This occurred with me too, but it corrected to http://www.google.co.uk
-
When I click on www.google.com, it opens up normally as http://www.google.co.uk/
Is this what should happen?
When I click on www.google.com, it opens up normally as http://www.google.ca/ because I'm in Canada EH!
Note: www(dot)gooogle(dot)com is detected as a malicious site.
-
I didn't receive any pop up messages when I used that www.gooogle.com link, and I don't have a Network Shield either, just a standard Shield, is that normal due to having 98?
This warning should be displayed...
-
Well I am maybe wrong, but I don't think the Network shield works for windows 98 S.E, and perhaps this is one of the funtions that I will just have to live without.
Perhaps someone could verify this.
Does it make a difference that I have a Standard and not a Network Shield?
And I was directed to the google .co.uk as I am in the UK.
-
I didn't receive any pop up messages when I used that www.gooogle.com link, and I don't have a Network Shield either, just a standard Shield, is that normal due to having 98?
This warning should be displayed...
Tech, are you sure, as far as I understand the Network Shield is responsible for the blocking, so if he do not have the Shield , then he don't have and this message (the blocking ability) ?
Also I just installed the new beta, and when I try to access www.gooogle.com I am being redirected to www.google.com - the URL is not blocked :-\
-
Well I am maybe wrong, but I don't think the Network shield works for windows 98 S.E, and perhaps this is one of the funtions that I will just have to live without.
Perhaps someone could verify this.
You're right, it's a NT feature (2k, XP, Vista).
-
Well I am maybe wrong, but I don't think the Network shield works for windows 98 S.E, and perhaps this is one of the funtions that I will just have to live without.
Perhaps someone could verify this.
You're right, it's a NT feature (2k, XP, Vista).
It's ok though, I am certainly not complaining, I am happy to have an Anti Virus program installed to be honest, and the Eicar message came up too so I am happy that Avast caught it so to speak.
I am always aware and grateful that there will be limitations on program upgrades, but happy enough to know that I am virus protected.
Thank you Avast.
Edit,
Also like to say that I will be choosing Avast again when the time comes to purchase a new computer, and perhaps I will need you guys help me through the process of installing it to more than likely Vista at some point, lol.
-
No it isn't, just check my reply #23, http://forum.avast.com/index.php?topic=39392.msg330481#msg330481 (http://forum.avast.com/index.php?topic=39392.msg330481#msg330481) for what is trying to be achieved, check the images.
I didn't receive any pop up messages when I used that www.gooogle.com link, and I don't have a Network Shield either, just a standard Shield, is that normal due to having 98?
Well in that case what happened is normal on old systems that don't support the network shield provider.
Network Shield provider protects your computer from Internet worm attacks. It works similarly to a firewall, even though it does not fully substitutes it. The Network Shield does not require any user interraction.
Note: This resident provider is available on Windows NT, 2000, XP, 2003, Vista, and 2008 only.
I missed your signature when replying to your first post.
-
No worries DavidR
:)
The one thing I love about Avast is not only the marvellous program, but the smooth way the VPS or Program updates or upgrades go through without hassle, unlike many other vendors I hasten to mention.
-
Yeah, Google is redirected on localized page depending on where you live. You're from UK so it redirected you there. I'm from Slovenia and i was redirected to Google Slovenia. I'm using Vista 64bit though so it should work for me.
-
downloaded and running great, definitions update later, I also received the pop up messages when I used that www.gooogle.com link, thanks
-
Will "infected count" increase when something is blocked
No. See answer from Vlk:
http://forum.avast.com/index.php?topic=39392.msg330504#msg330504
-
Just one small question, and that is on the operating systems that get automatically referred to the google of their own country instead of receiving a pop up message, is it the ISP or the browser that is doing this? it's good that this happens as you therefore do not need to retype the correct address.
-
I am a little hesitant on this one since I think there is not a 100% clear answer.
Most users accept the DNS servers provided by their ISP. However some of us override that either in our network settings or (more often nowadays) in our router configuration. I cannot imagine that this is a function of the browser natively.
In my case I am fairly certain that it is my choice of OPenDNS in my router overriding the DNS servers of my ISP that is correcting "www.gooogle.com" to "www.google.com" when I do not have the new avast beta forbidding such access.
With the avast beta and the Network provider active I get the popup advising me that "www.gooogle.com" is a malware site and Firefox telling me that the the site cannot be found. With the avast Network provider inactive I am routed to "www.google.com".
-
Thanks Alwil. No problems here on XP Home SP2.
-
I've asked guys from my ISP and they said Google is redirecting. Makes me wonder then why some guys get detection with avast! when trying to open www.gooogle.com, but i don't. It just redirects me directly, no warning from avast!.
-
Since last signature update 081017-1 Version 4.8.1256 Avast seems to be unknown in vista security center (see picture).
No activation possible.
This happens first time ever - never before i have had this problem.
Solutions given in the forums dont`t help e.g. deleting folder repository (of course first stopping security center service) and restart.
I don`t believe this will be a hard failure but its nasty seeing red shield in tray.
Thanks for helping.
Tevion
-
Mine also updated to this VPS version and is still working just fine. Have you tried repairing installation?
-
Since last signature update 081017-1 Version 4.8.1256 Avast seems to be unknown in vista security center (see picture).
No activation possible.
This happens first time ever - never before i have had this problem.
Solutions given in the forums dont`t help e.g. deleting folder repository (of course first stopping security center service) and restart.
I don`t believe this will be a hard failure but its nasty seeing red shield in tray.
Thanks for helping.
Tevion
Same here. Stopping, then restarting providers manually resolves this issue for me.
Edit: Actually, it is sufficient to just terminate and then restart the Standard Shield.
-
Mine also updated to this VPS version and is still working just fine. Have you tried repairing installation?
yes i`ve tried to repair .. was no solution
Same here. Stopping, then restarting providers manually resolves this issue for me.
yes, thanks drahnier, that was the solution, i`ve had blind eyes ... disabling all services and restart again, thats all, service center can see avast again -:)
Edit: in my case it will be a firewall problem ... its hard to find out whats going on ... never before vista firewall control did block
avast components in a such hard way
-
With the avast beta and the Network provider active I get the popup advising me that "www.gooogle.com" is a malware site and Firefox telling me that the the site cannot be found. With the avast Network provider inactive I am routed to "www.google.com".
That is the expected behavior (the first part, I mean) - no matter what DNS you use.
Why it doesn't work for quite some people, I can't say (don't know much about this part personally)... so I'd rather wait for Vlk or Lukor with that. (Maybe it could be related to firewall somehow...?)
-
I tried going to "www.gooogle.com" and got the warning message from avast but after I got the bleu screen of Death ??? ???
Any idea on how to fix this ??
Al968
-
Uh, now that certainly shouldn't happen ;)
Please send us the corresponding minidump file (it should be in Windows\Minidump folder - and its timestamp should correspond to the crash).
Thanks.
-
Ok, I uploaded to the FTP server, the name of the file is : Mini101808-01.dmp
Thanks for your quick responce
Al968
-
Thanks. Can you please post some info about your "network subsystem"? (I mean, firewall... and stuff like that).
-
I use comodo firewall 3, I disabled Defense+ when installing the beta.
I am running Windows xp Pro SP2 (French Version).
Anything else ?
Thanks
Al968
-
(http://shrani.si/f/1R/O7/zQ0VwH0/blocked.png)
This screenshot is from the Web Shield URL blocking feature. Would it be possible to include similar "block" message for Network SHield when it blocks malicious webpage (possibly in more red colored theme).
This way you'd notify user that he attempted to visit bad site plus you'd get rid of the Firefox error message because of unreachable webpage. If Web Shield can do it, i se no reason why Network Shield could not do the same.
-
I would support this suggestion as the current alert as it is (for those that it actually alerts for) too understated and the user really needs it made clear that/why avast has alerted/blocked access to the site/link they were trying to visit or redirected too.
-
Just typing from IE7...
Something is seriously wrong with this new version of avast!. It happened for the second time (first one was right after the update to beta version, otherwise it never happened anything like this with last official version of avast!) that Firefox locked up completelly.
Firefox process is running but i can't terminate it or do anything with it. And before this happened, avast! decided to report to Security Center that it's disabled (even though it was in fact running) right after i finished installing new drivers for my X-Fi Xtreme Music soundcard. Then i stopped it and enabled it back (so Security Center is reporting it correctly again). And then the above problem started.
EDIT:
There. It took 5 minutes for something (i assume it's avast!) to release Firefox from it's claws and now it's working like nothing happened.
EDIT2:
Rebooted the system because of X-Fi drivers that i just installed and after 5 minutes after boot, avast! again reporting that it's disabled even though it's not (in Vista Security Center).
EDIT3:
Just been playing with my westie and when i came back Security Center warning was there again :(
-
Ok, since upgrading to this Beta version of Avast my internet connection is very slooow but disabling network shield improve things. Does anybody having the same issue?
-
first i have to say that the new version is working quiet well!
one thing is that there is a wrong translation in the german version in the webshield provider-settings:
"Benutze intelligentes Datenflußüberwachung" has to be "Benutze intelligente Datenflussüberwachung"
additionally i would write "Aktiviere Webüberprüfung" or "Aktiviere Web Überprüfung" instead of "Schalte Web Überprüfung ein"
-
(http://shrani.si/f/1R/O7/zQ0VwH0/blocked.png)
This screenshot is from the Web Shield URL blocking feature.
i don't see such site in my browser (IE8, Google Chrome, Opera 9.6) if anything is blocked. in my case there only is a message in the right lower corner of my desktop that the connection has been blocked...
-
Read my post again and visit 4th tab in the Web Shield provider settings :P ;)
My post and that feature are related.
-
oh, sorry i didn't read your post very close...!
i really like that idea of including this page to the malware-site-blocker...
it doesn't look very good if theres just something like "the page cannot be displayed" from the browser or something like that...
the user would immediately know what has happend (or not)!
EDIT: are you also going to include something like a phishingfilter? ( or in avast 5?! or never?)
-
This screenshot is from the Web Shield URL blocking feature. Would it be possible to include similar "block" message for Network SHield when it blocks malicious webpage (possibly in more red colored theme).
No, I'm afraid that's not technically possible.
I don't think that the blocking will occur often for most of the users... I mean, how many users visit infected sites?
-
Something is seriously wrong with this new version of avast!. It happened for the second time (first one was right after the update to beta version, otherwise it never happened anything like this with last official version of avast!) that Firefox locked up completelly.
Firefox process is running but i can't terminate it or do anything with it. And before this happened, avast! decided to report to Security Center that it's disabled (even though it was in fact running) right after i finished installing new drivers for my X-Fi Xtreme Music soundcard. Then i stopped it and enabled it back (so Security Center is reporting it correctly again). And then the above problem started.
Anything in Event Log?
-
Nope, nothing. Like everything is in perfect order.
-
Hmm... maybe a full dump would reveal something (where the process is locked)...
But as I said, I'd rather wait for Vlk (who seems to be away right now) or Lukor - the URL blocker is not really my cup of tea ;)
-
i am using ONLINE ARMOR free firewall . does it go along with the latest avast?
thanks in advance
-
one thing is that there is a wrong translation in the german version in the webshield provider-settings:
"Benutze intelligentes Datenflußüberwachung" has to be "Benutze intelligente Datenflussüberwachung"
additionally i would write "Aktiviere Webüberprüfung" or "Aktiviere Web Überprüfung" instead of "Schalte Web Überprüfung ein"
OK, I'll change that.
If you'll have any other suggestions regarding the German translation, you can send them directly to me via PM. Thanks!
-
i am using ONLINE ARMOR free firewall . does it go along with the latest avast?
thanks in advance
like every times i'd say that there are no problems with any other software...
its stable but officially just a beta...
-
i am using ONLINE ARMOR free firewall . does it go along with the latest avast?
thanks in advance
Yes it does.
its stable but officially just a beta...
I think a stable version was released some weeks ago for XP and Vista.
-
ONLINE ARMOR FW: I would deactivate HIPS first. Comodo: shut OFF Defense +. ;D
-
(http://forum.avast.com/index.php?action=dlattach;topic=39392.0;attach=27928;image)
Any way to disable that "Do not show me this window anymore" line below? I hate it.
-
A bit more info about the new malware URL blocking feature:
1. the www.gooogle.com link is just a test URL that will be removed from the database before the product is officially released. Now I think it was not the smartest one to pick because meanwhile (it must've been in the last couple of weeks) Google itself bought the domain and is redirecting it to its main page (this is not a DNS thing, it's a HTTP "Object moved" thing I think).
2. Indeed, the feature is available only for NT based systems, i.e. NT4/2000/XP/Vista. I'm not sure we've actually tested it on Vista 64, I'll have that checked (but it is definitely supposed to work there once the product is officially released)
3. It is our intent to populate the URL database only with URL's hosting just malware (especially binary malware). This means that the current plan is to not use it for blocking pages. To that end, it doesn't make much sense to have Network Shield send a HTML content similar to the Web Shield blocking message (as it wouldn't be rendered in the browser anyways). Also, because of this, I'm not sharing solcroft's concerns (see above on page 1).
4. Technically, the feature works on both DNS and HTTP level. That is, full domains are blocked on DNS level while finer-grain URLs only on HTTP.
5. It's actually quite a good idea that we could use the Scanned Count / Last Scanned / Last Infected fields of the Network Shield provider to display info about the URL filtering engine. We'll look into that.
6. I don't believe it's necessary to actually have a separate check box that would turn URL blocking on/off - as frankly, the Network Shield isn't doing that much extra work besides the URL filtering now.
7. If you started experiencing unexpected lags/lockups in your browser after installing this beta, chances are it is indeed related to this new feature. It would be very useful if you could work with us on solving this issue, which we definitely hope to fix before the product is released.
BTW for those who're having issues with avast (not) registering in the Windows Security Center (WSC). I'd assume all of you are running Vista SP1. Starting with this new build, we're using the new Vista SP1 WSC interface. This is a new code, and may indeed contain some bugs. It would be helpful to get as much information about the issue as possible so that we can try to also resolve this asap.
On a side note, the WSC problem is in no way related to the Network Shield / URL blocking issues -- these are just two separate things.
Thanks
Vlk
-
I'm not having any problems with this beta, everythings fine. :)
I haven't tried IE or Firefox, though. I'm an Opera user. :)
I'll try to get around to try ff & IE later. ::)
-
Hi Vlk what sort of info would you require ? I am running SP1 and have come across this problem. But only on reboots, once I stop and start the standard shield provider it works untill the next boot
-
I tried yesterday www.gooogle.com on siteadvisor and it screened green. Isn't it the WebShield job to prevent a site like that downloading malware? Isn't it redondant having Network Shield? A waste of resource??? :-X Is it going to slow the internet connection even more???
-
Hi Vlk what sort of info would you require ? I am running SP1 and have come across this problem. But only on reboots, once I stop and start the standard shield provider it works untill the next boot
So, what exactly takes place? You reboot the system, and the WSC says that avast! is turned off?
I tried yesterday www.gooogle.com on siteadvisor and it screened green.
See my post above, item 1.
Isn't it the WebShield job to prevent a site like that downloading malware? Isn't it redondant having Network Shield? A waste of resource??? :-X Is it going to slow the internet connection even more???
Not really. I don't expect any slowdowns as it is relatively lightweight.
It's a new, powerful weapon against things like server-side polymorphism which is getting increasing popular among malware authors.
We can talk about this later, let's focus on fixing the existing issues so far.
Cheers
Vlk
-
I have taken the beta off as it slowed internet searches far too much. Turn network shield off and it was much better. This was with !E7, Opera and Firefox. Firewall is Comodo and Spyware Doctor. Laptop using XP Home fully updated. Uninstalled and pt old final version back on and working OK now.
-
I have taken the beta off as it slowed internet searches far too much. Turn network shield off and it was much better. This was with !E7, Opera and Firefox. Firewall is Comodo and Spyware Doctor. Laptop using XP Home fully updated. Uninstalled and pt old final version back on and working OK now.
What OS are you using?
And was it locking the browser completely, or just somewhat slowing down things?
(I.e. was it like something RejZor described in this post: http://forum.avast.com/index.php?topic=39392.msg330686#msg330686 ??)
Thanks
Vlk
-
Sorry I thought I put system in, XP Home fully updated. IE7 etc take for ever to load from links and to do searches. Turn off (next bit was lost between me and getting on post?!) Network shied and OK. Put old version back on and alls well.
Newly added 19/10/08 I and many others had the same problem when a version 5 of Spyware Doctor was released. Many of us had to role back to version 4 to get workable internet searching. After a number of updated it was OK and has been since.
-
Yes that is correct Vlk. On reboot Vista states that Avast is not running. However checking services, all is well and the ball doth turn ;D with incremental counts for files scanned at boot. What is then required is to terminate Standard shield and then restart, just long enough to click the no button and then restart. I am talking seconds here. Windows then says it is working.
The only other programmes that I have running are SAS Pro and windows defender ( very light start)
-
I've also noticed one strange thing. When i try to open www.gooogle.com on my host system running Vista x64 i get no warning, just redirection to my local Google page. But if i type the same URL into browser inside VirtualPC 2007 (running WinXP Pro 32bit), i get avast! warning.
Why is so? Is Network Shield not working right under Vista (or 64bit version specifically)?
-
Yes that is correct Vlk. On reboot Vista states that Avast is not running. However checking services, all is well and the ball doth turn ;D with incremental counts for files scanned at boot. What is then required is to terminate Standard shield and then restart, just long enough to click the no button and then restart. I am talking seconds here. Windows then says it is working.
The only other programmes that I have running are SAS Pro and windows defender ( very light start)
My take is that this is caused by the fact that avast actually starts earlier than the WSC service, so WSC misses avast broadcasting its start.
Should be fairly enough to fix...
Cheers
Vlk
-
Hm, but why does then this happens in intervals? I mean you disable and enable it, Security Center refreshes, but after some time it will again show wrong avast! status. Thats not exactly related to startup(bootup) only, if you ask me.
-
now after testing the new beta for some time i definitely can say that everything is working perfectly on my vista sp1 64bit with outpost fw and spybot sd...
yours
onlysomeone
-
BTW for those who're having issues with avast (not) registering in the Windows Security Center (WSC). I'd assume all of you are running Vista SP1. Starting with this new build, we're using the new Vista SP1 WSC interface. This is a new code, and may indeed contain some bugs. It would be helpful to get as much information about the issue as possible so that we can try to also resolve this asap.
Last boot, WSC did not recognize avast.
Need to disable avast and enable again.
Vista Business 32bits.
-
Problem with the new false positive reporting.
I did my weekly on-demand Standard, no Archive scan and found a tool on my system which has been there for some time. This file swsc.exe is contained in rdrivrem.zip (a tool), which has been on my system for some time. I believe this has been previously detected and also reported as an FP that was subsequently corrected.
I didn't report it using the new FP link on the alert as I was off-line at the time. So I left the results list displayed and connected, I then right clicked on the file in the list and chose scan, this time on the alert I clicked the link and filled the details, ticked the 'I know what I'm doing box' and clicked submit only to be told it was incomplete. I couldn't get it to work.
I closed the list and SUI and used ashQuick to scan the file and went through the same process again only to get the Incomplete window again (all fields that could have been entered had data, the top two fields being greyed out), so I clicked Submit again and ashQuick.exe fell over, see images.
-
Second issue.
After my weekly scan I had in the order of 190 files unable to be scanned 'password protected' the files were in my downloads\actioned folder which were previously no problem, one file I recall realalt180.exe had multiple password protected.
So I don't know if this is related to the new unpackers included in the beta, but the strange thing is a scan with ashQuick.exe didn't bat an eye lid at this file.
On-demand Standard Scan without archives:
I also noticed my total files scanned and the duration (twice as long as normal) was up quite a lot. So I don't know if that too would be related to the new unpackers.
-
Hi. I installed it on a Windows XP SP3 system. Everything seems to be as usual.
No, it can't; the detected URLs are in the virus database, just like the ordinary detections.
Is there any site to test it? Maybe you can post an edited link ;)
You can try e.g. www.gooogle.com
I tested www.google.com. When I type it in the address bar, Avast! doesn't warn anything but when I click the link in browsers, Avast! Network Shield warning pops up. Is this how it supposed to work? The router uses OpenDNS, instead of ISP.
-
Second issue.
After my weekly scan I had in the order of 190 files unable to be scanned 'password protected' the files were in my downloads\actioned folder which were previously no problem, one file I recall realalt180.exe had multiple password protected.
So I don't know if this is related to the new unpackers included in the beta, but the strange thing is a scan with ashQuick.exe didn't bat an eye lid at this file.
On-demand Standard Scan without archives:
I also noticed my total files scanned and the duration (twice as long as normal) was up quite a lot. So I don't know if that too would be related to the new unpackers.
can you post few lines related to the password protected archives from your log? can you see the difference against the previous state (what was in the log before the update to 1256 - was it "archive corrupted" or nothing?)? the unpackers added to this beta may affect many files, so it's quite possible to see the growing count of total files scanned, but that's hard to say without knowing anything about your data set characteristics (number and size of archives, plain PE files, packed PE files, installers)...
-
My issues with this beta so far:
- Security Center failing to detect proper avast! status under Vista 64bit (seems to work fine in VirtualPC with WinXP 32bit)
- complete Firefox lockups when i run Firefox (that don't occur with final official version of avast!)
- Network Shield does NOT detect www.gooogle.com under Vista 64bit (seems to work fine in VirtualPC with WinXP 32bit)
Now the guys at ALWIL seem to have an idea what to do with Security Center, but what about my other 2 problems that are far more serious than just Security Center failing to detect avast! status properly.
-
Hm, but why does then this happens in intervals? I mean you disable and enable it, Security Center refreshes, but after some time it will again show wrong avast! status. Thats not exactly related to startup(bootup) only, if you ask me.
Probably I didn't understand, I thought it was an OS startup issue only. So you're saying that on your system, WSC just suddenly starts thinking avast is disabled? Just like that - with no obvious trigger?
Problem with the new false positive reporting.
I didn't report it using the new FP link on the alert as I was off-line at the time. So I left the results list displayed and connected, I then right clicked on the file in the list and chose scan, this time on the alert I clicked the link and filled the details, ticked the 'I know what I'm doing box' and clicked submit only to be told it was incomplete. I couldn't get it to work.
Aha, OK, an archive. That looks like like a bug (the dialog is not prepared to handle archives I'm afraid). We'll fix that, thanks for reporting.
BTW you don't have to be online in order to create the submission. It will take place during the last VPS update.
Cheers
Vlk
-
Yes, just like that. All the sudden WSC pops up. I disable and enable avast! and it's good for lets say 5-10 minutes after which WSC pops up again. I repeat the disable/enable process and i'm again good for those few minutes.
EDIT:
I'll reinstall beta again and see if it repeats...
-
So it is 5-10 minutes?
Can you please measure how much it is, exactly? (and if the interval is always the same).
Thx
Vlk
-
I'm suspecting self-defense part but will try to find the actual pattern...
-
After my weekly scan I had in the order of 190 files unable to be scanned 'password protected' the files were in my downloads\actioned folder which were previously no problem, one file I recall realalt180.exe had multiple password protected.
The easiest thing to do would be uploading the file in question to our FTP - I'd check it.
But yes, I'd assume these files are newly detected as archives by the updated unpackes, while they were not detected at all previously.
-
Is there any other URL apart from www.gooogle.com that i can try? Because i'm constantly getting direct redirects to www.google.si and thats really not helping me to debug Network Shield issues... if some other malicious URL is also not detected (have no clue which one might also be) then it's quite possibe Network Shield is not even doing its job...
-
So it is 5-10 minutes?
Can you please measure how much it is, exactly? (and if the interval is always the same).
Thx
Vlk
FWIW: For me (Vista SP1 32Bit) it's "just" a startup issue; no repeated security center popups. Terminating, then re-starting standard shield clears it once and for all (until next reboot that is).
-
I take no reply is good news. I guess the beta is working properly at my end. I finished a system scan including archives with no problem at all.
Is there any other URL apart from www.gooogle.com that i can try? Because i'm constantly getting direct redirects to www.google.si and thats really not helping me to debug Network Shield issues... if some other malicious URL is also not detected (have no clue which one might also be) then it's quite possibe Network Shield is not even doing its job...
I'm not against the idea of possible another url candidate but, if you are redirected at all, then, it means it's not working properly.
-
My issues with this beta so far:
- Network Shield does NOT detect www.gooogle.com under Vista 64bit (seems to work fine in VirtualPC with WinXP 32bit)
Hi RejZoR,
would you be willing to make a packet capture during the http://www.gooogle.com access?
The best way would be with the Wireshark packet capturing tool. It can be downloaded here: http://www.wireshark.org/download.html
This is a very nice tool, very stable a respected. Should work on Vista 64bit.
Capturing is fairly straight forward, I may guide you if needed. Just click Capture, try to access http://www.gooogle.com and the save the captured data from File/Save AS.
Thanks a lot,
I'll send you some more URLs to test via PM.
Lukas.
-
My take is that this is caused by the fact that avast actually starts earlier than the WSC service, so WSC misses avast broadcasting its start.
Should be fairly enough to fix...
Darn you beat me to it I was going to suggest that
-
Guys, it seems there are few separated problems in this beta. I'm closing this thread, instead please open new threads in BETA (http://forum.avast.com/index.php?board=15.0) board with links to the initial description here (or copying the most relevant info). Thanks.
-
BTW a new beta refresh is now available (4.8.1263)
http://forum.avast.com/index.php?topic=39504.0
Thanks
Vlk