Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: m00nbl00d on November 10, 2010, 03:02:07 AM

Title: [Suggestion] Network Shield whitelisting
Post by: m00nbl00d on November 10, 2010, 03:02:07 AM
Don't be scared! That's not what you're thinking! What I mean is to have the chance to whitelist other apps that may be scanning HTTP traffic as well, so they don't fight each other. Please, don't come with the "Keep just one". It's the users will to have this feature, hence making each scanning URL app/component work together and properly. Both apps have different purposes, but there might be an occasion they might detect same threat at a same website.

It would just be welcome to whitelist XYZ URL scanner from avast! Network Shield.

Thanks
Title: Re: [Suggestion] Network Shield whitelisting
Post by: m00nbl00d on November 12, 2010, 01:52:02 AM
-Edit-

I thought that adding an exclusion to the avast! general settings would stop avast! shields, including network shield, from monitoring as well? It still monitors, though.
Title: Re: [Suggestion] Network Shield whitelisting
Post by: m00nbl00d on November 13, 2010, 01:50:19 AM
-Edit-

I thought that adding an exclusion to the avast! general settings would stop avast! shields, including network shield, from monitoring as well? It still monitors, though.

OK.

According to the help file, adding exclusions to the general avast! settings would exclude the path from manual and scheduled scans, as well as from the shields. It mentions shields, and I assume Network Shield is also included. Is this correct? Because, if it is, then avast! 5 Network Shield clearly has a bug, because excluding an application path in general settings will still result in Network Shield block XYZ URL scanner from scanning XYZ website, if Network Shield tags it as well. (I'm not discussing whether or not one should have both, rather why Network Shield won't stop blocking the URL scanner, if it also finds bad content, considering the help file mentions shields and not XYZ shield(s). There's a difference here.)

Would anyone shed lights on this doubt?
Title: Re: [Suggestion] Network Shield whitelisting
Post by: DavidR on November 13, 2010, 02:07:20 AM
You are misreading the help file, manual and scheduled 'on-demand' scanning is covered in the avast Settings, Exclusions. Exclusions relating to the resident Shields is covered in their respective Expert Settings, Exclusions. Not all shields have an Expert Settings option, the Network Shield being one Behaviour Shield being the other.

Quote from: Extract from the help file
Keep in mind that any exclusions specified here apply to all on-demand scans (manual and scheduled). If you want to exclude files only from a specific manual or scheduled scan, use the Exclusions page in the scan settings. To exclude files only from being scanned by any of the real-time shields, use the Exclusions page in the real-time shield expert settings.

Title: Re: [Suggestion] Network Shield whitelisting
Post by: m00nbl00d on November 13, 2010, 02:19:18 AM
You are misreading the help file, manual and scheduled 'on-demand' scanning is covered in the avast Settings, Exclusions. Exclusions relating to the resident Shields is covered in their respective Expert Settings, Exclusions. Not all shields have an Expert Settings option, the Network Shield being one Behaviour Shield being the other.

Quote from: Extract from the help file
Keep in mind that any exclusions specified here apply to all on-demand scans (manual and scheduled). If you want to exclude files only from a specific manual or scheduled scan, use the Exclusions page in the scan settings. To exclude files only from being scanned by any of the real-time shields, use the Exclusions page in the real-time shield expert settings.


Hello,

Thank you for your feedback.

Then, the problem lies on whoever translated the English/Czech version to Portuguese, because in the help file there's a mention to the shields.

Quote
Tenha em conta que quaisquer exclusões especificadas aqui são aplicadas a todas as verificações (manuais e agendadas) e também aos escudos em tempo real. Se quer excluir ficheiros apenas de uma verificação manual ou agendada, use a página Exclusões nas definições de verificação. Para excluir ficheiros de apenas serem verificados por algum dos escudos em tempo real, use a página Exclusões nas definições avançadas dos escudos em tempo real.


The bold part means "also to the real-time shields".

So, someone made a mistake. I was interpreting what was there to read. This is clearly misleading, for what it seems.

Regards
Title: Re: [Suggestion] Network Shield whitelisting
Post by: DavidR on November 13, 2010, 03:06:35 AM
You're welcome.

I can only go by what is in mine, hopefully it will be corrected soon as my post reflects how it actually works.
Title: Re: [Suggestion] Network Shield whitelisting
Post by: m00nbl00d on November 13, 2010, 03:11:52 AM
You're welcome.

I can only go by what is in mine, hopefully it will be corrected soon as my post reflects how it actually works.

I guess that, after all, it is a wish. :)

Hopefully, a next version will allow to white-list. I wonder why both Network and Behavior Shield wouldn't have a white-listing option, though.
Title: Re: [Suggestion] Network Shield whitelisting
Post by: DavidR on November 13, 2010, 04:44:13 AM
Well personally I feel that white listing for the Network Shield can be very dangerous. One of the most common means of attack now is from hacked sites and you only need to browse the viruses and worms forum to see this. Many report sites that they say are safe as they have used them for years, yet they have been hacked.

Whilst this is an old article, it is none the less still very relevant - See http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/ (http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/).

Now under normal circumstances the Web Shield would be first to detect a hacked site, detecting the potential exploit script in the page source, etc. These detections contribute to the avast community. If enough detections are made and reported by those participating in the avast community, then that site would be added to the malicious sites list for the Network Shield.

In the past the Network Shield has proven to be very accurate.
Title: Re: [Suggestion] Network Shield whitelisting
Post by: m00nbl00d on November 13, 2010, 03:14:37 PM
I agree with that, but, unless I'm misunderstanding you, what does that has got to do with whitelisting an URL scanner application from the Network Shield?

Please, note that I'm not asking to be possible to whitelist websites/urls. And, talking about whitelisting URLs, avast! Web Shield already allows to do just that.
Title: Re: [Suggestion] Network Shield whitelisting
Post by: DavidR on November 13, 2010, 03:41:05 PM
That wasn't too clear to me as to what your intention was:

Well first off I think that a URL scanner app can't be excluded in any shield as avast doesn't exclude applications and what they are doing. You can't exclude everything that it does, you can exclude the actual file from being scanned, but not its activity.

URL scanners may work in a way that conflicts with either the web shield or network shield. If they use a proxy to achieve this, etc. Then that proxy has to be coordinated with the web shield proxy to ensure no conflict or you could end up with the web shield not protecting against http port 80 malicious traffic.

Personally I see little benefit with URL Scanners as you have both the web and network shields, many pre-scan links that you haven't visited or may not visit just because there is a link on the page you are on. This to me is wasted effort and may well slow browsing or conflict with the web shield proxy (see #### below).

####
The network shield blocks known malicious sites and it gets some of that information from the avast community due to web shield detections.

Both the web shield and the network shield have a very high detection rate and also a very high positive/good rate, so personally I don't feel the need for a URL scanner. You could also use something Like OpenDNS which can also be set to block certain sites at DNS query level.

~~~~
The exclusions in the web shield in my opinion are just as dangerous for the same reasons. People are in an all fired rush to exclude something even after avast alerts on it without any investigation to confirm the detection/s.