Security leak?

[Sparan]

I'm not very techy so please bear with me but it seems that since I installed Avast, my firewall (Kerio) no longer does it's job! For example if I specifically try to block a program  like Ad-Aware in Kerio from going outbound, I can still update it and it doesn't show up in Kerio's logs!  Is this to do with the Web Shield/Web Scanner acting as a proxy and if so, what do I do to correct the situation as a firewall that does not control outbound traffic isn't very good.
I assume this matter must have been discussed before (I looked around but couldn't see anything) so I would appreciate a link or an explanation if someone would be so kind.

[fredra]

Hi Sparan
I hope this helps...go here and read BZ's (kerio guru) explaination in #12 message.
http://www.wilderssecurity.com/showthread.php?t=69544
He gives some detail on what to setup in Kerio.
Also, there is some clarification by VLK, in the same thread.
Cheers 

[artamangr]

Does that mean that webshield scans outgoing http streams as well?

[Vlk]

To start, you should update to v4.6.623. This version only filters (intercepts) traffic coming from specific applications.

[lee16]

To start, you should update to v4.6.623. This version only filters (intercepts) traffic coming from specific applications.

Does this sort out the problem the webshield was having with Sygate?

--lee

[DavidR]

To start, you should update to v4.6.623. This version only filters (intercepts) traffic coming from specific applications.

Does this sort out the problem the webshield was having with Sygate?

--lee

Until Sygate resolve the ablilty to monitor localhost proxy traffic, this issue has been know about for a very long time but it has yet to be resolved. So I doubt that this 4.6.623 release will make a blind bit of difference to the sygate security hole.

http://forums.sygate.com/vb/showthread.php?s=de402c841bcc0b077d6bc116bcba5f47&threadid=12947

[Vlk]

Actually it does make a difference. With the exception of the programs on the approval list of avast, no WebShield scanning is now taking place and therefore Sygate sees everything as usual (outbound access to remote hosts).

[DavidR]

Actually it does make a difference. With the exception of the programs on the approval list of avast, no WebShield scanning is now taking place and therefore Sygate sees everything as usual (outbound access to remote hosts).

That's good, thankfully it hasn't taken anywhere near as long as Sygate have taken to resolve the local proxy leak.

Is there any way to find out the programs on the approval list?

[Vlk]

Currently, just the mainstream browsers are on the list (including IE, mozilla, firefox, MyIE2 and Maxthon).
Some more info is here: http://forum.avast.com/index.php?topic=11997.msg101370#msg101370

[Jarmo P]

That is really good Vlk!
It really is not so bad when it remains just to trusted browsers and stuff that gets possible virus/trojan web traffic. Just what the web shield is for

[stevejrc]

does this mean that sygate will work correctly now e.g. asking for access instead of letting everything through webshield ?   bit confused 

[Vlk]

Yes stevejrc that's what I'm saying.

[stevejrc]

  cool   have a budvar on me

[Lisandro]

Yes stevejrc that's what I'm saying.

This is not working if you have a local proxy...
Maybe, as usual, I'm doing something wrong... 

[Lisandro]

Until Sygate resolve the ablilty to monitor localhost proxy traffic, this issue has been know about for a very long time but it has yet to be resolved. So I doubt that this 4.6.623 release will make a blind bit of difference to the sygate security hole. http://forums.sygate.com/vb/showthread.php?s=de402c841bcc0b077d6bc116bcba5f47&threadid=12947

David, do you know if any other firewall does this job?
I mean, neither Kerio not Sygate seems to filter the outbound HTTP traffic if you're using a local proxy filter...
Does ZA do this job? Will the applications ask for connection even using a local proxy (this one allowed to connect)?