Author Topic: Sygate and webshield...  (Read 41783 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Sygate and webshield...
« Reply #45 on: March 19, 2005, 03:35:59 PM »
Well what you could always do is disable the transparency of the WebShield proxy (e.g. by deleting the "80" from the list of redirected ports in webshield's settings) and manually set up your browser to use a proxy server, with the following parameters
proxy server name: localhost
proxy server port: 12080

This won't help if the user has another local proxy application like Proxomitron, annonimizer tools, etc.
I know it won't be a WebShield error, but can we 'remove' transparency of the other proxies into the firewall settings?
Thanks for your time and patience Vlk  ;)
The best things in life are free.

Jarmo P

  • Guest
Re: Sygate and webshield...
« Reply #46 on: March 19, 2005, 04:57:37 PM »
Quote
Right-click on the Sygate System Tray Icon.
·   Click on Advanced Rules.
·   Click on the OK to acknowledge the message.
·   Click Add.
·   Type a description of what the rule will do.
·   Click on the Ports and Protocols Tab.
·   Select UDP.
·   Type 53 in the Remote Window.
·   Click OK.
·   Click OK.

You made an advanced rule. Advanced rules dont get asked in Sygate and they take precedence over normal application rules. They can be disabled or abled, that is all. What sounds bad is that you made an advanced rule that allows ALL the applications you have. Even advanced rules should be application specific most of the times.

Browsers don't get asked, when webshield is running, that is true to 80 tcp traffic connection. I am not sure how Sygate would work in case there is a 'browser hijack', some other app launching a browser.

For me Avast's webshield works for me nice when running it for normal everyday surfing. When installing new software, I would not rely on the new release restrictions, and would disable it temporarily.
If not too lazy :P

kenwong

  • Guest
Re: Sygate and webshield...
« Reply #47 on: March 20, 2005, 02:59:47 AM »
Thanks, Vlk, for the setup procedures.

But my question is what I can do in Win 98 with regard to the loopback problem of Sygate.  Is there anything I can do to work around as I am using avast and Sygate on my computer running Win 98???

If no, any other firewall software would work better with avast when using WebShield???

Jarmo P

  • Guest
Re: Sygate and webshield...
« Reply #48 on: March 20, 2005, 08:09:36 AM »
Quote
But my question is what I can do in Win 98 with regard to the loopback problem of Sygate.  Is there anything I can do to work around as I am using avast and Sygate on my computer running Win 98???

I paste more from the Avast Help:

Quote
The provider works as a local proxy server. On NT-based operating systems (Windows NT/2000/XP/20003) the protection is completely transparent and it is usually not necessary to configure anything special. To enable the Web Shield on Windows 9x/ME operating systems, it is necessary to modify one setting in the Internet Options - in particular, the address and port of local proxy. So, if you want to use Web Shield on an older operating system, do the following:

Proxy server setting for Windows 95, 98, and Millennium using the local area network (LAN):

Internet Explorer:

Start Internet Explorer.
Select Tools ® Internet Options... from the main menu.
Switch to page Connections.
Click on the LAN Settings... button.
Check the option Use a proxy server for your LAN
Write localhost into the Adress field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
Enter 12080 into the Port field.
Confirm with OK button.
Proxy server setting for Windows 95, 98, and Millennium using dial-up connection (modem):

Start Internet Explorer.
Select Tools ® Internet Options... from the main menu.
Switch to page Connections.
Select your dial-up connection from the list and click on the Settings... button.
Check the option Use a proxy server for this connection.
Write localhost into the Adress field (alternatively, you can enter IP address 127.0.0.1, which is the same as localhost).
Enter 12080 into the Port field.
Confirm with OK button.
Note: If you use multiple connections

So I would expect that you HAVE to do that workaround, whereas XP/2000 users dont.
Does your other applications get asked from Sygate?
I bet they do, unless you hace other local proxy software, like Technical. If so, there is nothing Avast or Sygate can do to help you, you need to accept the loopback issue and live with it or change to another firewall.

AirCeej

  • Guest
Re: Sygate and webshield...
« Reply #49 on: March 20, 2005, 01:41:11 PM »

You made an advanced rule. Advanced rules dont get asked in Sygate and they take precedence over normal application rules. They can be disabled or abled, that is all. What sounds bad is that you made an advanced rule that allows ALL the applications you have. Even advanced rules should be application specific most of the times.

Browsers don't get asked, when webshield is running, that is true to 80 tcp traffic connection. I am not sure how Sygate would work in case there is a 'browser hijack', some other app launching a browser.

Jarmo,

How is it that you took the time to write such a “response” just to be so incredibly wrong – in a public forum nonetheless?  Not only does it work as I said it does for each session repeatedly, but the rights of all other programs are unaffected (those that need to ask – ask, and those that don’t need to – don’t).  The only thing I haven't been able to do (the machine is behind a router, which is currently buried) is test the computer's ports from the 'net.

In the future, it would be better if you took the time to experiment with the stated software (Sygate Personal Firewall Free and Avast HE in this case) and communicate that you’ve done so given the subject at hand (with any variations in versions or setup), before embarrassing yourself while incorrectly downing someone else’s work and reputation.  This will not only help your credibility in such matters, but will offer consistently reliable points or counterpoints for those needing assistance (as long as you don’t deviate).   

Moreover, after you’ve actually taken the time to experiment with a poster’s findings (something you’ll need to do before doing the following) it would be better if you communicated thusly:

•   “After following the poster’s list point-for-point, I couldn’t replicate it.  Are you sure everything you did is listed here?  Has anyone else tried this, and if so, what results did you get?”

•   “In the pro version of that application I couldn’t get it to work like he said, but it does (in this version) work like this ____.  I attribute this to changes in functionality between the two programs.”

•   “I followed the directions of _____ and it works as described on my machine with the following additions and/or subtractions...”

In closing, if I take the time to research, experiment, and communicate certain results on my machine, it is as I say it is.

=AirCeej=


Further Observations

One nice thing about the configuration I listed on the previous page is that if FF wants to connect to a different port in the current session, Sygate asks you if it's alright; interestingly, this activity went unnoticed in my previous setup – so I obviously didn’t know it existed.  Therefore, as long as there are no drawbacks to the current configuration I will continue to use it and recommend it to those with whom I consult, as it currently seems to be the most reassuring method of security with Avast HE and Sygate PFF 5.5 build 2710.  What’s bothersome is I don’t know if there’s a way to get a program to “ask” for permission every time it wants the ‘net during the current session (same program/same port). 

Nonetheless in this circumstance, Alwil certainly provided a means of better security, functionality, and reassurance with 4.6.623 - well done indeed!
« Last Edit: March 20, 2005, 02:14:41 PM by AirCeej »

stevejrc

  • Guest
Re: Sygate and webshield...
« Reply #50 on: March 20, 2005, 02:10:38 PM »
jarmo is correct, even the sygate help states that advanced rules take precidence:

"Advanced rules, on the other hand, are rules that you can create directly that affect all applications. If you create an advanced rule that blocks all traffic between 10 PM and 8 AM, the rule will override all other schedules and configurations that have been set for each application.

Rules in the Advanced Rules window will apply to all applications unless they are specifically tied to an individual application"

Also enabling smart DNS allows outbound DNS UDP 53 for reply within 5 secs and blocks inbound.

Your rule will allow UDP 53 permanently

Jarmo P

  • Guest
Re: Sygate and webshield...
« Reply #51 on: March 20, 2005, 02:43:48 PM »
AirCeej, we must have misunderstood each other somehow.  ???
My words were not meant as a personal attack to you.
I do know SPF quite well in the environment I run it, as a single computer connected to internet, no router or HW firewall. So it is limited I agree,

I have also experimented quite a lot with Avast regarding WebShield proxy.

But these forums, it is useless to arque about things and sorry if I started it.

Jarmo

AirCeej

  • Guest
Re: Sygate and webshield...
« Reply #52 on: March 20, 2005, 03:19:05 PM »
jarmo is correct, even the sygate help states that advanced rules take precidence:

"Advanced rules, on the other hand, are rules that you can create directly that affect all applications. If you create an advanced rule that blocks all traffic between 10 PM and 8 AM, the rule will override all other schedules and configurations that have been set for each application.

Rules in the Advanced Rules window will apply to all applications unless they are specifically tied to an individual application"

Also enabling smart DNS allows outbound DNS UDP 53 for reply within 5 secs and blocks inbound.

Your rule will allow UDP 53 permanently

You’re kidding with this right?  Unfortunately for you and Jarmo it performs– EXACTLY the way I said it does.  Didn’t you read where I said that it not only works but repeatedly?  Did you actually try to substantiate the findings or are you going on mere theory?  Again, it will be better for you if you actually did what someone experimented with before arriving at a very incorrect conclusion while casting umbrage.

Here is a listing of the advanced rule:
•   Name for the rule = Browser rule
•   All hosts
•   UDP remote port(s)53; both incoming and outgoing traffic
•   Scheduling is disabled
•   All network interface cards
•   Action = blocked
•   Screen saver mode = both on and off
•   All applications

The above is the outcome in Sygate PFF in the way I wrote the rule with instructions from the Sygate Forum, step-by-step on the previous page.

In the meantime, instead of shooting-down some else's correct work and making yourself look foolish in the process, see if you can actually (you're gonna have knuckle-down and do the work here Steve) prove it/disprove it yourself with the stated software versions and setup (including turning-off the DNS client in Services) THEN offer supporting or contrasting fact instead of fluff-based opinion.  To that end, I don't give a damn what excerpts from the help file states, it works the way I stated on my machine having obtained some insight from the Sygate Forum – so evidently in this case, they knew what they were doing.  If you don’t like that there’s a discrepancy with your theory given what’s in the Sygate Help File and the proven work of others, take it up with Sygate.  After you’ve actually done the work and come to supporting or contrasting results, then take it up with the poster in question.

So, here's a reeeeeeeal simple albeit freindly challenge: peform the EXACT steps I outlined on the previous page with the stated software versions in question (and just for a refresher, I'm also running XP Pro SP1), then state your outcome.  In the meantime don't impugn my work when you don't know better.
« Last Edit: March 20, 2005, 04:01:17 PM by AirCeej »

AirCeej

  • Guest
Re: Sygate and webshield...
« Reply #53 on: March 20, 2005, 03:32:17 PM »
AirCeej, we must have misunderstood each other somehow.  ???
My words were not meant as a personal attack to you.
I do know SPF quite well in the environment I run it, as a single computer connected to internet, no router or HW firewall. So it is limited I agree,

I have also experimented quite a lot with Avast regarding WebShield proxy.

But these forums, it is useless to arque about things and sorry if I started it.

Jarmo

Jarmo,

We're cool.  Though you may know it well on your system, you evidently don't know the free version well enough given this particular subject matter.  So, instead of offering opinion in a matter you haven't specifically tried, peform the EXACT steps I outlined on the previous page with the stated software versions in question (I have PFF and if I remember right, you have the pro version, this in itself may skew the results, I don't know.  But at least wipe any rules you have from the pro version, then try what i wrote), then state your outcome.  In the mean time don't impugn my work when you don't know better.

Jarmo P

  • Guest
Re: Sygate and webshield...
« Reply #54 on: March 20, 2005, 04:43:22 PM »
Heh AirCeej, I have a free version of the firewall, but I think there is no difference between free and pro.
I am too lazy to continue what you or me have said, cause I am not really sure what you have said, maybe I misunderstood.

I did participate in the Sygate pro forum though with the Avast Web Shield thread. There you can read my words, if I said here something that mislead you:
http://forums.sygate.com/vb/showthread.php?s=c490e7731492d8caf6f037a9fdc854be&threadid=12947

Jarmo

sded

  • Guest
Re: Sygate and webshield...
« Reply #55 on: March 20, 2005, 08:50:48 PM »
I must have gotten lost in the discussions here.  What is supposed to happen with the advanced rule/ask/no DNS service.  Set up the advanced rule and turned off DNS service to see if I could figure out what was really happening.   Set ashwebsv and all the browsers to ask.  First observation was the traffic log filled up with blocked UDPs to ndisuio.sys from my ISPs DNS servers and started getting popup messages (from Sygate or ?) that ndisuio was blocked from accessing the network.  Then accessed the network with IE, got a message asking for ashwebsv permission, said ok but not remember, went on as usual.  Stopped and started IE with no more messages.  Other than the ndisuio log messages and popups things appeared normal.  Brought up Opera and Mozilla to access the internet, got no messages from Sygate, accessed as usual with no further requests for permission.   What did I not do or misinterpret?  What was supposed to happen?  Didn't seem to observe any useful change in behavior.  BTW, XP Pro with SP2, SPF 5.6 free, avast! 4.6.623.  Could use of SP2 be different or ?  BTW, tried with the DNS service both on and off; only difference was lots of retries to contact ndisuio with it off.  Also tried wired and wireless NICs with no observable difference.
« Last Edit: March 20, 2005, 09:16:07 PM by sded »

stevejrc

  • Guest
Re: Sygate and webshield...
« Reply #56 on: March 20, 2005, 11:17:27 PM »
AirCeej, I thought you meant allow, but saw you put Action = blocked. your rule makes sense now, my misunderstanding.  ;)

rjbook

  • Guest
Re: Sygate and webshield...
« Reply #57 on: March 21, 2005, 02:53:27 AM »
I have had trouble with Sygate and Webshield since the new 623 upgrade.  I tried the patch and they would not work together.  Sygate would work alone, or if I disabled Sygate, Webshield would work.  Looking at another thread, someone suggested "repairing" the Avast install through the add remove function in the control panel.

I ran the "repair" function, rebooted my system, and now Webshield and Sygate seem to be working together without any problems so far, and this seems to have worked on both my notebook and my desktop.

Not being an expert, its worth a try, and perhaps this will help some of the others...it can't hurt.
RJB

AirCeej

  • Guest
Re: Sygate and webshield...
« Reply #58 on: March 21, 2005, 03:15:19 AM »
AirCeej, I thought you meant allow, but saw you put Action = blocked. your rule makes sense now, my misunderstanding.  ;)

Cool Steve!

Ant718

  • Guest
Re: Sygate and webshield...
« Reply #59 on: March 28, 2005, 11:04:38 PM »
So just to repeat an earlier request, how can one prevent the Web Scanner from starting rather than disabling it manually after it starts with every bootup?

1. Uninstalling the provider (through Control Panel)
or
2. Using msconfig and disabling the startup item + disabling the Windows Service


All you have to do is terminate the proccess in the AVAST program itself. No need to uninstall or modify start up.