OK - I think I understand this now. If we are both right, you in what you understand of the way Avast! works, and myself in the effect on observed traffic when Avast! was installed, then the problem lies in the firewall or is intrinsic to necessary internal communications. If the latter, it's a significant security/privacy problem with a simple solution that could be addressed with a FAQ pointed at all Avast! users who install behind firewalls with configurable blocking capability.
Your words: "The communication is: Internet > WebShield > Browser. It should generated LOCAL COMMUNICATION outbound to the browser, not for the Internet." I hope this is inaccurate, because it lacks the firewall, implying that Webshield connects directly to Internet, i.e. bypassing the firewall. Please confirm that your schematic should look: Internet > Firewall > WebShield > Browser.
That's just for incoming traffic though, and one must consider both directions (bidirectional = A <> B or A > B >A) and multiple logical paths embedded in single logical channels, e.g. A > B >> A or A <<> B (where A and B are connected with a single channel but B makes multiple logical paths in the direction towards A).
In terms of channels, we presumably have one of two cases: Internet > Firewall > WebShield > Browser > Firewall > Internet if WebShield only touches inbound traffic, or Internet > Firewall > WebShield > Browser > WebShield > Firewall > Internet if WebShield acts as a bidirectional pipe though it samples/monitors only in the inbound direction. If the latter, then the firewall sees only WebShield (as ashwebsv.exe), will not apply security configured for Browser, and ashwebsv.exe may panic if its traffic is blocked outbound (but generally should not if the Firewall blocks by shipping to NIL, probably the case). If the former, nothing operating on the outbound path will affect ashwebsv.exe, but why, as in my case, is ashwebsv.exe registered in the firewall as the outbound sending application? Presumably the answer is either that the firewall is improperly set, or it cannot distinguish the source of traffic to a port (nasty thought that), or that a channel is bound to the opener's name by the operating system and remains that way regardless of the user(s).
The ideal operation would be: Internet >>> Firewall >> WebShield > Browser >> Firewall > Internet, where the Firewall blocks some incoming hostile traffic and Webshield strips more, passing clean(er) traffic to the Browser, which inevitably generates some undesirable traffic (as a consequence of web page input) which is removed by the Firewall, clean(er) traffic then being returned to the Internet.
I'll try to set up for that later this week. If it works, a FAQ might usefully warn firewall users that ashwebsv.exe will show up as a proxy for browsers and to tell the firewall to treat it as a browser. That might be followed by a caution to those who custom configure their browser/firewalls that they must similarly configure for ashwebsv.exe to continue the same level of protection. A similar note might be given regarding avast.setup, with the addition for custom configurers that limiting to <addresslist> would give maximum security, where <addresslist> is the sites tried for updates.
Thanks again for your time,
kb