Author Topic: Avast network shield blocking legit site, is it possible to exclude?  (Read 5095 times)

0 Members and 1 Guest are viewing this topic.

Offline Spectrum Computer Solutions

  • Spectrum Computer Solutions
  • Newbie
  • *
  • Posts: 13
  • Spectrum Computer Solutions
    • Spectrum Computer Solutions
Hi,

I have a customer with 50+ workstations being managed by SOA.

They have a site they need to access (http://closerstill.circdata-solutions.co.uk/VisitorPortal/VS14/Account/LogOn?ReturnUrl=%2fVisitorPortal%2fVS14%2f) which has a section to show videos. You need a username and password to log in this site which I am unable to share with you.

When they login to the site, Avast pops up with...


As you can see its blocking access to http://cdn.bootcss.com/knockout/3.2.0/knockout-min.js.

I've reported it as a false positive, but in the mean time I'd like to whitelist it but I've been unable to find a way to do this within the Network Shield.

Any help gratefully received!

Steve Scotter
« Last Edit: January 20, 2015, 02:41:02 PM by Spectrum Computer Solutions »
Specialists in computer support for small to medium sized enterprises. From desktop support to network installations, we can provide the services you require.


Offline Spectrum Computer Solutions

  • Spectrum Computer Solutions
  • Newbie
  • *
  • Posts: 13
  • Spectrum Computer Solutions
    • Spectrum Computer Solutions
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #2 on: January 20, 2015, 02:40:33 PM »
Thank you for taking the time to reply Eddy.

All of the links you've posted seem to indicate I'm correct in my opinion that this is a false positive, which was never in doubt. :)

Quote
There is no black-/whitelist.
But you can add it to the exclusion list.

If you could advise me how I go about adding this to the exclusion list I'd be grateful.

The network shield does not appear to have a Exclusion list section (the other shields have an Exclusions option under where it says Main Settings).

The Exclusions setting on the far left (below Virus chest and above password) appears to accept File names or Paths only AND states "Note: Exclusions specified here will apply only to on-demand scans (manual and scheduled scans)" so it not relevant to my situation.



Any help gratefully received!

Steve Scotter
Specialists in computer support for small to medium sized enterprises. From desktop support to network installations, we can provide the services you require.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #3 on: January 20, 2015, 02:55:34 PM »
What if you click on "exclusions" in the left menu ?

Offline Spectrum Computer Solutions

  • Spectrum Computer Solutions
  • Newbie
  • *
  • Posts: 13
  • Spectrum Computer Solutions
    • Spectrum Computer Solutions
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #4 on: January 20, 2015, 03:11:36 PM »
Hi Eddy,

As I stated in my previous message ...
Quote
The Exclusions setting on the far left (below Virus chest and above password) appears to accept File names or Paths only AND states "Note: Exclusions specified here will apply only to on-demand scans (manual and scheduled scans)" so it not relevant to my situation.
;)
Specialists in computer support for small to medium sized enterprises. From desktop support to network installations, we can provide the services you require.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31301
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #5 on: January 20, 2015, 03:29:49 PM »
I'm not using the AES so I can't help you further here.
I'm pretty sure someone else will have a look at this thread and is able to tell you more.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #6 on: January 21, 2015, 11:27:01 AM »
Hi,
bootcss.com was not blocked, ever. I am able to visit http://cdn.bootcss.com/knockout/3.2.0/knockout-min.js with my shields on without any warning. It might be the case that the IP that bootcss.com resolves to is blocked, but I cannot see it in our stats. Does the problem persist? What IP does the domain resolve to on the machine that triggers the warning?

Offline Spectrum Computer Solutions

  • Spectrum Computer Solutions
  • Newbie
  • *
  • Posts: 13
  • Spectrum Computer Solutions
    • Spectrum Computer Solutions
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #7 on: January 21, 2015, 02:51:24 PM »
Hi,

Thank you for taking the time to response.

I'm unable to verify if the issue persists today. The device in question is a laptop and is working at home today.

I have however used a different device on the same LAN and gotten what cdn.bootcss.com resolve to today. This could of course be different to what it resolved to yesterday.

Code: [Select]
#nslookup cdn.bootcss.com

Non-authoritative answer:
Name:    eurpo.b9.aicdn.com
Address:  112.117.218.120
Aliases:  cdn.bootcss.com
          cdn-bootcss-com.b0.aicdn.com

Note 1. The site using OpenDNS name servers.
Note 2. The site is geographically in Leicester, United Kingdom.
Note 3. cdn.bootcss.com resolves to 112.117.218.120 when I checked from a different network, on a different ISP and using different name servers, but still in the UK.

Regards

Steve
Specialists in computer support for small to medium sized enterprises. From desktop support to network installations, we can provide the services you require.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #8 on: January 21, 2015, 03:38:14 PM »
Hi,
112.117.218.120 was indeed blocked until yesterday 9pm CET, so it very well might be the cause of this. Please update us if the problem persists :-)!
Honza

Offline Spectrum Computer Solutions

  • Spectrum Computer Solutions
  • Newbie
  • *
  • Posts: 13
  • Spectrum Computer Solutions
    • Spectrum Computer Solutions
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #9 on: January 21, 2015, 06:06:20 PM »
Hi,

Thank you for taking the time to response and thanks for confirming the cause of the issue.

Out of interest, is there any way in future I can whitelist or exclude an IP address from being blocked by the Network Shield, either by configuring Avast on the individuals on the workstations or (preferably) by using SOA?

Regards

Steve
Specialists in computer support for small to medium sized enterprises. From desktop support to network installations, we can provide the services you require.

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1126
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #10 on: January 21, 2015, 08:47:08 PM »
No, I am not aware of any way of excluding a blocked domain/IP, other than temporarily disabling network/web shield. Sorry :-).

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33374
  • malware fighter
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #11 on: January 21, 2015, 10:28:29 PM »
This was possibly the reason for the blocking of that IP: https://www.virustotal.com/en/ip-address/112.117.218.120/information/

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Spectrum Computer Solutions

  • Spectrum Computer Solutions
  • Newbie
  • *
  • Posts: 13
  • Spectrum Computer Solutions
    • Spectrum Computer Solutions
Re: Avast network shield blocking legit site, is it possible to exclude?
« Reply #12 on: January 23, 2015, 12:37:47 PM »
Thanks to everyone who has taken the time to response.

polonus, I've been aware of Virus Total and its ability to scan submitted files against multiple Anti Virus programs but I was unaware they also had a IP reputation service. Thanks for info!

HonzaZ, based on my experiences in the past few days I believe you are correct, there is no way to exclude a domain / IP address other than to temporarily disable the network shield.

Regards

Steve
Specialists in computer support for small to medium sized enterprises. From desktop support to network installations, we can provide the services you require.