Author Topic: SSL Site Blocked with Strange Message by Avast!  (Read 4811 times)

0 Members and 1 Guest are viewing this topic.

Offline iComms

  • Newbie
  • *
  • Posts: 7
SSL Site Blocked with Strange Message by Avast!
« on: October 05, 2015, 12:01:50 AM »
Hello, been using the product for a while and I really do like it.

I found a potential problem with at least one SSL site, the URL is below and it is a valid online banking one we use:

https://my.if.com/Security/Auth/Logon

I have attached the images the web page shows in Safari/Firefox and Chrome.

As soon as I add it as an exception in the Avast! Web Shield, the page opens fine.

Can you put some sort of message on the web page when Avast! does this please? 

At least then we know what is causing it rather than troubleshooting other possible issues or thinking the site is down.

Thanks,

Adrian.



Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #1 on: October 05, 2015, 01:46:54 AM »
I see delegation problems, see DNS report http://dnscheck.sidn.nl/?time=1444001492&id=1831200&view=basic&test=standard
See: http://toolbar.netcraft.com/site_report?url=https://my.if.com
Custom errors :Fail and warnings:
https://asafaweb.com/Scan?Url=https%3A%2F%2Fmy.if.com%2FSecurity%2FAuth%2FLogon
Certificate chain issues on external link, see: https://www.virustotal.com/nl/domain/se.symcd.com/information/
-> http://www.domxssscanner.com/scan?url=http%3A%2F%2Fse.symcd.com

But naturally the final verdict has to come from an Avast Team member as why this url was blocked.
We are just volunteers with relevant knowledge.

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline iComms

  • Newbie
  • *
  • Posts: 7
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #2 on: October 05, 2015, 05:59:06 PM »
Thanks for that, totally agree.

I would prefer it if a message on the webpage appeared indicating that Avast! had encountered a problem, would you like to add an exception to the web filter etc. etc. rather than a generic page failure.

Adrian.

Offline iComms

  • Newbie
  • *
  • Posts: 7
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #3 on: October 07, 2015, 10:47:58 PM »
I have logged this one with tech support, maybe somebody here can help.

Forgot to mention these are Apple Macs we are talking about.

If I add a web exception to Avast! from the portal through a template, for https://my.if.com (or other combinations e.g. https://my.if.com/*), the settings show up in the Avast! client  but the website gets the SSL error, no warning that it is Avast! doing it and the site does not load.  So the portal is pushing the settings to the Mac but not working.

If I add an exception to the Avast! program itself on the Mac for my.if.com, I firstly get a prompt for an admin username and password on the Mac (Common practice when a program tries to change system settings) then the site is added and it loads fine. The entry looks exactly the same as if I added it from the portal but it works.

Any ideas?

Adrian.

« Last Edit: October 07, 2015, 11:08:32 PM by iComms »

Offline Michael P.

  • Avast team
  • Newbie
  • *
  • Posts: 17
    • Avast for Business
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #4 on: October 08, 2015, 04:02:39 PM »
Hello,

In our testing environment, if you add the exclusion in the portal as (my.lf.com), without the parenthesis, and use HTTPS as the service, it should sync to the client and allow access to the site.  What version of OS X are you running and what program version of Avast?

Thanks,

Michael P.
AVAST Support Team
Michael P.
AVAST Business Support Team
https://support.business.avast.com/

Offline iComms

  • Newbie
  • *
  • Posts: 7
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #5 on: October 08, 2015, 05:01:19 PM »
Hi Michael, thanks for replying:

Mac OS X 10.10.5 (Yosemite)

Program is up to date: version 11.2.45153, release date 09/07/2015

I have added all sorts in, wildcards, my.if.com, it picks the setting up from the portal but does not allow the website through.

Do it locally and it works just with HTTPS as the service and my.if.com as the URL

Adrian.

Offline Michael P.

  • Avast team
  • Newbie
  • *
  • Posts: 17
    • Avast for Business
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #6 on: October 08, 2015, 07:01:38 PM »
Hi Michael, thanks for replying:

Mac OS X 10.10.5 (Yosemite)

Program is up to date: version 11.2.45153, release date 09/07/2015

I have added all sorts in, wildcards, my.if.com, it picks the setting up from the portal but does not allow the website through.

Do it locally and it works just with HTTPS as the service and my.if.com as the URL

Adrian.

Adrian,

I changed your portal to reflect the exclusion as (my.if.com) instead of (my.if.com/*).  Please allow it a few minutes to sync and let us know via a ticket in our support system (support.business.avast.com)  if it still does not allow, as we may need to collect log files.

Thanks,
Michael P.
AVAST Support Team
Michael P.
AVAST Business Support Team
https://support.business.avast.com/

Offline iComms

  • Newbie
  • *
  • Posts: 7
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #7 on: October 08, 2015, 08:37:21 PM »
Yep, I can see it on my Mac, but site is still blocked.

Will log a call and quote this thread.

Thanks!

Adrian.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: SSL Site Blocked with Strange Message by Avast!
« Reply #8 on: October 10, 2015, 04:01:11 PM »
Certainly not enough minusses to qualify a blocking, it coud pass all green, but there is enough insecurity found up for a downgrade to C-status: https://globalsign.ssllabs.com/analyze.html?d=my.if.com&s=195.171.220.120
Downgrade attack prevention   No, TLS_FALLBACK_SCSV not supported (more info) etc. etc. Weak SSL and so not "the best value for your money" to put it ironnically, ;)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!