Author Topic: Avast Blocking Access  (Read 25286 times)

0 Members and 1 Guest are viewing this topic.

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Avast Blocking Access
« on: October 28, 2015, 01:07:21 PM »
I have Avast Free Antivirus 10.4.2233. The Web Shield  is blocking access to many legitimate websites - saying the certificate is invalid - even those added to 'Exclusions'. An example is https://www.eir.ie/ - although this has been added to Exclusions.
This seems to happen only in Firefox but not in Chrome or IE.
P.S Since posting the above the behaviour has changed - the blocking notice appears but the webpage still loads??
« Last Edit: October 28, 2015, 01:23:10 PM by Tobur »

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Blocking Access
« Reply #1 on: October 28, 2015, 02:04:32 PM »
- OS..? (32/64 Bit..? - which SP/Build..?)
- Other security related software installed..?
- Which AV(s) did you use before Avast..?
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Re: Avast Blocking Access
« Reply #2 on: October 28, 2015, 02:37:07 PM »
Windows XP SP3  32 Bit - Superantispyware Free - Used AVG Free up to about three years ago,
« Last Edit: October 28, 2015, 02:52:47 PM by Tobur »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: Avast Blocking Access
« Reply #3 on: October 28, 2015, 03:15:39 PM »
I am going over your website now and I am happy to find that there are no vulnerable javascript libraries found up.
This however came immedeately blocked by an scriptblocker extension: uMatrix has prevented the following page from loading:
-https://lptag.liveperson.net/tag/tag.js?site=36014936
I detect Possible Frontend SPOF from:

ajax.googleapis.com - Whitelist
(67%) - <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js">
(67%) - <script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js">
cdnjs.cloudflare.com - Whitelist
(67%) - <script src="//cdnjs.cloudflare.com/ajax/libs/respond.js/1.4.2/respond.js">
(66%) - <script src="//cdnjs.cloudflare.com/ajax/libs/modernizr/2.8.1/modernizr.min.js">

Tracker SSL 85% of trackers let through - Unique IDs about your web browsing habits have been insecurely sent to third parties. For me those were 7 parties:  -www.eir.ie
 -Google
 -cdnjs.cloudflare.com
 local.adguard.com (because of my Adblocking software)
 -www.googletagmanager.com
 -LivePerson
www.mustbebuilt.co.uk  www.mustbebuilt.co.uk (because of my BuiltWith extension)

AOS flags one web analysis tracking for googletagmanager and Ghostery also for Liveperson.

See tracking the trackers report attached (for all the scripts you use)
Re: https://www.threatcrowd.org/domain.php?domain=2404210.fls.doubleclick.net
See no issues for that website, but for the IP I see:
http://www.anti-fraudscam.com/www-studyhub-ie_fraud_scam_report.html

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Re: Avast Blocking Access
« Reply #4 on: October 28, 2015, 06:33:45 PM »
I am 79 and a relative computer novice - I'm afraid your reply is almost completely unintelligible to me!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: Avast Blocking Access
« Reply #5 on: October 28, 2015, 06:51:09 PM »
You are welcome, Tobur,

I just wanted to tell you that the code on that website has some vulnerabilities and some external adware links (use an adblocker visiting that site), but there is no active malware there. So if you have a problem visiting the website then it may be your computer at fault. The SPOF detections mean that those scripts could make that webpage load slower as should be.

Trackers means code that goes from your computer behind your back to be shared with third parties when in an insecure way. Mostly this happens unknown to you. Telemetry info sharing is a user's privacy problem or has the possibility to grow into one.

I can understand that the technicalities are a bit incomprehensible for those that are not into this cold reconnaisance website security scanning and web-error hunting, but website owners and hosters and IT may grasp what I am on about. Sorry that  I am only 67 years old, so it also meant for the elder tech-savvy  ;) and it is keeping my grey cells busy and trained  ;D

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Re: Avast Blocking Access
« Reply #6 on: October 28, 2015, 06:58:30 PM »
Thanks for reply - I am 79 from the neck down but about 26 from the neck up !!
The Webpages in 'Exclusions'  are now loading but the blocking notice still pops up - as it does on some other legitimate sites. This is quite annoying - I sometimes have to disable Web Shield to access a site - is there  any way around it??

Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1038
Re: Avast Blocking Access
« Reply #7 on: October 28, 2015, 07:26:37 PM »
Hi,
Can you post a printscreen of the detection?
If this is happening only in certain browser, it might be that the browser is not configured correctly - you may want to reinstall it or restore default settings.

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Re: Avast Blocking Access
« Reply #8 on: October 28, 2015, 08:56:03 PM »
Seems to happen in Firefox only - Printscreen jpg. attached

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: Avast Blocking Access
« Reply #9 on: October 28, 2015, 10:06:59 PM »
That sub domain does not resolve: http://toolbar.netcraft.com/site_report?url=http://ssl334328.cloudflaressl.com *
No valid host header found - CloudFlare Ray ID: 23c986fb6f350c29 see: http://toolbar.netcraft.com/site_report?url=http://104.20.70.54 ssl-cert: Subject: commonName=ssl324049.cloudflaressl.com
For * see: https://www.robtex.net/en/advisory/dns/com/cloudflaressl/ssl334328/
The detection or error is being confirmed here: http://mxtoolbox.com/domain/ssl334328.cloudflaressl.com/
4 Problems
Category   Host   Result   
   dmarc   cloudflaressl.com   Missing or Invalid Record    
   dns           cloudflaressl.com   SOA Serial Number Format is Invalid   
   dns           cloudflaressl.com   SOA Expire Value out of recommended range   
   spf           cloudflaressl.com   No records found   
 
tls-nextprotoneg:
|   spdy/3.1
|_  http/1.1 TLS randomness

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Re: Avast Blocking Access
« Reply #10 on: October 28, 2015, 10:13:24 PM »
Thanks for your reply -I said your previous reply was "almost completely unintelligible" to me - this time I leave out the "almost"!!
Is there (in simple terms) a way to avoid the regular popping up of the blocking notice?

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33976
  • malware fighter
Re: Avast Blocking Access
« Reply #11 on: October 28, 2015, 10:24:58 PM »
Hi Tobur,

First we have to await a reply by one of Avast Team Members (as we here are only volunteers with some relevant knowledge), one of them might give you the recipee to solve this annoyance or cleanse it. The unintelligable part of the message comes down to the fact there is something wrong with the SSL Certificate of that specific sub-domain of cloudflaressl.com. From the mxtoolbox scan report you can conclude that they haven't got their act together - with records and serial numbers, a hick-up or error or rather sloppy service, maybe they underpay their IT staff on the work-floor a tad  ;D Jokes apart, there are more problems with bulkhosters like these you experience here , as they like to cash in but do not give much pro-active support in return  ;D

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76029
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Blocking Access
« Reply #12 on: October 29, 2015, 06:07:25 AM »
Windows XP SP3  32 Bit
Disable HTTPS-scanning in the web shield.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: Avast Blocking Access
« Reply #13 on: October 29, 2015, 12:02:26 PM »
Or just have Asyn answer :-)
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline Tobur

  • Jr. Member
  • **
  • Posts: 59
Re: Avast Blocking Access
« Reply #14 on: October 29, 2015, 12:15:03 PM »
Thanks! - Reply from Asyn was what I was looking for since first posting.
I have disabled HTTPS-scanning in the web shield and this seems to have worked.

Quote: If you can't explain something in a few words, try fewer. ~Robert Brault,