Author Topic: Avast Blocking Access  (Read 24850 times)

0 Members and 1 Guest are viewing this topic.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Blocking Access
« Reply #15 on: October 30, 2015, 06:16:38 AM »
Thanks! - Reply from Asyn was what I was looking for since first posting.
I have disabled HTTPS-scanning in the web shield and this seems to have worked.
You're welcome.
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

REDACTED

  • Guest
Re: Avast Blocking Access
« Reply #16 on: October 30, 2015, 12:17:00 PM »
I've been an Avast user ( both PC and Mobile ) for over 3 years. Until recently I've had zero problems. But ---- Avast on my PCs is now slowing down the boot and blocking or interfering with EVERY legitimate site! My PC now takes over 6 minutes to complete boot, and as soon as I go to Internet ( Firefox ), every bookmarked site that I use regularly is slowed to an absolute crawl by Avast's interference! Normal sites such as Amazon, my own web banking, my credit card sites, etc. are taking as much as 2 minutes to load, if they load at all. This is now worse than the old dialup 56k modem era. I placed an "exception" to get my Yahoo home page to load, but do I have to enter exceptions for EVERY SITE that I use? Yes, I can disable the web shield and I have, but that should not be needed. I've read that Avast is supposedly "aware" of the problem and was to issue an "update". If so, where is it and why is it even needed for standard trusted use? If this continues much longer I will cancel my annual subscription and demand a refund.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48612
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Avast Blocking Access
« Reply #17 on: October 30, 2015, 04:14:25 PM »
I've been an Avast user ( both PC and Mobile ) for over 3 years. Until recently I've had zero problems. But ---- Avast on my PCs is now slowing down the boot and blocking or interfering with EVERY legitimate site! My PC now takes over 6 minutes to complete boot, and as soon as I go to Internet ( Firefox ), every bookmarked site that I use regularly is slowed to an absolute crawl by Avast's interference! Normal sites such as Amazon, my own web banking, my credit card sites, etc. are taking as much as 2 minutes to load, if they load at all. This is now worse than the old dialup 56k modem era. I placed an "exception" to get my Yahoo home page to load, but do I have to enter exceptions for EVERY SITE that I use? Yes, I can disable the web shield and I have, but that should not be needed. I've read that Avast is supposedly "aware" of the problem and was to issue an "update". If so, where is it and why is it even needed for standard trusted use? If this continues much longer I will cancel my annual subscription and demand a refund.
If you're looking for help in solving your problem, give us some information that will help us solve your problem.
If you're simply looking for a refund, contact Avast directly:
http://support.avast.com/support/tickets/new
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
Re: Avast Blocking Access
« Reply #18 on: October 31, 2015, 09:54:33 AM »
Asyn and polonus - I get the same pop-up message as Tobur above when I visit the Wall Street Journal website www.wsj.com --

"Avast Web Shield has blocked access to this page because the following certificate is invalid: ssl334328.cloudflaressl.com"

Also, the little blue circle in the tab in Firefox does not stop spinning when I get that message.

As far as I can see, it's just when I go to the Wall Street Journal.

My PC is XP Pro SP3 32-bit.  My browser is Firefox 41.0.2.  Also, my Firefox has the add-on Https Everywhere.  Is that the cause?

I don't understand much about certificates, so is Https Everywhere forcing the browser to go for a certificate and somehow that forcing is bad?

Asyn's suggestion to set Avast to stop checking in https doesn't feel right.  Feels like I'd be opening a security hole.

What do y'all think?  Thanks.
« Last Edit: October 31, 2015, 05:52:54 PM by glnz »
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Blocking Access
« Reply #19 on: October 31, 2015, 10:12:56 AM »
"Avast Web Shield has blocked access to this page because the following certificate is invalid: ssl334328.cloudflaressl.com"

My PC is XP Pro SP3 32-bit.
See: https://forum.avast.com/index.php?topic=177468.msg1258979#msg1258979
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89228
  • No support PMs thanks
Re: Avast Blocking Access
« Reply #20 on: October 31, 2015, 03:33:04 PM »
<snip>
My PC is XP Pro SP3 32-bit.  My browser is Firefox 41.0.2.  Also, my Firefox has the add-on Https Everywhere.  Is that the cause?

I don't understand much about certificates, so is Https Everywhere forcing the browser to go for a certificate and somehow that forcing is bad?

Asyn's suggestion to set Avast to stop checking in https doesn't feel right.  Feels like I'd be opening a security hole.
<snip>

Two points (non technical information):
1. XP only has the ability to recognise/check older SSL certificates (as mentioned in the above link), so won't be able to check stronger ones.

2. When a website is using HTTP it naturally won't have an SSL certificate - when forcing it with HTTPS Everywhere - avast would see that https and seek to check that the ssl certificate is valid. Point 1 above could result it being found to be invalid/not present.

Another issue is (as far as I can see) avast doesn't just check that websites ssl certificate, but would check any other off-site (3rd party) links, which could result in an alert/popup.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
Re: Avast Blocking Access
« Reply #21 on: October 31, 2015, 05:14:09 PM »
Asyn and DavidR - Thanks for replying so quickly.

Unfortunately, this does NOT seem to be limited to XP.  Asyn, the continuing posts in your link
 https://forum.avast.com/index.php?topic=177468.msg1258979#msg1258979
point this out.

It's weird that Avast will repeat this pop-up warning over and over, and even weirder that (so far in my experience) it's on the Wall Street Journal web site www.wsj.com 

As you two are real experts, and I've never fussed with certificates, can you (or can you ask Avast to) research this better?  I'm not the only one getting this, and there are still millions with XP who need good AV coverage.  Thanks.

EDIT - ADDED - maybe Avast should modify the block-ups to show not only the certificate that is untrusted but also what URL it is coming from and what web pages are being blocked.  If the blocked pages are just junk marketing, then it's a win and not a problem.
« Last Edit: October 31, 2015, 05:30:01 PM by glnz »
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Blocking Access
« Reply #22 on: October 31, 2015, 05:33:58 PM »
1. Asyn and DavidR - Thanks for replying so quickly.
2. As you two are real experts, and I've never fussed with certificates, can you (or can you ask Avast to) research this better?  I'm not the only one getting this, and there are still millions with XP who need good AV coverage.  Thanks.
1. You're welcome.
2. Nothing much we can do, as (pointed out by Milos) this is a restriction within XP. For now, we can only hope the devs find/provide a workaround in a later update (R2/3)...
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
Re: Avast Blocking Access
« Reply #23 on: October 31, 2015, 05:36:56 PM »
Asyn - could this be one of the certificates issued by Cloudflare to bad guys, and this certificate is now on a blacklist so it SHOULD be blocked?  How could we know?

I wish the avast pop-up showed more info.  What web page is using the certificate and being blocked?
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76035
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Blocking Access
« Reply #24 on: October 31, 2015, 05:43:57 PM »
Asyn - could this be one of the certificates issued by Cloudflare to bad guys, and this certificate is now on a blacklist so it SHOULD be blocked?  How could we know?
Probably not, as it also happens with perfectly clean sites. Nevertheless, you're right that Cloudflare certs aren't that trustworthy, see: https://forum.avast.com/index.php?topic=66267.msg1260001#msg1260001
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Avast Blocking Access
« Reply #25 on: October 31, 2015, 06:10:31 PM »
When one goes to -https://www.wsj.com/ in the firefox and Google Browser Google safebrowsing alerts for a Privacy Error Common Name of the Certicate error and blocks website. Encryption (HTTPS) (1)
Communication is encrypted
Multiple endpoints for -www.wsj.com
We've found multiple A or AAAA records for -www.wsj.com. Please choose the host you want to scan from the list below:


185.27.16.17 (port: 443)
185.27.16.8 (port: 443)
See scan results: https://ssldecoder.org/?host=www.wsj.com:185.27.16.17&port=443&fastcheck=0
Connection Data for www.wsj.com / 185.27.16.17
2 warnings!
HTTP Strict Transport Security not set.

OCSP Stapling not enabled.
 DES-CBC3-SHA

Not the right hostname given.

See: http://toolbar.netcraft.com/site_report?url=https://www.wsj.com
Invalid: http://toolbar.netcraft.com/site_report?url=http://a104-86-111-50.deploy.static.akamaitechnologies.com

Ciphersuites containing NULL, EXP(ort), DES and RC4 are marked RED because they are suboptimal.


Stop https scanning to stop the alerts, with HTTPS Everywhere this alert will also occur!
Weakness of Certificate Warning: Certificate for 'Baltimore CyberTrust Root'
1 warning!
SHA-1 certificate. Upgrade (re-issue) to SHA-256 or better.

The configuration should be rightly adopted by Owner, Akamai International BV, Amsterdam, the Netherlands,

polonus (volunteer website analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89228
  • No support PMs thanks
Re: Avast Blocking Access
« Reply #26 on: October 31, 2015, 07:20:47 PM »
Asyn and DavidR - Thanks for replying so quickly.

Unfortunately, this does NOT seem to be limited to XP.  Asyn, the continuing posts in your link
 https://forum.avast.com/index.php?topic=177468.msg1258979#msg1258979
point this out.

It's weird that Avast will repeat this pop-up warning over and over, and even weirder that (so far in my experience) it's on the Wall Street Journal web site www.wsj.com 

As you two are real experts, and I've never fussed with certificates, can you (or can you ask Avast to) research this better?  I'm not the only one getting this, and there are still millions with XP who need good AV coverage.  Thanks.

EDIT - ADDED - maybe Avast should modify the block-ups to show not only the certificate that is untrusted but also what URL it is coming from and what web pages are being blocked.  If the blocked pages are just junk marketing, then it's a win and not a problem.

Whilst it isn't exclusive to XP it is likely to be more common given that it may not be able to work with the latest SSL certificates. Not to mention that cloudflare has issued a very high percentage of certificated to bad sites, etc. so it is going to come in for more alerts.

In the majority of cases you should see a small black popup with white text and that does tell you what cloudflaressl sub-domain holds what is considered a dodgy certificate.

I have just visited the wsj site and no alerts relating to ssl certificates - some browsers seem to have less of an issue about all of this. I got redirected to the european area of wsj.com when I used connected and note that the wsj.com site is http so avast wouldn't be checking for valid ssl certificates.

I have never been a fan of HTTPS Everywhere, from the days when avast couldn't scan HTTPS sites - even though avast can scan https traffic - I still haven't changed my opinion of forcing https on sites that aren't set up for https.

I would certainly disable the HTTPS Everywhere and see if that ends the hassle as I mentioned earlier as this add-on is certainly going to increase the number of ssl certificate checks.
« Last Edit: October 31, 2015, 07:23:03 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
Re: Avast Blocking Access
« Reply #27 on: October 31, 2015, 08:36:32 PM »
polonus and David R - thanks again.

The popup does mention ssl334328.cloudflaressl.com , but the popup does not say what web page is using that certificate.

I might drop Https Everywhere soon.  Seems to be too much trouble, at least for now.
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89228
  • No support PMs thanks
Re: Avast Blocking Access
« Reply #28 on: October 31, 2015, 08:53:37 PM »
polonus and David R - thanks again.

The popup does mention ssl334328.cloudflaressl.com , but the popup does not say what web page is using that certificate.

I might drop Https Everywhere soon.  Seems to be too much trouble, at least for now.

Generally it is going to be some sort of link from within the site to ssl334328.cloudflaressl.com. This may or may not be correct as I don't know how the ssl validation works.

For a site that is using https I would imaging that there is an ability to check its ssl certificate, be that some internal link/function to check the validty of said ssl certificate when the connection to the site is set to https. This is where triggering https when a site isn't specifically set up for ssl use.

You can actually see this in some sites that although using https, there may be 3rd party content coming from a none ssl source and your browser normally shows a warning relating to that (relating to mixed content).

This are the main reasons I don't believe https should be forced on a site not geared up for it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33926
  • malware fighter
Re: Avast Blocking Access
« Reply #29 on: November 01, 2015, 01:47:08 AM »
Hi DavidR and glnz,

Certainly with pushing by big players like Google and others of HTTPS Everywhere literary everywhere we are going to see more and more of such problems arise. Just leaf through the HTTPS Everywhere Atlas online and there are lot of sites with problems when https becomes enforced. With even so many misconfiguration going on on real sites with proper HTTPS certification an improvement of the situation is still far, far away. Just think of the recent Google Norton Symantec’s Thawte-branded CA issues: https://googleonlinesecurity.blogspot.nl/2015/09/improved-digital-certificate-security.html

I reported in "the virus and worms" many times about misconfigurations, missing security header implementations, serving SSL from the weak encryption side up (gefundenes Fressen to please easy government monitoring, like NSA or how this institute may be named to-day). First educate those that have to enroll https everywhere that they are able to do this in a proper and secure way and then start a global operation like this. Now we still have an enormous amout of https sites where log-in name and password goes "over the wires" as plain txt. See Safer Chrome Security Report extension in Google Chrome!

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!