Author Topic: Avast Internet Security 17 silently blocks networking for Java apps on Win7 ?!  (Read 3448 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Hello!
Maybe somebody could help me with my problem.
Latest Avast Internet Security (trial) on Windows 7 silently blocks a Java desktop app which I am developing as a freelancer for my customer.
In its firewall rules it detects the app successfully and says nothing about blocking but the app gets "Network is unreachable" when the firewall is turned on and works fine when it is turned off - on Windows 7.
For Win10 everything is fine.


What app does:
- Listens on localhost:1080 as a SOCKS5 proxy.
- Makes outgoing connections via TCP to our tunnel servers. No incoming connections required (excepting localhost:1080).
- Tunnels traffic of the connected SOCKS5 clients via the tunneling servers (developing by me too) to allow accessing Internet sites blocked in the user's environment.
- Allows routing traffic of other users via this user's machine - similar to TOR.
- Contains embedded Chromium which can be started from the app GUI and which is configured to connect via SOCKS5 proxy provided by the app.
The app runs on an embedded JRE.
The app has installer and it has an embedded autoupdate system.
The app installs itself into User Home Dir / AppData / Roaming / iNinja / via usual NSIS installer to avoid requesting admin privileges to write to Program Files.
The app is started by a simple C++ launcher - iNinja.exe which starts the embedded javaw.exe with the required arguments and quits.
Autoupdate system works similar to Squirrel.Net but for Java (had to rewrite because was unable to make Squirell working good for Java with launcher).

After installing Avast Internet Security on Windows 10 everything works fine. The app connects to the servers succsessfully and the embedded browser works.
After After installing Avast Internet Security on Windows 7 and rebooting PC - the app can not connect to its servers. Checking Avast rule set - it successfully recognized that the app and allows its traffic. But the app gets "Network Unreachable". Turning avast off - the app works fine.

The app's exe is signed by our cert. Java executables are signed by Oracle.

Thanks to everybody for any help.

Best regards,
Mikhail Viktorov
« Last Edit: March 17, 2017, 11:38:22 AM by mviktorov »

REDACTED

  • Guest
Re: Avast Internet Security silently blocks networking for Java apps ?!
« Reply #1 on: March 17, 2017, 11:23:54 AM »
Moreover, I have just wrote a very simple test Java class which just connects to http://google.com and prints the output.
And it gets "Connection timed out" on Windows 7 with the latest Avast Internet Security turned on.
On Windows 10 - fine. On Windows 7 with Avast IS Firewall turned off - fine.

Code: [Select]
package test;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.MalformedURLException;
import java.net.URL;

public class NetTest {

public static void main(String[] args) throws MalformedURLException, IOException {
String url = args.length > 0 ? args[0] : "http://google.com";
try (InputStream is = new URL(url).openStream();
Reader r = new InputStreamReader(is, "UTF-8");
BufferedReader br = new BufferedReader(r)) {
String line = null;
while ((line = br.readLine()) != null)
System.out.println(line);

}
}

}


Compiled class and start.bat in zip archive: https://drive.google.com/open?id=0B62bv55OX9z5MllZTVhsdTNzZms
Latest Oracle JRE: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
I used Windows x86 Offline JRE 1.8.121.

I thought these things are left in 2013.
Can this be solved somehow?
Nothing in Avast Firewall logs. It says the app is "Allowed" but blocks it.

Can somebody please help me with it?

Best regards,
Mikhail

REDACTED

  • Guest
Checking "Internet connection sharing mode" checkbox in Settings / Components / Firewall / Customize
makes Java networking working again.

Is this related somehow?

Offline glnz

  • Sr. Member
  • ****
  • Posts: 300
Mikhail - I'm only a tourist and have no idea what you're doing.  HOWEVER, might your issue have any relationship to this issue, which is nearby in this forum:

https://forum.avast.com/index.php?topic=197947.0

?  Somehow it sounds vaguely similar.

Приветственный друг
Various Dell Optiplexes running XP Pro SP3 32-bit, Win 7 Pro SP1 64-bit and Win 10 Pro 64-bit.  Firefox with security add-ons.

REDACTED

  • Guest
Hi Glnz

I have read that thread.
Well, I can't say that it is related but thank you very much for your attention anyway.

For my case - it seems Avast Internet Security silently fully blocks networking for any Java app on Windows 7 while writing that it "Allowed" the app.

Originally it blocked the application I am developing for my customer and next I have wrote very easy proof of concept piece of code to strip only network access - and it blocked it too.

I feel that this is a quite major problem but I don't know how to make Avast team pay their attention to it or get any reaction.
I tried to start a support issue - but I don't have their license, I am just testing my app with different AV software.
Their support person asked me to "Repair" the installation but I have reinstalled it multiple times.
« Last Edit: March 19, 2017, 12:12:15 PM by mviktorov »

REDACTED

  • Guest
Trying to get this up.

Also I have just checked - AVG Internet Security demonstrates totally the same behaviour as Avast Internet Security.
They both block Java networking on Windows 7 if the firewall is enabled and not in connection shared mode.

Firewall config pages are very similar. Is it the same product internally?

One more detail:
The problem starts appearing not just after the Avast/AVG installation end but after the first PC reboot.