Avast web shield blocking legit site

[REDACTED]

Hello,

Running Avast version 17.4.3482.

When I try to access a webpage in my local network, it doesn't work. If I disable avast web shield, it loads correctly. It's from a biometric clocking system.

I have tried to add exclusions but It didn't work.

Here is the source of the page with web shield disabled:

Code: [Select]

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>HEXA Web Server</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <meta http-equiv="X-UA-Compatible" content="IE=8" />
    <link rel="stylesheet" href="style.min.css.jgz" type="text/css" />
    <script type="text/javascript" src="full.min.js.jgz"></script>
<script>
<!--
var RSAajax;

function sendAESKeyCallback(response, arg) {
if (response.indexOf("</tr>") == -1) {
document.location.reload();
} else {
var div=document.getElementById('mainPage');
div.innerHTML=response;

//exibe as opções do menu conforme permissao do usuario.
verifyTopMenuPermission();
//executa scripts carregados
var arr=div.getElementsByTagName('script');
for (var n=0; n < arr.length; n++) {
eval(arr[n].innerHTML);//run script inside div
}
}
}


function sendAESKey() {
document.aes.key.value=Generate_key();

var rsa = new RSAKey();
rsa.setPublic(document.rsa.n.value, document.rsa.e.value);
var res = rsa.encrypt(document.aes.key.value + '\n' + getRequestStr('','frmREP',false,false) + '\n');
if(res) {
AESajax=new ObjAjax();
AESajax.onreadystatechange=function() {
if (AESajax.readyState == 4) {
if(AESajax.status == 200) {

   if(AESajax.overrideMimeType){
var responseText = AESajax.responseText;
   } else {
var responseText = convertResponseBodyToText(AESajax.responseBody);
   }
   if (navigator.appName == 'Microsoft Internet Explorer') {
Decrypt_Text(responseText, document.aes.key.value, sendAESKeyCallback, null);
} else {
sendAESKeyCallback(Decrypt_Text(responseText, document.aes.key.value, null, null), null);
}
}
}
}
AESajax.open("GET", "/atenas.cgi?opType=7&" + res,true);
if (AESajax.overrideMimeType) {
AESajax.overrideMimeType('text\/plain; charset=x-user-defined');
    }else{
AESajax.setRequestHeader("Accept-Charset", "x-user-defined");   
    }
AESajax.send(null);
}
}

function verifyRSA(){
//RSAajax.abort();
if(document.rsa.n.value.length == 0){
setTimeout("getRSAKey()", 50);
}
}
function getRSAKey(){
RSAajax=new ObjAjax();
RSAajax.onreadystatechange=function() {
if (RSAajax.readyState == 4) {
if(RSAajax.status == 200) {
var response = RSAajax.responseText;
var endPos = response.indexOf("\n", 0);
if(endPos != -1){
document.rsa.e.value=response.substr(0,endPos);
endPos=endPos + 1;
document.rsa.n.value=response.substr(endPos);
}
    }
}
}
RSAajax.open("GET", "/atenas.cgi?opType=6",true);
RSAajax.send(null);
setTimeout("verifyRSA()", 4000);
}

function initializeAES(){
ce();             // Add time we got here to entropy
mouseMotionEntropy(60);    // Initialise collection of mouse motion entropy
}

var tries=0;
function verifyLogin(){
var dvREP = document.getElementById('dvREP');
var dvMsg = document.getElementById('dvMsg');
dvREP.style.display="none";
dvMsg.style.display="block";
var str="<table align='center' cellspacing='0' border='0' cellpadding='0'>" +
"<tr><td><div>" +
"<table class='displayTableNew'>" +
"<tr>" +
"<td class='tableConfig'>Aguarde, comunicando com equipamento" +
"</td></tr></table></div></td></tr></table>";
dvMsg.innerHTML=str;
if(document.rsa.n.value.length == 0 && (tries < 6)){
tries++;
str="<table align='center' cellspacing='0' border='0' cellpadding='0'>" +
"<tr><td><div>" +
"<table class='displayTableNew'>" +
"<tr>" +
"<td class='tableConfig'>Aguarde, comunicando com equipamento";
var cnt = tries%3;
while(cnt >= 0){
str+=".";
cnt--;
}
str+="</td></tr></table></div></td></tr></table>";
dvMsg.innerHTML=str;
setTimeout("verifyLogin()", 1000);
} else {
changeValue('opType',0);
changeValue('pgCode',60);
changeValue('lblId',0);
sendAESKey();
}
}

function login(){
tries=0;
verifyLogin();
}

//-->
</script>

    <!--[if gte IE 9]>
    <style type="text/css">
    .gradient {
    filter: none;
    }
    </style>
    <![endif]-->
<!-- IEBinaryToArray_ByteStr -->
    <script type='text/vbscript'>
    Function IEBinaryToArray_ByteStr(Binary)
       IEBinaryToArray_ByteStr = CStr(Binary)
    End Function
    Function IEBinaryToArray_ByteStr_Last(Binary)
       Dim lastIndex
       lastIndex = LenB(Binary)
       if lastIndex mod 2 Then
           IEBinaryToArray_ByteStr_Last = Chr( AscB( MidB( Binary, lastIndex, 1 ) ) )
       Else
           IEBinaryToArray_ByteStr_Last =""
       End If
    End Function
    </script>
  </head>
  <body onload="initializeAES();getRSAKey();" onkeypress="rng_seed_time();" onclick="rng_seed_time();">
<form name="rsa">
<input type="hidden" name="e" value="" />
<input type="hidden" name="n" value="" />
</form>
<form name="aes">
<input type="hidden" name="key" value=""/>
</form>
    <table width="100%">
      <tr>
        <td align="center" valign="middle">
          <div id="topMenuPulse" align="center">
            <div id="topMenuTable">
              <table width="781px" cellspacing="0" cellpadding="0">
                <tr>
                  <td align="center" valign="middle" id="divTopMenuPulse">
                    <table style="width: auto;">
                      <tr>
                        <td class="topMenuItemsHidden" id="divMenuEmployer" ><div class="sprt menuitem-background"><span class="sprt menuitem-emplyr" title="Empregador" onclick="submitMainForm(4, 2, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuEmployee"><div class="sprt menuitem-background"><span class="sprt menuitem-emply" title="Colaborador" onclick="submitMainForm(4, 3, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuCfg"><div class="sprt menuitem-background"><span class="sprt menuitem-cfg" title="Configura&ccedil;&otilde;es" onclick="submitMainForm(4, 1, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuAdminCfg"><div class="sprt menuitem-background"><span class="sprt menuitem-system" title="Sistema" onclick="submitMainForm(4, 4, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuDateTime"><div class="sprt menuitem-background"><span class="sprt menuitem-rtc" title="Data e hora" onclick="submitMainForm(4, 20, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuManageData"><div class="sprt menuitem-background"><span class="sprt menuitem-dt" title="Dados" onclick="submitMainForm(4, 31, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuEvents"><div class="sprt menuitem-background"><span class="sprt menuitem-downld" title="Eventos" onclick="submitMainForm(4, 32, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuUsers"><div class="sprt menuitem-background"><span class="sprt menuitem-usr" title="Usu&aacute;rios" onclick="submitMainForm(0, 40, 0);" style="cursor:pointer;"></span></div></td>
<td class="topMenuItemsHidden" id="divMenuExit"><div class="sprt menuitem-background"><span class="sprt menuitem-ext" title="Sair" onclick="submitMainForm(0, 61, 0);" style="cursor:pointer;"></span></div></td>
                      </tr>
                    </table>
                  </td>
                </tr>
              </table>
            </div>
            <div class="sprt2 img-menusBg">
            </div>
          </div>
          <div id="layoutBackground">
            <table style="height:564px; width:781px;" align="center">
              <tr>
                <td>
                  <div id="mainPage" class="default" align="center" style="height:564px; width:781px;">
                    <input id="showMenu" type="hidden" value="?showMenu?" />
                    <input id="redirectPage" type="hidden" value="" />
<input id="hdTopMenuValue" type="hidden" value="?hdTopMenuValue?"/>
<input id="hdMenuEmployer" type="hidden" value="?hdMenuEmployer?"/>
<input id="hdMenuEmployee" type="hidden" value="?hdMenuEmployee?"/>
<input id="hdMenuCfg" type="hidden" value="?hdMenuCfg?"/>
<input id="hdMenuAdminCfg" type="hidden" value="?hdMenuAdminCfg?"/>
<input id="hdMenuDateTime" type="hidden" value="?hdMenuDateTime?"/>
<input id="hdManageData" type="hidden" value="?hdManageData?" />
<input id="hdEvents" type="hidden" value="?hdEvents?" />
<input id="hdMenuUsers" type="hidden" value="?hdMenuUsers?" />
<input id="hdMenuExit" type="hidden" value="?hdMenuExit?" />
<table id="tablefundo" style="height:564px; width:781px;" cellspacing="0" cellpadding="0" border="0">
  <tr style="height:115px; width:781px; " align="center" valign="top">
<td align="center">
  <h1 class="fonte30" style="left:40%;"><span class="sprt img-hexa"></span></h1>
  <div id="welcome">Bem-vindo <font color="#00A1B6">?loggedUser?</font> </div>
  <div id="layoutBlueLine"></div>
</td>
  </tr>
  <tr>
<td>
  <form id="frmREP" name="frmREP" action="/atenas.cgi" method="get">
<input type="hidden" id="opType" name="opType" value="?opType?" />
<input type="hidden" id="pgCode" name="pgCode" value="?pgCode?" />
<input type="hidden" id="lblId" name="lblId" value="?lblId?" />
<div id="dvREP" style="display:block">
<table align="center" cellspacing="0" border="0" cellpadding="0">
  <tr><td><div>
<table class="displayTableNew">
<tr>
<td class="tableConfig">Usu&aacute;rio</td>
<td colspan="5">
<input id="lblLogin" name="lblLogin" tabindex="1" maxlength="16" size="17" onkeypress="if(isEnter(event)){login();return false;}else{return true;}" />
</td>
<td><a href="#"><span class="sprt img-icnH" tabindex="0" title="Informe o usu&aacute;rio para acesso ao webserver."></span></a></td>
</tr>
<tr>
<td class="tableConfig">Senha</td>
<td colspan="5">
<input type="password" id="lblPass" name="lblPass" tabindex="2" maxlength="6" size="17" onkeypress="if(isEnter(event)){login();return false;}else{return true;}" />
</td>
<td><a href="#"><span class="sprt img-icnH" tabindex="0" title="Senha de acesso."></span></a></td>
</tr>
</table>
<table id="tbLogin" class="footerNew" align="center">
<tr><td align="center"><a href="#" onclick="login();" tabindex="3">Entrar</a></td></tr>
</table>
  </div></td></tr>
</table>
</div>
  <div id="dvMsg" style="display:none">
</div>
</form>
</td>
  </tr>
</table>
</td>
</tr>
<tr class="sprt2 img-footr">
<td align="center">
<a href="http://www.henry.com.br"><span class="sprt img-logoHenry" ></span></a>
</td>
              </tr>
            </table>
          </div>
        </td>
      </tr>
    </table>
  </body>
</html>

[REDACTED]

Running Avast version 17.4.3482.

You might have posted to the wrong forum, this is the Business (cloud) forum where I believe the current version is still 17.4.2520.

The products are similar and the solutions the same, but maybe you meant the   
Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier forum https://forum.avast.com/index.php?board=2.0 ?

[Eddy]

Looks like you are correct about the version GFM
https://forum.avast.com/index.php?topic=203632.0

[REDACTED]

No, this is the correct forum.

If I click About Avast, it says Version: 17.4.2520 (build 17.4.3482.0).

[Eddy]

I'm not surprised if this is the reason why it is blocked.

https://www.virustotal.com/en/url/1164f8a2910326278a7b08f35997cf06dbea53312548fae75f3ba0858058964c/analysis/1497284847/
https://www.virustotal.com/en/ip-address/177.185.194.112/information/
http://urlquery.net/report.php?id=1497282733435

http://zulu.zscaler.com/submission/show/e324e4c560e901d72e7a53f5ab0bb82a-1497284819
http://retire.insecurity.today/#!/scan/3271c9557d93805104f33cb7d090c78ef662a8950c93791ad060910de24641c8

[DavidR]

No, this is the correct forum.

If I click About Avast, it says Version: 17.4.2520 (build 17.4.3482.0).

This sub-forum is for the Avast for Business - new version 2.28 - as Eddy mentioned. You are using a different (Avast for Windows) version,    
Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier.

[Eddy]

In his original post the OP mixed up the version and build number as it seems.
Version 17.4.2520 is (as far as I know) the latest client version for the cloud business version.

[Asyn]

Version 17.4.2520 is (as far as I know) the latest client version for the cloud business version.

Confirmed.

[REDACTED]

Guys, I am using Avast for Business.


And when I log in console, it says: Version 2.28.60. I have 33 computers using this version.

Anyways, I am using a local IP to access: http://172.16.10.99/.

Why is it being blocked? I see no warning message or any log.

[DavidR]

Guys, I am using Avast for Business.


And when I log in console, it says: Version 2.28.60. I have 33 computers using this version.
<snip>

Thanks for the clarification, it really is strange that the same build number is used on two different programs with different versions and names, confusing at the very least. I'm using avast free version 17.4.2294 (build 17.4.3482.0)

[REDACTED]

Sorry for the version confusion before. 

Anyways, I am using a local IP to access: http://172.16.10.99/.

Hmmm, being a private subnet I'd expect it to not scan with the web shield.  I have a strong feeling this is going to be a problem for Avast Support to diagnose, I would lodge a request with them as maybe it's not recognizing the subnet correctly as being private.

In the cloud console settings for Web Shield, under Main Settings tab, there is a tick box for "Do not scan trusted sites".  Is it enabled?  And is the site in your browser's trusted site list?

If you have a DNS name for the IP, try to use that in the exclusions.  Being Javascript it might need to be put in the "Script Exclusions" tab and enabled.

My advice would also be to double check your subnet mask, disable IPv6 if enabled and not needed, and update your network card driver. 

Have you tried a couple of different browsers to see if the issue is specific to a certain browser?

Sorry I don't think I can help much further.

[REDACTED]

Sorry for the version confusion before. 

Anyways, I am using a local IP to access: http://172.16.10.99/.

Hmmm, being a private subnet I'd expect it to not scan with the web shield.  I have a strong feeling this is going to be a problem for Avast Support to diagnose, I would lodge a request with them as maybe it's not recognizing the subnet correctly as being private.

In the cloud console settings for Web Shield, under Main Settings tab, there is a tick box for "Do not scan trusted sites".  Is it enabled?  And is the site in your browser's trusted site list?

If you have a DNS name for the IP, try to use that in the exclusions.  Being Javascript it might need to be put in the "Script Exclusions" tab and enabled.

My advice would also be to double check your subnet mask, disable IPv6 if enabled and not needed, and update your network card driver. 

Have you tried a couple of different browsers to see if the issue is specific to a certain browser?

Sorry I don't think I can help much further.

Yes, I have "Do not scan trusted sites" enabled. Added it to trusted sites list but It didn't work.

I have tried several browsers (chrome, firefox, edge and IE) and two different machines (one windows 10 and one windows 7). It only works If I disable web shield.

I have opened a support ticket, because this used to work before.

Thank you for your help.

[Eddy]

I hope you created the ticket for business support.

[REDACTED]

I have tried several browsers (chrome, firefox, edge and IE) and two different machines (one windows 10 and one windows 7). It only works If I disable web shield.

If your machines are all the same vendor, it really would be worth checking for a newer network driver (not necessarily one from the vendor which often are not updated).  I had a similar problem ages ago where a certain brand of PC in my network would not browse unless the shield was off.  Upgrading the network driver fixed it.  I think it was a Broadcom network chip if I recall.

I have made a habit of keeping a copy of old installers (offline installer, not the small web one).  Might be worth downgrading back to an older version you know works, at least you will not have to disable the component and can keep some strength in your protection.

Support should be able to supply you a copy of a previous release for your site.  At least they used to be able to.

Wish you luck!

[Manley]

I am having the same issue now. I have a legit website that we use and I have it in my Web Shield exclusions, but Web Shield is preventing me from uploading pictures to the website. With Web Shield disabled, then it works. With Web Shield enabled, the picture upload fails.