Author Topic: Avast Webshield blocks Safari and Chrome  (Read 9567 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast Webshield blocks Safari and Chrome
« on: February 28, 2018, 04:10:14 AM »
Hi!

First time posting here, I have looked through to see if there are any other relevant and recent posts and can't find anything totally matching (if you know of another thread that's relevant, please link me up!).

My issue is Avast Web Shield disrupting my SSL connections for Chrome and Safari on my iMac (I'm running Avast v 13.4 on High Sierra v 10.13.3), so I'm getting the NET::ERR_CERT_AUTHORITY_INVALID error whenever I attempt to use my browsers to connect to a secured web address.

Before going into my Avast setting preferences I went through and checked I had the correct time/date, cleared cookies and cached files, temporarily disabled by firewall and checked my browser task managers etc.

Approaching my problem through Avast support articles I found this one > https://support.avast.com/en-au/article/223/ which suggests adding web shield exclusions - this works. But I have this problem with any SSL / HTTPS connection and for a good reason these sites are becoming more ubiquitous! I don't want to add site exclusion every time I try to make a new HTTPS connection.

Thinking maybe it was just I had an older version, I checked for Avast updates (had none) and then uninstalled - reinstalled. Didn't work.

I'm sure there is something else I can do to solve this (there'd be heaps more posts about this if there were no fix), this is just the bit where I'm stuck and finding it hard to get answers. Would really appreciate suggestions and apologies if I'm missing something obvious!

Thanks!


REDACTED

  • Guest
Re: Avast Webshield blocks Safari and Chrome
« Reply #1 on: March 01, 2018, 04:36:41 AM »
Update_

Just mucking around with Web Shield preferences I found unchecking the box for 'Scan secured connections' got me out of the pickle I was in. It's pretty simple enough and I probably should've thought of it sooner. That said, I looked hard through Avast support articles didn't see any mention of this, which kinda stumps me.

Anyway fairly content with this fix, but one niggling thought is the off chance of bad SSL handshakes. Am I leaving open security gaps by instructing Avast not to scan these connections? Would really appreciate any thoughts.


REDACTED

  • Guest
Re: Avast Webshield blocks Safari and Chrome
« Reply #2 on: March 01, 2018, 09:42:49 AM »
Yup, same here. It's been like this for months. I only get the issue in Safari though, not in Chrome (that I've noticed.)

I tried some other AVs, they don't have the issue, but geeeeez, they all create major lag on the net. It does it in paid and free. Before I would just skip the sites that didn't work, now I have turned off the SSL Scan as well.

Offline ondrej.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 394
Re: Avast Webshield blocks Safari and Chrome
« Reply #3 on: March 02, 2018, 10:11:51 AM »
Hello,

for Avast to be able to scan secure connections, it needs to have it's own local root certificate installed. Please, when you get the CERT_AUTHORITY_INVALID message in Chrome, go go the top left, click on "Not secure", there should be a Certificate section with clickable link "Invalid", click on Invalid, there should be an info about certificate and there should be a line
Issued by: Avast trusted CA

to check that the Avast trusted CA is installed, please run
security find-certificate -c "Avast trusted CA" '/System/Library/Keychains/SystemRootCertificates.keychain'
it should either dump some information or "security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.".

If the "could not be found" message is NOT shown, please run
sudo security delete-certificate -c "Avast trusted CA" '/System/Library/Keychains/SystemRootCertificates.keychain' && echo success
it should print "success". Regardless of you running the previous step, after that please run
sudo security add-trusted-cert -d -r trustRoot -k '/System/Library/Keychains/SystemRootCertificates.keychain' "/Library/Application Support/Avast/config/certs/cacert.pem" && echo success
this should also print "success".

After that, please restart the browser and check if it works. Please, if you can, mail me the output of these commands.

Please note that all this stuff is usually done automatically and this is one of the few cases someone reports such an issue. Any info would be appreciated for us to improve the product.

Kind regards,
Ondrej Kolacek
« Last Edit: March 02, 2018, 10:13:27 AM by ondrej.kolacek »

REDACTED

  • Guest
Re: Avast Webshield blocks Safari and Chrome
« Reply #4 on: March 07, 2018, 03:14:21 PM »
Same problem here but with any and all browsers, Safari, Chrome & Firefox. Is an Avast update coming up to fix this problem?

Offline ondrej.kolacek

  • Avast team
  • Sr. Member
  • *
  • Posts: 394
Re: Avast Webshield blocks Safari and Chrome
« Reply #5 on: March 07, 2018, 05:41:12 PM »
Hello,
unfortunately we were never able to reproduce the issue, so we can not find and fix the root cause. Please, if you have this issue, and the fix from my post from March 02, 2018 did not fix it, do the following:

1) ensure that in ui , preferences, shields, section WebShield, click on settings, ensure that both "Scan secured connections" and "Scan secured connections from browser only" is selected
2) run command
echo | openssl s_client -showcerts -servername google.com -connect google.com:443 2>/dev/null >file1
this will produce file1
3) untick the "Scan secured connections from browser only" option from 1)
4) run command
echo | openssl s_client -showcerts -servername google.com -connect google.com:443 2>/dev/null >file2
this will produce file2
5) open file2 in text editor; it should contain exactly one blob of data within -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines; please copy it (starting with and including -----BEGIN CERTIFICATE----- and ending with and including -----END CERTIFICATE----- lines) into a file named cert1
6) in the same directory, run command
openssl verify -verbose -CAfile /Library/Application\ Support/Avast/config/certs/cacert.pem cert1 > verify_output
7) send me file1, file2, cert1 and verify_output files via mail (ondrej dot kolacek at avast.com)

this should contain more information and we can hopefully get to the bottom of the issue.
Kind regards,
Ondrej Kolacek

REDACTED

  • Guest
Re: Avast Webshield blocks Safari and Chrome
« Reply #6 on: March 08, 2018, 04:19:48 AM »
Thanks for the suggestions, ondrej.kolacek.

Interestingly I'm now working with Web Shield scanning my secured connections again and no longer having any problems. Not sure how and why it's all working well now. The only thing that's changed is I'm working in a new location from before, so different wifi network.

I'm moving back to my previous workplace in a few days, if I return to the old problems with disrupted connections again - will definitely let you know.

S

Offline frustratedAvastuser

  • Newbie
  • *
  • Posts: 1
Re: Avast Webshield blocks Safari and Chrome
« Reply #7 on: May 05, 2019, 06:21:14 PM »
"Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic."

Well since I'm having exactly this issue, I'm going to reply no matter if it's been yrs...since this issue is still active. Recently got a message from FireFox 66.0.3 (64-bit) Mac OSX Yosemite 10.10 that avast extension is not compatible and had been disabled...don't recall seeing this before, but could have happened a year ago.

 So I uninstalled Avast Free, went to Avast website, d/l the current version as of today. That's when all hell broke lose, all browsers refuse to connect to *any* https site due to Avast, which is of course, 90+% of the internet. Running from an insecure motel internet connection that uses Spectrum as the IP, super flakey on-off connection, drops frequently...btw, getting through 101 hoops to register just to post on this help forum, took me better part of 30min, probably the most diff registering I've ever encountered since I started using the Net 1995. I can't get the product to work, and u bust my balls 6 ways from Heaven, just to register...I should never use any of your products, just for that!

Do you really expect anyone that doesn't have a through understanding of the underpinnings of Terminal that is purposely 'hidden' by Apple...think new iPhone users, halo effect; to follow those instructions, when Avast fails to do this 'automatically' stuff??? Come on Avast, fix *your* issues, or I'll just not use the product, Free or paid, bottom line. I don't have 9 lives, I'm a senior with not that many yrs left.

I've got Avast uninstalled now, so at at least I'm able to post here...

Google Chrome is up to date
Version 74.0.3729.131 (Official Build) (64-bit)

ROFLMAO, 'Grab' utility won't let me do a capture of the whole window, so I have to do 'selection' and post here in 2 parts.

Now I have to verify this post by jumping through multiple verifications-for which my poor eyesight means I'm lucky I do not need a hearing aid...yet, another decade :( . wtf, is this the premier spam posting site or what gives? Can't get preview to load, so just going to hit post and hope my intermittent connection goes through.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast Webshield blocks Safari and Chrome
« Reply #8 on: May 05, 2019, 06:27:22 PM »
Hi, it's a known FF bug, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1548973
More here: https://forum.avast.com/index.php?topic=227020.0

PS: Captcha is only needed for your first 3 posts. (Spam protection)
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0