Author Topic: Worrying Avast Firewall bug  (Read 3170 times)

0 Members and 1 Guest are viewing this topic.

Offline _lexi

  • Jr. Member
  • **
  • Posts: 35
Worrying Avast Firewall bug
« on: February 03, 2019, 05:04:35 PM »
This is a cross post from the 19.1.2360 feedback thread. Apologies for doing so, but this is an issue that I'm quite worried about:

Last week I posted to the v19.1.2360 feedback thread about Avast adding extra firewall profiles for networks that I have never used. Another User, @MaxLV, also mentioned this issue.

@Bob3160 asked me to provide a screenshot, which I have attached to this message. The image shows 3 saved firewall profiles:

  • "lan", the profile highlighted GREEN is my home LAN, and is always the active profile.
  • "Network Connection", the profile highlighted AMBER, might have been created when I updated the firmware on my VDSL modem by plugging my rig into its Ethernet port (yes, I made sure that the modem wasn't connected to the 'net at the same time.)
  • "BN16.com", the profile highlighted RED, is not one that I recognise. My computer has only ever been connected to the "lan" profile. Googling "BN16.com" returns a listing for what looks like a local ads site based in the UK (BN16 is a UK postal code). I'm not going to actually visit the site: Norton Safeweb says that it has not been scanned, although, based on some Google searches, it doesn't seem to be associated with any malware-related activity.

So what gives? Is the issue that MaxLV and I are experiencing a bug related to 19.1.2360, or is it something more sinister? i.e. an indication that our computers or network hardware have been compromised in some way?

New version seemed to install okay using Avast Internet Security's built-in updater. However, I have run into an issue similar to MaxLV's (see quote below). When I booted my PC yesterday, Avast briefly displayed the firewall private/public selection pop-up for an "Unidentified Network". I opened the Avast interface to double-check which network the firewall thought it was connected to, and it reported the network name it normally assigns to my LAN.

As with MaxLV's report, Avast also seems to have created an extra firewall profile for a network that I have never used. There's an icon with a red "x" through it next to this profile in the settings menu:

Updated both my computers without problems...

But on checking all the new features, in the firewall, settings, it is now listing multiple network profiles. Before the update only two network profiles were listed in  firewall settings.

The new network profiles were all set to public, and I dont recognise any of them.

I have set them to private, but there's no longer any option to delete them like there was before the update.

What are these new network profiles, and why cant they be deleted?

All the unknown network profiles have a red x on the network profile icon so i guess this means they're not active or disabled in the Avast firewall.

I am the only user of these two computers.
Both computers have WiFi, and one has Bluetooth, But these options are not used and are turned off in Windows by default. I only turn these options on when I want to use them.
The computers are on a LAN via Ethernet.

Offline stibi

  • Sr. Member
  • ****
  • Posts: 386
Re: Worrying Avast Firewall bug
« Reply #1 on: February 03, 2019, 05:21:40 PM »
Why don't you use the Windows Firewall? I don't need another one.

Offline Claudiu7

  • Jr. Member
  • **
  • Posts: 60
Re: Worrying Avast Firewall bug
« Reply #2 on: February 03, 2019, 08:12:11 PM »
Why don't you use the Windows Firewall? I don't need another one.

Windows Firewall can easily be bypassed when a parent application  (which you DO NOT WANT to access the internet) is using a child application to do so .

Example : bad.exe is using iexplore.exe (which is allowed) to access the internet.

Windows firewall will not block bad.exe

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Worrying Avast Firewall bug
« Reply #3 on: February 03, 2019, 09:42:38 PM »
Quote
Example : bad.exe is using iexplore.exe (which is allowed) to access the internet.

Windows firewall will not block bad.exe
There is no need to block bad.exe if you dont have it on your computer .... and if you do it is already to late



Offline Claudiu7

  • Jr. Member
  • **
  • Posts: 60
Re: Worrying Avast Firewall bug
« Reply #4 on: February 04, 2019, 01:21:40 AM »
There is no need to block bad.exe if you dont have it on your computer .... and if you do it is already to late
[/quote]

bad.exe was just an example...

Could be anything else, like software phoning home,  unwanted telemetry. Typical example is Malwarebytes , which, even though has an option to disable telemetry, still submits behind your back data about your PC.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Worrying Avast Firewall bug
« Reply #5 on: February 04, 2019, 01:48:01 AM »
Quote
bad.exe was just an example...
I know that

My solution, if i dont trust a program to have internet access then i dont install it



Offline Claudiu7

  • Jr. Member
  • **
  • Posts: 60
Re: Worrying Avast Firewall bug
« Reply #6 on: February 04, 2019, 02:05:10 AM »
Quote
bad.exe was just an example...
I know that

My solution, if i dont trust a program to have internet access then i dont install it

This is not a "solution"... There are different degrees of "trust" and with a properly configured firewall you can filter the unwanted communication from the program you "trust"

Offline _lexi

  • Jr. Member
  • **
  • Posts: 35
Re: Worrying Avast Firewall bug
« Reply #7 on: February 04, 2019, 10:29:56 AM »
FWIW, I use Avast Firewall because bad actors are likely to concentrate their efforts on attacking the default security systems used by Windows - such as Windows 10 Firewall - on the basis that the majority of users aren't tech-savvy or paranoid enough to switch to something else.

Getting back on topic: does anyone know what's going on with my Avast Firewall saved networks? I have never connected to a network called "BN16" and I'm freaking out about the prospect of someone having pwned a) my laptop or b) my entire home network. All it would take to set my mind at ease is for someone to confirm that this is a bug with Avast.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36992
Re: Worrying Avast Firewall bug
« Reply #8 on: February 04, 2019, 10:33:30 AM »
have you tried a avast repair and reboot to see if anything change?


Offline _lexi

  • Jr. Member
  • **
  • Posts: 35
Re: Worrying Avast Firewall bug
« Reply #9 on: February 04, 2019, 10:38:46 AM »
I'll only repair or uninstall-reinstall as a last resort. Avast appears to be working properly, the only thing I'm worried about is this phantom firewall profile.

If I repair or reinstall Avast, all I'll be doing is hiding the symptom (i.e. wiping Avast's list of firewall profiles) without treating the disease.

Offline _lexi

  • Jr. Member
  • **
  • Posts: 35
Re: Worrying Avast Firewall bug
« Reply #10 on: February 04, 2019, 01:23:54 PM »
As I noted above, at least one other person has been affected by this issue: https://forum.avast.com/index.php?topic=224223.msg1488798#msg1488798

I wouldn't be so worried if we could just get confirmation from an Avast team member that it's a known bug.

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2234
Re: Worrying Avast Firewall bug
« Reply #11 on: February 04, 2019, 01:45:35 PM »
I've escalated this to the Avast devs for a response.
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

Offline _lexi

  • Jr. Member
  • **
  • Posts: 35
Re: Worrying Avast Firewall bug
« Reply #12 on: February 04, 2019, 01:48:17 PM »
Many thanks, Alikhan. Really appreciate you flagging this for the devs.

Offline Filip Braun

  • Avast team
  • Jr. Member
  • *
  • Posts: 98
Re: Worrying Avast Firewall bug
« Reply #13 on: February 04, 2019, 03:31:05 PM »
Hello _lexi,

The behavior of the networks list in FW has changed in 19.1.
The list now includes all the networks that OS (Windows) knows about in NLA. Meaning that a FW profile does not have to exist for the network (new network toaster would be displayed when connecting to it), but it is still listed.
The list is ordered by "last connected" with the most recent connections on top.

Does this explanation suffice?
Do you think this new behavior is OK, or would you rather see it behave differently?

Thank you,
Filip

Offline _lexi

  • Jr. Member
  • **
  • Posts: 35
Re: Worrying Avast Firewall bug
« Reply #14 on: February 04, 2019, 04:23:06 PM »
By "NLA", do you mean Network Level Authentication? I thought that was just for use with RDP?

Alternatively, are you referring to the list of previously connected networks that Win10 stores in HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\NetworkList\Profiles\[...]? Embarrassed to admit I hadn't thought to check that, but I will. I suppose it's possible that the "BN16.com" connection could be a hangover from the configuration process that my laptop's manufacturer might have run on it. I will take a look a post my findings here.

In terms of tweaking the behaviour or presentation of these Avast Firewall settings in future: it was quite alarming to see a set of new networks appear in the firewall settings menu. It may help reassure Avast users who are a little too security-conscious (such as myself) if the firewall only displayed networks that it was involved in managing. For most users this would mean that Avast only listed the network they were using at the time Avast was installed, and any network that the "toaster"/pop-up prompted them to set to private or public afterward.