Adding URLs to Avast 5s Web Shield Exceptions

[joey3155]

So why do these alerts only appear on the newest and my current build of Avast?

[DavidR]

Sites get hacked with monotonous regularity and has little to do with your current build.

- See http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/.

[igor]

Yes, it seems as though the webshield exclusions don't work...even after specifically excluding google.com it is scanned...

However, I agree with DavidR, confirm the detection before...

It does work, you only have to specify the mask exactly; in this case, you'd want
http://www.google.com/*

[Hermite15]

OK just tried with Google.com, added the "/*", doesn't work either...

[igor]

yeah, here the web shield doesn't block the page completely... I get the alert, as shown, but the connection isn't completely aborted, web page (as seen through the alert transparency) is still displayed.

WebShield works in streaming mode to some extent (unless you uncheck the "Use intelligent stream scanning" option) - so yes, if the malicious code is appended at the end of the page, the previous content may be passed to the browser, and the browser may show you the content - if it's able to render it without the appended/blocked part.

[igor]

And you put there exactly what I wrote?

Btw, if you enter http://www.google.com/*, it won't work for http://google.com - different mask.

[Hermite15]

my bad  I typed my home page address in Firefox which is http://www.google.com/webhp?hl=en/* instead of just http://www.google.com/* which explains why some stuff still got scanned; it does work fine with the asterisk next to google.com/ 

[Hermite15]

yeah, here the web shield doesn't block the page completely... I get the alert, as shown, but the connection isn't completely aborted, web page (as seen through the alert transparency) is still displayed.

WebShield works in streaming mode to some extent (unless you uncheck the "Use intelligent stream scanning" option) - so yes, if the malicious code is appended at the end of the page, the previous content may be passed to the browser, and the browser may show you the content - if it's able to render it without the appended/blocked part.

yeah that's what I thought, that the bad stuff was blocked anyway so I wasn't worried. Thanks for the comment though, that confirms the web shield behavior I imagined.

[spg SCOTT]

Yes, it seems as though the webshield exclusions don't work...even after specifically excluding google.com it is scanned...

However, I agree with DavidR, confirm the detection before...

It does work, you only have to specify the mask exactly; in this case, you'd want
http://www.google.com/*

Adding www.google.com/*

Does not work for me either...it is still scanned...

Apologies...I missed the fact that http:// is needed
It seems to work with the http://

Also, for changes to the report file, the shield has to be restarted...not sure if that is intended or not...

-Scott-

[DavidR]

I would have thought that the *google.com/* mask would work (any character/s before google.com/ and any character/s after it), I tried that and it works. So that would work for sub-domains also.

[igor]

Well, yes, but if somebody registered a domain like thisisnotgoogle.com... it would be excluded as well.

[DavidR]

My suggestion was more to get round the problem Scott found when he only entered www. at the start and found he needed http: // www, etc. than to exclude look alike sites. So *www . google.com/* without spaces, would cover the thisisntgoogle.com.