« previous next »
Pages: [1]   Go Down

Author Topic: Weird Web Shield Behavior  (Read 1781 times)

0 Members and 1 Guest are viewing this topic.

DonZ63

  • Guest
Weird Web Shield Behavior
« on: July 04, 2011, 10:52:34 PM »
Win 7 x64 SP1, Avast 6.0.1125, Comodo firewall ver. 5, IE8

I say weird because of the following.

First I know how web shield creates a dynamic proxy using 127.0.0.1 port 12080. So no need to go into that.

Attached is a screen shot from TCPView. It apppears to me that Web Shield is incrementing by 1 the source port assigned by IE. AvastSvc.exe then uses that port to connect to the Internet. To me it appears some kind of NAT activity? Now my router does NAT so this would be double NATing in my book.

Next my firewall is set up to log all outbound activity. However, I see no event activity for AvastSvc.exe. It is as if AvastSvc.exe has established some P2P tunnel that is bypassing the firewall. Is this how Web and Network shielding work?
« Last Edit: July 04, 2011, 10:55:09 PM by DonZ63 »
Logged

Hermite15

  • Guest
Re: Weird Web Shield Behavior
« Reply #1 on: July 04, 2011, 11:19:22 PM »
my software firewall logs all webshield activities :D

p2p tunel bypassing the firewall ??? hmm... :)
Logged

DonZ63

  • Guest
Re: Weird Web Shield Behavior
« Reply #2 on: July 05, 2011, 02:24:49 AM »
I watched my connections in TCPView and it appears some unknown "system process" is actually doing the TCP/IP connections. I suspect that this process is Avast's non-plug and play network driver.

Appears the AvastSrv.exe is just doing front end activity for this network driver and that is why it is not being logged. This "system process" is showing the corresponding source ports that IE used so I am pretty sure this is the guy actually controlling network traffic.

Whatever the Avast network driver is it is not being recognized by the Comodo firewall.
Logged
Pages: [1]   Go Up
« previous next »