Author Topic: [6.0.1289] Web shield question  (Read 4359 times)

0 Members and 1 Guest are viewing this topic.

Offline gautam7

  • Full Member
  • ***
  • Posts: 193
[6.0.1289] Web shield question
« on: September 14, 2011, 04:07:30 PM »
Hi everyone updated to version 6.0.1289. In the change log i can see its written that webshield now scan all processes by default. Can anybody explain this to me? How it improves security?

Thanks for your reply
Lenovo B40 laptop/ core i3 4010U CPU (1.7 GHz)/ 4.0 GB RAM/500 GB HDD,OS: windows 10 64 bit, Browser: Google Crome/ FF (adblock plus, lastpass,) Security: Avast pro 10, MBAM (free).

Offline CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: [6.0.1289] Web shield question
« Reply #1 on: September 14, 2011, 04:19:56 PM »
Quote from DavidR

It means 'all' HTTP traffic, so other applications, not necessarily browsers which can also make http connections.

No you can't specify which applications or exclude applications, it is either all or nothing with the new feature. You can check the 'Scan traffic from well-known browser processes only' option and that effectively brings the web shield back to scanning as it did before.

Offline gautam7

  • Full Member
  • ***
  • Posts: 193
Re: [6.0.1289] Web shield question
« Reply #2 on: September 14, 2011, 04:24:33 PM »
ok all http connection. Does this mean if i have a malware in my system and it try to send info then avast webshield will detect that and block it like it use to block infected webpage?
Lenovo B40 laptop/ core i3 4010U CPU (1.7 GHz)/ 4.0 GB RAM/500 GB HDD,OS: windows 10 64 bit, Browser: Google Crome/ FF (adblock plus, lastpass,) Security: Avast pro 10, MBAM (free).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: [6.0.1289] Web shield question
« Reply #3 on: September 14, 2011, 05:03:19 PM »
I don't know about outbound data being scanned as essentially the web shield redirects the call to an http port, so that it can monitor the associated inbound http content. 

When you use firefox say, you type in the URL you want to visit and ordinarily firefox would connect directly to that URL. With the web shield it redirects that call to its localhost proxy on port 12080 and that goes off to do your bidding. The resultant inbound traffic then comes back in through the proxy so it can be scanned.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gautam7

  • Full Member
  • ***
  • Posts: 193
Re: [6.0.1289] Web shield question
« Reply #4 on: September 14, 2011, 05:21:12 PM »
I don't know about outbound data being scanned as essentially the web shield redirects the call to an http port, so that it can monitor the associated inbound http content. 

When you use firefox say, you type in the URL you want to visit and ordinarily firefox would connect directly to that URL. With the web shield it redirects that call to its localhost proxy on port 12080 and that goes off to do your bidding. The resultant inbound traffic then comes back in through the proxy so it can be scanned.
Thanks for the explanation DavidR. But i guess if it does not scan outbound data then its not much of a use. Because apart from browser my other app only use http connection to update themself So the incomming data need not be scanned because they are all from trusted source. It would be more usefull if it can direct outbound connection for all app through web shield and block malicious connection. But i guess we have firewall for that purpose. I think i am going to use the setting scan known browser only. Thanks again
Lenovo B40 laptop/ core i3 4010U CPU (1.7 GHz)/ 4.0 GB RAM/500 GB HDD,OS: windows 10 64 bit, Browser: Google Crome/ FF (adblock plus, lastpass,) Security: Avast pro 10, MBAM (free).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: [6.0.1289] Web shield question
« Reply #5 on: September 14, 2011, 05:36:21 PM »
Well your interpretation of "then its not much of a use" doesn't hold true. If that were an undetected trojan downloader then what it is trying to be download would be filtered through the proxy and scanned.

Currently the only shield to combat this is the network shield and then only if the site happens to be on its malicious sites list. So yes it does have a use, it is just that you haven't imagined what that use might be.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gautam7

  • Full Member
  • ***
  • Posts: 193
Re: [6.0.1289] Web shield question
« Reply #6 on: September 14, 2011, 05:42:40 PM »
Good point about the undetected trojan trying to download. Thanks for pointing in that direction, well this new setting is not slowing down my browsing experiance so i guess it would be benificial to keep the default setting. Thanks
Lenovo B40 laptop/ core i3 4010U CPU (1.7 GHz)/ 4.0 GB RAM/500 GB HDD,OS: windows 10 64 bit, Browser: Google Crome/ FF (adblock plus, lastpass,) Security: Avast pro 10, MBAM (free).

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89039
  • No support PMs thanks
Re: [6.0.1289] Web shield question
« Reply #7 on: September 14, 2011, 06:15:48 PM »
You're welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security