If it helps…
Web Shield is a new provider. It is a proxy that filters the communication of a web browser, looking for viruses. It also makes it possible to block certain files by URL or MIME type. HTTP Scanner should deal with all network traffic such as spywares, adwares, toolbars, BHOs, hijackers and other malicious scripts. It will work as a real time network-based antivirus firewall, it will filter HTTP (web) traffic before it reaches the browser.
Also please note we have two different features:
blocked URLs: this list contains URLs and URL wildcards which should NOT be accessible through avast! Web Shield - these might be positively malicious pages, unwanted adds or something like that.
URLs to exclude: this list contains URLs and URL wildcards which should NOT be scanned at all - that means you can even download viruses from these pages if you want - perhaps to download eicar test file or perhaps to save some CPU cycles for specific needs - eg. your intranet apps or something like that.
Anyway, HTTPS protocol won’t be scanned as avast! won’t be allowed to check inside the communication.
It will will also be able to handle FTP but the FTP application (for instance, Internet Explorer, LeachFTP, 3d-FTP, WSFTP, CUTEFTP, SmartFTP) must be manually configured to be scanned.
Concerning the firewalls: Yes, you have to allow the webshield process (ashWebSv.exe) the access the internet. Especially port 80 (which is intercepted automatically), but 21 for FTP (and perhaps others) might be also needed - in case you set WebShield as a proxy server in your browsers. In some firewalls you would have to grant also the “Act as a server” right as ashWebSv.exe is listening on the port 12080 on localhost (to accept the connections from browsers). Sorry for the Outpost troubles, but we can hardly do anything to improve the cooperation with firewalls. From the firewall point of view ashWebSv.exe should be just an app accessing the internet and the firewall should interact with you (the user) according to its settings - eg. display a messagebox.
It might be the service nature of WebShield which confuses the firewall routines, the service might even start before the firewall interface and that might perhaps be the cause of the missing message boxes from Outpost. Stopping (terminate) and restarting the WebShield provider might give the firewall a second chance to detect WebShield’s connections…
Also, there’s a NNTP scanner in the Internet Mail provider. It is basically the same as for inbound e-mail scanning (POP3), but now for “News”.