How do I add a website to Avast 5s Web Shield exceptions it’s now flagging a website I visited all the time with Avast 4 and the previous version of Avast 5 with no problem. Today it started flagging a website I visit frequently that I believe it is mistaken on. I don’t see a way to add websites only file extensions. Even when “URLs to exclude” is checked and I add a website to the list below it it has no effect whatsoever and I am now forced to disable Web Shield for the night. I am currently using Avast 5.0.462.
Open avast!
Click on REAL-TIME SHIELDS
Click on Web Shield, click on the Expert Settings button
Click on Exclusions, pres the F1 key to get help with exclusions:
[i]On this page you can specify URLs and MIME types that should not be scanned by the Web Shield. This can be useful when downloading a large number of files from a single, trusted source.
URLs to exclude - Use the “Add” button to enter the URL addresses that should be ignored. If you want to exclude only a single page, you need to enter the full address e.g. you would need to enter the full address http://www.yahoo.com/index.html if you want to exclude the page index.html. However, if you enter http://www.yahoo.com/* no pages starting with http://yahoo.com will be scanned. If you want to exclude a particular file type from being scanned, e.g. files with a “.txt” extension, enter *.txt.
MIME types to exclude - Here you can specify any MIME types/sub-types that should not be scanned.[/i]
I saw that already and thats what I followed when typed the URL. It doesn’t work and I was hoping their was a file based way of doing it or something. As the URL exclusion feature in the interface isn’t working for me.
EDIT: Oh by the way I forgot to add above when I go to put a URL in before I click on it the field says “(enter extension)” is that the problem? Avast is looking for a extension to be added and not a URL. If so, how do I fix it so that I can switch it to URL mode?
Don’t add sites to the exceptions, without 100% confirmation that they aren’t infected, which is what I presume you are on about ?
- See http://www.scmagazineus.com/Every-36-seconds-a-website-is-infected/article/140414/, this is very common now as one of the most frequent methods of infection.
So exactly what is the problem with the site ?
What is the URL of the site, change the http or www to hXXp or wXw so the link isn’t active and someone cab check it out.
DavidR,
Thanks for that link on SC magazine, this brings the importance of a AV with web scanner to topmost priority, I would take a slight hit in network speed for extra security anyday.
Yes, it seems as though the webshield exclusions don’t work…even after specifically excluding google.com it is scanned…
However, I agree with DavidR, confirm the detection before…
You’re welcome, although the article is a bit old now the problem it relates too is still very current.
Well this is the one I was one of the ones I was on when Avast started blocking sites. It’s a page out of a much larger photogallery. This picture archive belongs to one of the actresses that I am a admirer of. I was gonna download a few pictures and then search for more elsewhere when Avast stopped me. I had been visiting the site for several months with Avast 4.8 up to the current time. The first few builds of Avast 5 didn’t flag it at all. And I’ve visited the site all the time sometimes even when Avast wasn’t even installed due to technical problems. I’ve never had one problem attributed to the website. Hell, I haven’t had a malware infection for the better part of a year and a half since using Avast on this machine. So I doubt it’s truly infected.
hxxp://wxw.idlebrain.com/movie/photogallery/bhuvaneswari7/index.html
EDIT: This is one of several pages in the photogallery list that gives me this problem a lot of them Avast doesn’t flag at all.
confirming, it just doesn’t work. Mentioning that I never bothered to try it before because I would never exclude any site anyway. Also, for those who really would like to exclude a site, if it worked, the webshield won’t scan it OK but he networkshield will, and as you know, or don’t now yet, there’s no settings for the network shield (that refers to a black list), and chances are big that it will then block what the web shield doesn’t block anymore.
@ joey3155
But why did avast stop you, an alert of infection ?
If so what was the malware name, etc. we need more details to investigate. A screenshot of the alert may be helpful.
I have visited that link with firefox and no alerts, though I also use NoScript to block scripts by default, I have allowed the main site, but there are many off-site scripts (see image) so it may be one of these that is triggering it.
I just tried his link, there’s a trojan alert
(without allowing anything with NS)
hxxp://wxw.idlebrain.com/movie/photogallery/bhuvaneswari7/index.html
Here’s the full screenshot the whited out stuff is what I was doing in Yahoo. It has no relevance to this issue.
yeah, here the web shield doesn’t block the page completely… I get the alert, as shown, but the connection isn’t completely aborted, web page (as seen through the alert transparency) is still displayed.
There is a script outside of the html block at the bottom of the page which is causing the alert.
So really, it is a good thing that you couldn’t exclude it…
-Scott-
For whatever reason, using firefox I don’t get an alert, but there is a huge block of obfuscated script after the closing HTML tag, which is a standards no, no and suspect. The document . create element possible more suspect, see Scott’s image.
So why do these alerts only appear on the newest and my current build of Avast?
Sites get hacked with monotonous regularity and has little to do with your current build.
It does work, you only have to specify the mask exactly; in this case, you’d want
[b]http://www.google.com/*[/b]
OK just tried with Google.com, added the “/*”, doesn’t work either…
WebShield works in streaming mode to some extent (unless you uncheck the “Use intelligent stream scanning” option) - so yes, if the malicious code is appended at the end of the page, the previous content may be passed to the browser, and the browser may show you the content - if it’s able to render it without the appended/blocked part.