AIS firewall problem

Well…now I’ve found a problem.
I blocked Opera completely through the main UI, set it to “ask about all”.
Ran Opera…it loads pages, how?..and then finally, about 3 minutes later, the firewall cuts off the flash audio I played to further test connection, and asks for an Opera connect?

Even better now…the flash begins playing again, till the end of the track, then I get another “ask” pop-up.
This repeats. Correct me if I’m wrong, but a policy of “Ask about all connections” should not allow anything unless I tell it to?

This behavior doesn’t happen with IE or Firefox, if I set them to “ask about all”, they can’t load until I allow.
Any suggestions?
If Opera can get by my FW, I’d imagine it can’t be that hard for something else less user-friendly.

Still doing it today…no less alarming after a nights sleep.
I hope it at least blocks incoming…
A firewall that does not block what it is told to block is no firewall at all.

edit: deleted Opera’s entry in the FW app. rules, then the whole group.
Opera still gets access.

Opera seems to be contacting inside your own PC, like a proxy.
I’m not sure what’s wrong. Can you elaborate? I mean, seems the normal behavior of AIS.

Thanks for assist :slight_smile:

Correct. But before the pop-up even displayed, I can surf/browse the web for about 3-4 minutes.
This was with my application rules set to “ask about all connections”. Then the pop-up comes, stops connection of whatever is running.

Am I wrong to think this should cut off all access till I say otherwise? This behavior does not happen with Firefox or IE.

Did you change AIS settings? Specially, avast service that controls WebShield?
Do you use a proxy? Is WebShield set as a proxy?

The only AIS settings I have ever changed are the firewall settings, only in the Application Rules section.
(Apart from the main Home/Work/Airport settings, set to “Work/medium risk”)
All the real-time shields I have left as default.
No proxy running here.

I’m unsure what you mean by the “web shield set as proxy” .
Are you speaking of setting outgoing web traffic to port 12080 in the firewall UI?
Like mentioned here?>>http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=482&nav=0,1#idt_04
Firefox I have set this way, but the other browsers I have left alone.

Yes, you’ve got the point.

Is this error reproducible?

Yes, it appears so.

Opera currently has no application rule or group.
I deleted both when I downloaded the newest Opera today, to test this further.

Just tried it again to be sure, Opera opens, runs great, with no specified port/rules/group at all.

The delay is less this time…30 seconds before pop-up instead of 3 minutes? But it is still present.

It’s a very hard hole if it can be confirmed…
It’s late for me. Bed is calling me. Sorry.
Hope Lukas can help us here.

No problem, we all have to sleep sometime. :slight_smile:
“Hard hole” in my firewall? That sounds fun, if it is the case.
I, too, hope for additional help.

Thanks for the feedback, though.

Lukas should jump here…

Hi, can you verify that it is really the opera.exe process that is accessing the web during the playback? E.g. with tcpview.exe ( http://live.sysinternals.com/Tcpview.exe ) or with the connections list in the firewall ? Thanks a lot. I will try it here in the meantime as well.

Yes, it is Opera.exe connecting, see attatchment.

Tried it again today after startup. A little better, it only loaded about half the elements on the page (Loaded all text, about half the interactive features, No pictures), before stopping access and showing the pop-up.

Then deleted Opera rules/group, tried again. Bad behavior returns, access with no permission, for full minutes. Something else I noticed. During the time I am surfing without firewall permission, every page that I try shows “blank page” for a split second before it loads up.

Any other ideas to troubleshoot this are welcome.

Hi,
I am not able to reproduce the problem here. My opera browser does not display any single page element, until I click ALLOW in the popup.

What firewall mode do you use? Could you please send me your rules.xml and config.xml from "C:\ProgramData\Alwil Software\Avast5\fw" folder for review? Do you use any other program, that might interfere? Popup blocker? Add-remover? Proxy server? Any 3rd party firewall?

Thanks a lot.
Lukas.

Hello again,

Firewall is set at “Work-Medium Risk”
Avast! is the only active shields I have, except Windows Defender which has been turned off for at least a month or 2. No other 3rd party firewall, proxy, pop-blocker or add-remover. (apart from AdBlockPlus in Firefox, but to my thinking that shouldn’t matter)

Lastly, where/how did you want those two files sent, as you didn’t specify?

You could try the new PR build…
http://forum.avast.com/index.php?topic=61045.0
Also, if you run FF without troubles, do you really nead Opera, too…?
asyn

I’ve thought about trying the beta, but this is my only functioning pc, since I turned my old laptop into a Smoothwall. So I’m a little cautious of testing uncharted waters :wink:

Really, I only use Opera for maybe 10% of my browsing, it is a luxury, not a necessity. But this oddity has me curious, and if its some kind of flaw I could avoid in the future, I would like to root out the cause :slight_smile:

I understand. Never mind, was just curious… :wink:
asyn

Weekend bump

Hey Lukor, did you forget about me? Still waiting to hear back from you on my last question.

Thats ok, I’m not going anywhere :wink: