Avast 6 Network Shield blocking traffic during VPN session

This morning I remotely logged into my job from my home PC. Once logged in, Network Shield proceeded to block all internet traffic routed to my machine, flagging all internet traffic as Malicious. I could still access any application or utility that stayed on my home network and access all services on my network at work, but my browser, iTunes, or anything else that needs the internet was blocked.

Once I disconnected from my work VPN session, Network Shield played nice again. I’ve never seen this problem before today, it’s always worked fine in the past.

Any ideas what could be going on?

Which VPN program are you using?
Which files/processes were blocked by the Network Shield?
Which is your operational system and firewall?

VPN Client: Juniper Network Connect 6.5.0.15203

Files/Processes blocked: I’d have to look at log files, but basically anything that tried to get beyond the LAN at work was blocked. iTunes, IE8, Firefox, Yahoo IM, even the built-in MS RSS feed desktop widget that comes bundled with Windows was blocked.

OS: Windows 7 pro 64bit (6.1, Build 7600) The only firewall I have at the moment is the built in Windows firewall but it has not been running.

Well… LAN at work and avast free?
avast is an antivirus only (not a firewall) and just scan, not block.
Besides, it’s intended for home use only.

I’m using Avast Pro Antivirus, and it comes with Network Shield real time scanner built it. Avast has been working fine on my system for years.

Why are you using IE8 on Windows 7 pro 64bit ???

IE9 is much better.

YoKenny, I also use Firefox, but for work IE8 is often required for websites and utilities at the job. I’d really prefer to discuss the Avast issue.

Tech, are we saying that Avast Antivirus Pro ver 6 on a machine with a VPN client is not a valid use case? I find that hard to believe.

Just for TESTING (until we find a much better solution):

Web Shield → EXPERT settings → “…well known browsers only”.

Alternatively (undo the previous test setting, so to be sure this is working independently), you could try avast main GUI → troubleshooting → redirect settings. Add here the needed IP address and / or the needed process.

Please report back.

No, it’s valid. It’s ok.

Well, we need to discover if Network Shield is really blocking something that they shouldn’t.
Did you try disabling it and test?

If it fails, try disabling the Behavior Shield, then WebShield. One provider at a time and test.

While troubleshooting this issue yesterday (and again today), I disabled the Network Shield and the problem went away. I haven’t tried changing any other settings, but will do so if that will help?

I’ll report back.

Only Network Shield shows the problem. The other providers don’t cause a problem.
Network Shield blocks everything that goes to the cloud. I can open a browser to any internal website, but Avast detects a threat if I go to say - ibm.com

iTunes triggers it too (because that tries to go out to the Apple servers)

Yahoo Messenger triggers it.

Basically any application at all that tries to get to the cloud is blocked while in VPN and Network Shield is running.

St.Muffin90, I’ve asked for programmers’ help.

I understand the difference between Network Shield and Web Shield. I still would like to see the suggestions tested, specially the one related to “redirect settings”.

In addition, could you attach a screenshot of this “detection” from Network Shield?

I tested Tech’s suggestions in my previous post.

Just now I set an IP address for the avast forums (using an nslookup of forum.avast.com) in the redirect settings, and with Network Shield still active, tried to refresh the page with this thread we are on right now. Network Shield detected a threat.

Screenshot attached.

Hi Muffin, can you send me the networkshield log. Its in “C:\ProgramData\AVAST Software\Avast\log\nshield.log”

Could you also please test with WebShield turned off? These two shield indeed interfere with each other, so this test is highly relevant (and also we have done some fixes regarding their inter-operability lately)

Thanks.
Lukas.

Muffin, there may be non-zero probability that we blocked wrong ip - something acting like proxy for you.
Do you know the ips of the vpn, proxies, dns servers in use?

Lukor, Kubecj:

Thank you both for your responses. I’m away from my machine at the moment, but will send the log file when I return several hours from now. At my workplace an internet proxy and firewall is in place. I’ll see if I can get the relevant IP addresses.

Lukor I can’t add the nshield log fil to this message because it’s over the size limit. Is there somewhere I can email it to you?

I emailed the log file a short while ago. I also included the internal IP address for our internet proxy in that email. Unfortunately I don’t know what the external facing IP address for our proxy is at the moment, but please let me know if I need to supply anything additional.

Thanks all for your help.

Hi Team:

Any updates on this one? I still am seeing the problem.