Turning off all avast shields makes it work, adding it to whitelist doesn’t. I was unable to find any mention of anything being blocked by avast.
Changing Web Shield’s setting to [V] Scan traffic from well-known browser processes only does help, but I’d rather not use that setting permanently.
Avast Version?
OS?
Avast 6.0.1289
Virus definitions version: 111030-1
OS: Windows 7 Professional x64
Service Pack 1
What exactly do you see on your screen when Avast “blocks” the program? Could you take a screenshot and attach it to your next post?
I would understand if it is related to firewall rules for avastsvc.exe, but when you say “block” and “shields”, it gives (at least to me) the impression of some suspicious files or something potentially infected or alike. It “could” be a False Positive too, but without more details, the issue is not clear to me.
Shield Traffic graph says that last page scanned is http://imgur.com/api/upload but it doesn’t indicate in any way that anything at all was blocked.
Well, that screenshot doesn’t show anything from Avast. The only indication that Avast may be somehow related is that when you disable the web shield, the upload works correctly.
Maybe you should add avastsvc.exe to firewall rules? This is not a 100% blind suggestion, but “almost 100%”.
The setting that you change in web shield is “…well known browsers only”, and avastsvc.exe “should” solve the usual conflicts related to that setting. But here we are talking about “uploading” (outgoing firewall rules), so I’m not sure this particular executable is the one that should be added to your firewall rules.
Someone else may have some specific answer. In the meantime, you may try avastsvc.exe in your firewall rules (both “in” and “out”) and test it. Please report back.
Adding avastsvc.exe to the firewall exceptions didn’t help.
This is all I see in avast window when the upload is blocked:
Hi, this can be solved by adding Hyperdesktop to the exclusion for WebShield. You must edit WebShield.ini directly. (probably with Self-defence disabled).
Add the line
IgnoreProcess=place_the_name_of_hyperdesktop.exe
into the section
[WebScanner]
and restart WebShield.
You don’t need the self-defence module disabled if you use ‘notepad’ for the text editor when you modify the .ini file. Once complete and you try to save the file the self-defence module will seek confirmation of the changes answer yes.
Depending on your OS, the UAC might also stick its nose in to run notepad as an administrator.
I added the line (IgnoreProcess=hyperdesktop.exe) in the correct section, but it didn’t help at all. Using the full path didn’t help either.
Did you Stop and Restart the Web Shield (or reboot) after the edit ?
If you did:
The full path isn’t required, if you have the correct executable name then it isn’t the Web Shield that is blocking it.
Are you getting any errors displayed, if so what are they ?
####
Check the C:\ProgramData\AVAST Software\Avast\report\BehaviorShield.txt for any entry related to hyperdesktop (and post the entries) this location may be hidden unless you have already modified the tools, folder options and uncheck hide system files and folders, etc.
I stopped WebShield, edited the .ini file, and started WebShield again. I’m pretty sure that WebShield causes this problem, because when I turn it off (or make it scan well-known browsers only) Hyperdesktop works correctly.
Anyhow, here are all mentions of hyperdesktop I was able to find in BehaviorShield.txt:
2011-10-06 06:54:18 Modification of: \REGISTRY\USER\S-1-5-21-1832431132-403094995-3831868509-1000\Software\Microsoft\Windows\CurrentVersion\Run\Hyperdesktop
By: C:\downloads\hyperdesktop.exe
Via: C:\downloads\hyperdesktop.exe
-> Action allowed
2011-10-06 07:01:22 Modification of: \REGISTRY\USER\S-1-5-21-1832431132-403094995-3831868509-1000\Software\Microsoft\Windows\CurrentVersion\Run\Hyperdesktop
By: C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
Via: C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
-> Action allowed
2011-10-22 20:45:04 Modification of: \REGISTRY\USER\S-1-5-21-1832431132-403094995-3831868509-1000\Software\Microsoft\Windows\CurrentVersion\Run\Hyperdesktop
By: C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
Via: C:\Program Files (x86)\Hyperdesktop\hyperdesktop.exe
-> Action allowed
Errors displayed: none at all (except for Hyperdesk’s errors). WebShield’s error log is empty, infections count is still zero.
That closed one area of interaction, if the behaviorshield isn’t blocking. So essentially you are left with checking the ‘Scan traffic from well-known browser processes only’ option.
This isn’t that much of an issue as essentially the web shield works as it did before, just that it doesn’t scan other non-browser programs that (previous to this weren’t included) use http connections to do their work.
I checked that option ages ago and I don’t feel any less protected as a result of it.