Avast Firewall is automatically IP blocking a trusted website

Been trying to go to a website that I frequent regularly, but since sunday morning, I find it works fine for a few minutes and then suddenly starts timing out on me. After finding out that it’s working fine for many of the other people I know, I tried shutting off the firewall and reloading, and it works fine–if I turn it back on, it works for a few minutes and then locks up again.

After checking the logs, I found this entry coinciding with all the lock-up moments.

“Firewall has automatically blocked IP Address: 96.126.119.201 [Port Scan Detection]”

This began on Sunday (Where the problem began) and continues to repeat any time I bring the firewall back up. It’s getting more than a little irritating, but whitelisting both the website and the IP address had no effect, the firewall just automatically blocks it after a few minutes until I shut it down. Are there any other steps I can take or am I stuck waiting on a new release and hoping that solves the problem?

Hello Colin59, welcome to the forums.

I have the exactly same problem with Avast Firewall, and only workaround I found so far is disabling Port Scan Detection.
You can change this settings from:
Avast UI → Protection → Firewall → Settings → Advanced → Uncheck “Enable automatic port scan detection”

Thanks!

Hi Colin59,

Welcome to the forums. :slight_smile:

Just because a(ny) site was trustworthy in the past does not mean it is now. Port scanning is a common attack vector by hackers to find vulnerable systems; it is ongoing all the time. https://community.sophos.com/kb/en-us/115153

Rather than be annoyed, be glad avast may be protecting you from harm and notify site admins of your issue. Only site admins can fix, you cannot.

Example of potential security issue here: https://quttera.com/detailed_report/96.126.119.201 See ‘Suspicious Files’.

What is the URL you connect to?

@Colin59
You’re welcome.

@mchain @Pondus
I’m not the OP but I have to claim, I believe there must be some bugs in detection engine. It sometimes even blocks localhost ::slight_smile:
And my machine is behind the router; port scan should not reach on my machine but Avast still detected many “port scan”, make me unable to browse time to time.

Example:
http://www.inti.co.jp/

You can browse this site for some time, then you’ll see what happens…
And now, it start to block Microsoft IP saying it scans my ports ::slight_smile:

https://db-ip.com/40.74.131.199

hxxp://appmon-game.bn-ent.net/spec/info1703.html timed out.

Checked with your first link and got the avast firewall below, but time out only on this page above:

So, confirmed there are issues, but source might not be what you think it is.

You can browse pages which are cached; I also could browse pages loaded before blocking.
Unfortunately Inti.co.jp has much external links, so you have to browse inside inti.co.jp to see what I saw.

  • Second URL just shows blocked IP belongs to Microsoft. No blocking is observed on that page.

What do you mean?

I was going to say the source of the Port Scanning block could be the site you are visiting, but if you do not believe it is, you can turn off Port Scan Detection.

Well, I don’t think localhost scans my machine’s ports unless I do it intentionally.

Interesting…I have encountered the exact same problem, also starting on Sunday, same as the OP, and continuing to the present moment. And this is on a known safe site of which I am the administrator.

Same M.O., in that I can browse for a few minutes, then a “server time out” pops up on my browser.

My question would be: if the sites are being legitimately blocked by Avast IS, why is the Avast app doing so without the usual pop-up notification?

Here the same problem!!! a nas system inside my local network is blocked by the firewall.
Conclusion: avast is doing something wrong!!

If you don’t want to turn off port scanning, another possibility (which fixed one of the issues I was having) is to go into the Avast user interface → Settings → Components → Firewall “Customize” → “Advanced”, and in the “PORT SCAN DETECTION” remove one of the zeroes in the IP block timeout (effectively changing the time the firewall looks back for possible port scanning from 30 minutes to just 3 minutes). This fixed one JavaScript-heavy portal that I use.

Known issue, see: https://forum.avast.com/index.php?topic=199857.0

I have the same Issue on my own Website mallorca-forum.com and there is no knowing Problem with a Port Scan Attack against Visitors. Just at Sunday i have that Problem like other Users, so i think there is a Avast Program Bug or something.

Regards Daniel

I agree.

Judging from other bug reports in the forum, it looks like Avast Firewall isn’t tracking outgoing requests to see if incoming packets are in reply. I thought “port scanning” blocking was suppose to be in response to unsolicited packets arriving at various ports.

Asyn, thanks for the link to the other thread. However even though this is a “known issue”, there seems to be no permanent fix on offer in any of the threads, including that one. Avast Firewall still blocking specific harmless websites after a couple minutes of browsing, in a cryptic manner without providing any pop-up notifications.

Workaround: https://forum.avast.com/index.php?topic=199857.msg1382416#msg1382416

Many sites aren not working anymore.

https://i.imgur.com/M3giR5c.png

Strange for example: vdr-portal.de ist working, and sometimes not