Avast is slowing down my internet access.

Non-transparent proxy.

1.Open the file avast4.ini located in C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA in Notepad.
Find the section [WebScanner]
2.In this section add the following two lines:
UpstreamProxyHost=localhost
UpstreamProxyPort=8080

3.Restart the Web Shield provider – terminate and then start again
4.Configure your browser to use Web Shield as its proxy (server: localhost, port: 12080).

Transparent proxy.

1.Open the file avast4.ini located in C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA in Notepad.
Find the section [WebScanner] in this section add the following line:
OptinProcess=my_proxy.exe
(Replace the my_proxy.exe value with the real process name of your proxy app.) If the OptinProcess line is already present in the avast4.ini file, you can add another process name to the list by separating them by commas. E.g.:
OptinProcess=my_proxy.exe, my_browser.exe

2.Restart the Web Shield provider - terminate and then start again

Sorry, but I don’t know what is the process name of Web Washer…

I saw that article. But won’t that do the exact opposite of what I want?
(i.e. scan the web-data BEFORE WebWasher has filtered it at all).

Which one of these are true with the standard configuration
(monitor port 80, ignore local comm, IE set to proxy on WebWasher):

  1. Internet → WebWasher → WebShield → Browser
  2. Internet → WebShield → WebWasher → Browser
  3. Internet → WebShield → WebWasher → WebShield → Browser

The trick is to get it to scan ONLY data between WebWasher and browser… Or is that what happends with the standard settings.

Did you try the way for non-transparent proxy?

For transparent proxy, I am not sure but setting “redirected HTTP port(s)” in Web Shield configuration only as 8080 may do the trick.

If you use Standard Shield at HIGH sensitivity, you can disable WebShield.
But, WebShield + Standard Shield at NORMAL sensitivity, at least for me, uses less resources.

So, why don’t you uncheck ‘Ignore local communication’ and set WebShield to 8080 port?

If any other HTTP traffic passes through the port 80 and WebShield is not configurated to scan it… it won’t scan.

You mean remove 80 and just have 8080 there? Yep, that would check only the traffic between the browser and WebWasher, BUT if one program or browser accesses Internet using 80 (and not through WebWasher on 8080) that program can download web content that is not scannet at all :frowning:

If I keep BOTH 80 and 8080, won’t Web Shield then can TWICE (before WebWasher AND after WebWasher)… Hmmmm… Tricky…

If the broswer uses proxy on 8080 I want that traffic to be scanned, else I want 80 to be scanned. AND traffic between WebWasher and Internet should never be scanned (that will be scanned on 8080 later instead, right :slight_smile:

:-/

I use Custom setting for the Standard Shield. What need to be ON to make it safe. I have selected to scan some files types only (but added more than the standard). DLLs, OCXs and all program-file type are scanned. Also CLASS, scripts, web-pages extensions, JS, SWF and other binary types…

Lars-Erik, how about using Web Shield as non-transparent proxy only for the browser, then? As I showed, there are two ways of setting Web Shield.

If you set port 80 and check ‘Ignore local communication’, I think you will have what you want: avoid scanning between WebWasher and browser:
Internet > WebShield acting as a proxy at port 8080 for IE > at local communication you will pass the traffic from 8080 to 80 and WebShield will take it.
Maybe I’m wrong ::slight_smile:

They’re scanned as text (binary files) and I don’t think this will help that much.

If this is a part of WebShield scanning, why do you do that? Let them to WebShield…

No I want the opposite: Avoid scanning between WebWasher and the net, and ONLY scanning between WebWaser (after its filter) and the browser.

  1. Are you saying all extra extensions addad to the standard shield is scanned as TXT files only? Why is the default list full of binary files then? I have only added some types to the allreday existing list…

  2. Probably becuase webshield is quite new. I have used avast! longer.
    AND: What if a JS, SWF or similar file is copy from somwere else (a CD)
    WebShield only scan port 80 traffic. I can get a SWF or JS file on CD too.
    If you don’t have that in the list then, it won’t be scanned, right… ?

Do you have a setup for Standard Shield that scans all binary files and possible script files (very tight) but no unneeded files as an example?

BTW: I’ll add my settings (from the Avast4.xml file (or Avast4.mdb)).
Then you might comment on what is redundat (not necessary):

367
7
4096
4
\PAGEFILE.SYS,\WIN386.SWP,\SYSTEM.DA?,\USER.DA?,C:\WINDOWS\TEMP*.TMP,C:\MSDOS.SYS,C:\WINDOWS\TEMP_AVAST4_\UNP*
25
APPLICATION/X-RTSP-TUNNELLED;AUDIO/;IMAGE/GIF;IMAGE/JPEG;IMAGE/PNG;TEXT/CSS;VIDEO/
1
0
1
1
80
?,ACE,ARC,ARJ,ASP*,CAB,ECE*,GZ*,LHA,LZH,RAR,TAR,ZIP,ZOO
?,{},386,AD?,ASP,ASX,BAS,BAT,BIN,CH?,CLA*,CMD,COM,CPL,CRT,CSS,DLL,DO?,EML,ECE*,EXE,HLP,HT*,INF,INS,ISP,JS*,MDB,MDE,MHT,MS?,NWS,OCX,OV?,PCD,PDF,PIF,PO?,PP?,PRC,PRF,REG,RTF,SCF,SCR,SCT,SHB,SHS,SWF,SYS,VB?,VSD,VXD,WS?,XL?
CLA*

Also the packers are set to this streng (all of them, not just WS–):

EXE;ZIP;MIME;RAR;ARJ;TAR;GZ;CAB;ARC;ACE;ZOO;BZIP2;WinExec;LHARC;CPIO;RPM;7ZIP;CHM;ISO;TNEF

I was also thinking it might be a driver as well but ai run Avast Pro on my XP x64 system which is a laptop and as such I only have the core hardware drivers needed to run the system. Most of which there are not many options yet. One exception is my ATI Radeon 9600 Mobility graphics chip where ATI offers x64 driver updates frequently. So after all the slowdowns I went ahead and downloaded and installed a newer radeon driver just to see if that would help but it didn’t help. I always have 35 processes running after a clean boot and still showing the same 35 processes even now after the slowdowns.

I also thought possibly a spyware or malware issue, but ruled that out by scanning with various anti spyware apps and also the system returns to normal speeds once Avast is disabled.

Not sure what happened with the recent program changes to Avast but apparently my system does not like them at all.

I’m not expert on this… but as further I could read in forums, yes, just scan as binaries (not unpack for instance).

I never succeed to find a good group of settings for that… I’ve tried but some time after I’ve got avast! Pro and (un)fortunatelly I didn’t need to dig more here.
Maybe Igor could give us a help…

I had been aware of your intension and the answer has already been in front of you. I didn’t simply cut and paste.

1.Open the file avast4.ini located in C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA in Notepad.

  1. Find the section [WebScanner] in this section add the following two lines:
    UpstreamProxyHost=localhost
    UpstreamProxyPort=8080

3.Restart the Web Shield provider – terminate and then start again

4.Configure your browser to use Web Shield as its proxy (server: localhost, port: 12080).

In this way, you can chain the proxy communications as you wanted.

Browser/Web Shield(12080)/Web Washer(8080)/Internet(80)

However, if you already put Web Washer’s process name in [Web Scanner] section, you have to delete it.

Gotta go.

Do I have to change anything in the WebShild setup dialog as well?
Or should I just leave the “Transparent WebScanning” setting at “80”?

Just worried that it would make it go through WebShield one more like;

Browser → WebShield(12080) → WebWasher(8080) → “Transparent WebShield”(80) → Intenet (80)

instead of

Browser → WebShield(12080) → WebWasher(8080) → Intenet (80)

BTW: Is there a way to test what programs/proxies Internet access goes through?

Just noticed something else that is weird (and not good I think) :frowning:

With my old setting (“Transparent scanning” at “80”, IE6 proxy set to WebWasher at 8080),
the WebShield of avast! isn’t scanning anything (if I turn on the “Show details” it just show the
start URL, none of the elements on the page are scanned by WebShield at all).

In the setup dialog the number of scanned files is always “1” for each page loaded and the “last
file scanned” is always the main web-page adress (web-page files are scanned anyway when
stored in the cache because I have the “.htm” in the “Standard scanner” file extension list though).

Isn’t this a security hole? If a program acting as a proxy can access the Internet w/o WebShield
hooking on to that request and scanning the traffic? Why isn’t the traffic at port 80 scanned?

If I enter the “UpstreamProxyHost=localhost” and “UpstreamProxyPort=8080” then the web-page
files are scanned (after WebWasher has done the filtering, the ads removed are not scanned, and
that was the point too :slight_smile: But again - scary that WebShield hasn’t scanned anything before :-/

Lars-Erik, If you don’t have any communication monitoring app e.g. with a personal firewall, for example, it is bit difficult to confirm how the communications are working but I think you were almost there.

As a transparent proxy, Avast! Web Shield scans only HTTP communications of applications in its list by default. So, you don’t need to put Internet Explorer, Firefox or Opera in “OptinProcess=” line in the ini file since they are already in the (hidden) list out of box. In other words, Web Shield does not scan the communication of Proxomitron or Web Washer, which explains why you found that Web Shield is not scanning any communication through Web Washer. Furthermore, this assures that you don’t need to worry that Web Shield may scan communications between Internet and Web Washer at port 80. Means, if you set Web Shield as a non-transparent proxy, it should not scan HTTP communications twice but once.

So, just follow the instruction I wrote in my previous post. As for testing, try to download eicar anti-virus test files in “Download area using the standard protocol http” section at this page. Forget about “Download area using the secure, SSL enabled protocol https” since WS doesn’t provide HTTPS protection.

Yep. Turned on the “Show detailed info” and testet with some webpages.
And now it only scan the files that are not filtered out by WebWasher!

But what happends to other application trying to access web-pages now?
Will they still be scanned transparent, or will they not be scanned at all?
(in other words, must I add the 12080 proxy to all web-browsers now?)

That would be another security hole (then maybe its better to add WebWasher
to the “application-list” and use the normal transparent WebShield anyway?)

BTW: The “Standard” scanner is also scanning all the web-pages (the html, js
and other files) as they are read from or written to the cache. Actually they are
scanned here BEFORE they are scanned by WebShield (checked by having the
“Show detailed info” on for both. Seems a bit like double work, but I don’t see
how to avoid it (it must scan .js files etc when you open, copy or write too…)

Will the “Standard” scanner actually be enough (since the files are scanned
there first when written to the cache, a virus will be stopped there first)?

That’s natural as I wrote above.

If you’d like to have Web Shield scan local HTTP communications at port 8080 only once I think you need to follow the instruction I posted. Edit: And yes, about other HTTP apps, as long as they are on the (hidden) list, they will be scanned by Web Shield in non-transparent way. If they are not on the list, you can add them to “OptinProcess=” line in the ini file. However, normally, you don’t need to do this.

I think it makes thing easier and you can do that by adding the process name of Web Washer “OptinProcess=” line in the ini file but it makes the communication as below.

Browser/Web Washer(8080)/Web Shield (12080)/Internet(80)

Which you don’t seem to like since this makes Web Shield scan the communications before Web Washer. This is why I recommended the other way, means, direct HTTP communications of your browser to port Web Shield(12080) instead of Web Washer(8080). In fact, why not just give it a try and examine the results with eicar test?

At least, DavidR is against it. :wink:

Since the WebShield doesn’t scan all files (not images) it might not be that much difference.
And it might be nice to know if there is any virus in the element WebWasher filters out :slight_smile:

BTW: If WebWasher works OK after using the “OptinProcess=WWASHER.EXE” could it be added as
default? Then people using it doesn’t have to “hack” to get WebShield working on their system too.