Avast (4.7 Home Edition) on-access protection (default settings) let’s new browser applications bypass my firewall (Sygate Personal Firewall). The firewall reported the outgoing application to be ashWebSv.exe for which I’d granted access earlier, and not the new browser application that I was using. Once I terminated the on-access protection the firewall reports the correct application that is trying to connect outside.
Can this kind of behaviour be disabled in some other way than terminating the on-access protection wholly?
No it cannot.
If you have a webshield protection configured to a browser, Sygate will pass browsing traffic http tcp 80 (all outbound connections) without asking the permissions for them.
If you dont use IE but instead alternative browsers, you can make a so called manual proxy connection to only your prefewrred browsers. Thus IE gets asked and malware that might launch it are not so big worry.
Many other firewalls gave also this behavior in their default configuration on as a default, only there is nothing that can be done to SPF to block it.
Avast webshield local proxy is though restricted to known browsers only.
RejZor, it is a firewall. Sygate free has no HIPS or IDS.
There is therefore no need to be worried that there is not coming any new version.
It is a basic packet filter disguised as an application based firewall. Has a few added features, but NONE that depend on updated knowledgebase like virus databases.
Many times especially new versions are maybe produced by commercial pressure to have updates, often causing various problems.
There is a tendency to adopt suite concept like latest kerio Comodo etc. are examples. They have their problems. Stability, memory usage …
I am currently using kpf 2.1.5 and totally happy with it having my rules totally under my command.
As to Sygate 5.5, it is a good firewall for people not able to understand rule based firewalls. Keeps computer safe. I would not run other proxies though with Sygate except avast’s ones.
This is the Sygate localhost loopback vulnerability where it only recognises the proxy (which you have given permission for) and not the program using the localhost proxy.
How to disable transparent web shield proxy and allow only those browsers you want use it:
In avast! go to Web Shield provider, Customize…, Basic tab, blank the redirected HTTP port field (remove the 80). Now no browser can use webshield unless you manually configure it to use Web Shield.
You can still use sygate, just make the modifications so the avast proxy only works for those browsers you want to use it (and manually set them up), anything else connecting to the internet, can’t use the proxy so will be challenged by sygate.
Great posts David. Thank you, just valued information and I could not post or willing any better than you
EDIT:
Sygate or many other older firewall builds, they dont offer as much “protection” against never leak test kind things. It is always though the main thing, inbound protection. Sygate 5.5 looses outbound control with proxies, but I still am not recommending to ditch it for firewall newbie programs with bloat, hehe. Decisions made, I leave it to guys who read all the forums thinking they are safer with newer ones without getting familiar how or why, hehe. Was a good thread this one.
No, firewalls indeed don’t require such frequent updates as antiviruses, but outdated firewall can be far less secure than you think… Sygate is unfortunately one of such firewalls.
