Hi all, sorry for raising this ugly beast again but I’m still having troubles. I have searched the forums and I think I have got information overload on this topic ???
My software versions:
avast 4.6.603
Outpost 2.5.375.4822 (374)
Can someone confirm if the following Outpost rule is correct and do I need any others?
Partially Allowed Programs:
ASHWEBSV.EXE - TCP, Outbound, Remote Port 80 (HTTP), Allow.
The problem I have is that every program that accesses the net then needs a rule like:
Internet Explorer - TCP, Outbound, Remote Host: localhost (127.0.0.1), Remote Port: 12080, Allow.
Firstly, are these rule sets correct for Oupost and secondly, is this the “normal” behaviour (ie. in relation to creating a localhost allow rule for each program that accesses the net)?
Thanks heaps in advance … I’m down to my last couple of strands of hair
Yes, it seems correct - if it works for you. Additionally you may also need the rule for ashWebSv.exe: TCP, Inbound, local port: 12080, but I am not sure right now if outpost requires this kind of rules or if it controlls localhost listen by some other (global) option.
I use Outpost Pro 2.5 as well & that rule U have is the same as one i have for it, the reason U are being asked for localhost access is because the webscanner kinda acts like a proxy, so U will get TCP, Outbound, Remote Host: localhost (127.0.0.1), Remote Port: 12080, Allow. popups for most of Ur net apps, it perfectly ok to allow this, if U dont then they wont be able to connect.
U must have the global Allow loopback rule unchecked if U are gettin these prompts.
Thanks heaps BaNzI & lukor, greatly appreciated!! I may not go bald after all ;D
BaNzI, I have the global Allow loopback rule checked, that ok?
Would it be possible to set a global rule (as follows) instead of a localhost rule for each app. that accesses the net, or would that be opening a can of worms?
Custom Global Loopback Rule
TCP
Outbound and Packet Type: Local
Remote Host: localhost (127.0.0.1)
Remote Port: 12080
Allow
Strange, if U have the global Allow Loopback rule checked then u shouldnt be prompted for the localhost rules if memory serves me right, unticking the Allow Loopback is recommended at the outpost forum by the guru’s there (never really been sure why) & thats the setup i have.
It can be annoying allowing or creating rules for these localhost connections, but luckily Avast makers limited it to the one port, so when a prompt to allow appears on mine, i just leave everything in the custom rule & only tick Allow & call the rule Appsname Avast.
It sure is a great firewall, but i still find it a bit buggy sometimes (ie the constant freezing of firefox due to a my address (127.0.0.1) attack, this can be stopped by unticking My address attacks in the attack detection’splugin (advanced tab\Edit list at top of advanced tab)
As for Ur custom rule, it might be better to post about it here along with any outpost probs U have
Yeah, that is one of the things that is confusing the heck out of me. Everything I am reading says exactly that, but in my case I have it checked/switched on cause it causes problems if it isn’t.
Thanks for that, I am going to head over there now and see if I can get some help. :
DavidR
Thanks DavidR. Is that a safe ruleset to apply? I thought that it may effectively allow any program to access the web without you knowing (ie. trojans, etc.). I also remember reading that it should be a Partially Allowed rule in the Outpost forums (somewhere ???). Back to the Outpost forums for me.
It might not be the safest (outpost should still recognise a different program, using the web shield localhost loopback), but first get it working, and then you can tweak it if required. If you have it as partially allowed, you will obviously get more queries from Outpost, you might try the grc.com leak test and see if it gets through. I tried a while ago and it didn’t get through, so it was being checked by outpost. The problem is I can’t remember if I was using the beta version of ashwebsv.exe.
I haven’t seen anything on the outpost forum recently, if you have a link I would be interested to see what it is about and if this would relate to web shield.
