Avast web shield blocking legit site

system · 2017-06-12T11:14:14.000Z

Hello,

Running Avast version 17.4.3482.

When I try to access a webpage in my local network, it doesn’t work. If I disable avast web shield, it loads correctly. It’s from a biometric clocking system.

I have tried to add exclusions but It didn’t work.

Here is the source of the page with web shield disabled:

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>HEXA Web Server</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <meta http-equiv="X-UA-Compatible" content="IE=8" />
    <link rel="stylesheet" href="style.min.css.jgz" type="text/css" />
    <script type="text/javascript" src="full.min.js.jgz"></script>
	<script>
	<!--
	var RSAajax;

	function sendAESKeyCallback(response, arg) {
	 if (response.indexOf("</tr>") == -1) {
		document.location.reload();
	 } else {
		 var div=document.getElementById('mainPage');
		 div.innerHTML=response;

		 //exibe as opções do menu conforme permissao do usuario.
		 verifyTopMenuPermission();
		 //executa scripts carregados
		 var arr=div.getElementsByTagName('script');
		 for (var n=0; n < arr.length; n++) {
		 eval(arr[n].innerHTML);//run script inside div
		 }
	 }
	}


	function sendAESKey() {
		document.aes.key.value=Generate_key();
		
		var rsa = new RSAKey();
		rsa.setPublic(document.rsa.n.value, document.rsa.e.value);
		var res = rsa.encrypt(document.aes.key.value + '\n' + getRequestStr('','frmREP',false,false) + '\n');
		if(res) {
			AESajax=new ObjAjax();
			AESajax.onreadystatechange=function() {
				if (AESajax.readyState == 4) {
					if(AESajax.status == 200) {
						
					   if(AESajax.overrideMimeType){
							var responseText = AESajax.responseText;
					   } else {
							var responseText = convertResponseBodyToText(AESajax.responseBody);
					   }
					   if (navigator.appName == 'Microsoft Internet Explorer') {
								Decrypt_Text(responseText, document.aes.key.value, sendAESKeyCallback, null);
							} else {
								sendAESKeyCallback(Decrypt_Text(responseText, document.aes.key.value, null, null), null);
							}
					}
				}
			}
			AESajax.open("GET", "/atenas.cgi?opType=7&" + res,true);
			if (AESajax.overrideMimeType) {
				AESajax.overrideMimeType('text\/plain; charset=x-user-defined');
		    }else{
				AESajax.setRequestHeader("Accept-Charset", "x-user-defined");   
		    }
			AESajax.send(null);
		}
	}

	function verifyRSA(){
		//RSAajax.abort();
		if(document.rsa.n.value.length == 0){
			setTimeout("getRSAKey()", 50);
		}
	}
	function getRSAKey(){
		RSAajax=new ObjAjax();
		RSAajax.onreadystatechange=function() {
			if (RSAajax.readyState == 4) {
				if(RSAajax.status == 200) {
					var response = RSAajax.responseText;
					var endPos = response.indexOf("\n", 0);
					if(endPos != -1){
						document.rsa.e.value=response.substr(0,endPos);
						endPos=endPos + 1;
						document.rsa.n.value=response.substr(endPos);
					}
			    }
			}
		}
		RSAajax.open("GET", "/atenas.cgi?opType=6",true);
		RSAajax.send(null);
		setTimeout("verifyRSA()", 4000);
	}

	function initializeAES(){
		ce();	    	    	    	// Add time we got here to entropy
		mouseMotionEntropy(60);   	// Initialise collection of mouse motion entropy
	}

	var tries=0;
	function verifyLogin(){
		var dvREP = document.getElementById('dvREP');
		var dvMsg = document.getElementById('dvMsg');
		dvREP.style.display="none";
		dvMsg.style.display="block";
		var str="<table align='center' cellspacing='0' border='0' cellpadding='0'>" +
					"<tr><td><div>" +
						"<table class='displayTableNew'>" +
							"<tr>" +
							"<td class='tableConfig'>Aguarde, comunicando com equipamento" +
							"</td></tr></table></div></td></tr></table>";
		dvMsg.innerHTML=str;
		if(document.rsa.n.value.length == 0 && (tries < 6)){
			tries++;
			str="<table align='center' cellspacing='0' border='0' cellpadding='0'>" +
						"<tr><td><div>" +
							"<table class='displayTableNew'>" +
								"<tr>" +
									"<td class='tableConfig'>Aguarde, comunicando com equipamento";
			var cnt = tries%3;
			while(cnt >= 0){
				str+=".";
				cnt--;
			}
			str+="</td></tr></table></div></td></tr></table>";
			dvMsg.innerHTML=str;
			setTimeout("verifyLogin()", 1000);
		} else {
			changeValue('opType',0);
			changeValue('pgCode',60);
			changeValue('lblId',0);
			sendAESKey();
		}
	}
	
	function login(){
		tries=0;
		verifyLogin();
	}	
	
	//-->
	</script>
	
    <!--[if gte IE 9]>
    <style type="text/css">
    .gradient {
    filter: none;
    }
    </style>
    <![endif]-->
	<!-- IEBinaryToArray_ByteStr -->
    <script type='text/vbscript'>
    Function IEBinaryToArray_ByteStr(Binary)
       IEBinaryToArray_ByteStr = CStr(Binary)
    End Function
    Function IEBinaryToArray_ByteStr_Last(Binary)
       Dim lastIndex
       lastIndex = LenB(Binary)
       if lastIndex mod 2 Then
           IEBinaryToArray_ByteStr_Last = Chr( AscB( MidB( Binary, lastIndex, 1 ) ) )
       Else
           IEBinaryToArray_ByteStr_Last =""
       End If
    End Function
    </script>
  </head>
  <body onload="initializeAES();getRSAKey();" onkeypress="rng_seed_time();" onclick="rng_seed_time();">
	<form name="rsa">
		<input type="hidden" name="e" value="" /> 
		<input type="hidden" name="n" value="" />
	</form>
	<form name="aes">
		<input type="hidden" name="key" value=""/>
	</form>
    <table width="100%">
      <tr>
        <td align="center" valign="middle">
          <div id="topMenuPulse" align="center">
            <div id="topMenuTable">
              <table width="781px" cellspacing="0" cellpadding="0">
                <tr>
                  <td align="center" valign="middle" id="divTopMenuPulse">
                    <table style="width: auto;"> 
                      <tr>
                        <td class="topMenuItemsHidden" id="divMenuEmployer" ><div class="sprt menuitem-background"><span class="sprt menuitem-emplyr" title="Empregador" onclick="submitMainForm(4, 2, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuEmployee"><div class="sprt menuitem-background"><span class="sprt menuitem-emply" title="Colaborador" onclick="submitMainForm(4, 3, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuCfg"><div class="sprt menuitem-background"><span class="sprt menuitem-cfg" title="Configura&ccedil;&otilde;es" onclick="submitMainForm(4, 1, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuAdminCfg"><div class="sprt menuitem-background"><span class="sprt menuitem-system" title="Sistema" onclick="submitMainForm(4, 4, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuDateTime"><div class="sprt menuitem-background"><span class="sprt menuitem-rtc" title="Data e hora" onclick="submitMainForm(4, 20, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuManageData"><div class="sprt menuitem-background"><span class="sprt menuitem-dt" title="Dados" onclick="submitMainForm(4, 31, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuEvents"><div class="sprt menuitem-background"><span class="sprt menuitem-downld" title="Eventos" onclick="submitMainForm(4, 32, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuUsers"><div class="sprt menuitem-background"><span class="sprt menuitem-usr" title="Usu&aacute;rios" onclick="submitMainForm(0, 40, 0);" style="cursor:pointer;"></span></div></td>
						<td class="topMenuItemsHidden" id="divMenuExit"><div class="sprt menuitem-background"><span class="sprt menuitem-ext" title="Sair" onclick="submitMainForm(0, 61, 0);" style="cursor:pointer;"></span></div></td>
                      </tr>
                    </table>
                  </td>
                </tr>
              </table>
            </div>
            <div class="sprt2 img-menusBg">
            </div>
          </div>
          <div id="layoutBackground">
            <table style="height:564px; width:781px;" align="center">
              <tr>
                <td>
                  <div id="mainPage" class="default" align="center" style="height:564px; width:781px;">
                    <input id="showMenu" type="hidden" value="?showMenu?" />
                    <input id="redirectPage" type="hidden" value="" />
					<input id="hdTopMenuValue" type="hidden" value="?hdTopMenuValue?"/>
					<input id="hdMenuEmployer" type="hidden" value="?hdMenuEmployer?"/>
					<input id="hdMenuEmployee" type="hidden" value="?hdMenuEmployee?"/>
					<input id="hdMenuCfg" type="hidden" value="?hdMenuCfg?"/>
					<input id="hdMenuAdminCfg" type="hidden" value="?hdMenuAdminCfg?"/>
					<input id="hdMenuDateTime" type="hidden" value="?hdMenuDateTime?"/>
					<input id="hdManageData" type="hidden" value="?hdManageData?" />
					<input id="hdEvents" type="hidden" value="?hdEvents?" />
					<input id="hdMenuUsers" type="hidden" value="?hdMenuUsers?" />
					<input id="hdMenuExit" type="hidden" value="?hdMenuExit?" />
					<table id="tablefundo" style="height:564px; width:781px;" cellspacing="0" cellpadding="0" border="0">	
					  <tr style="height:115px; width:781px; " align="center" valign="top">
						<td align="center">
						  <h1 class="fonte30" style="left:40%;"><span class="sprt img-hexa"></span></h1>
						  <div id="welcome">Bem-vindo <font color="#00A1B6">?loggedUser?</font> </div>
						  <div id="layoutBlueLine"></div>
						</td>
					  </tr>
					  <tr>
						<td>
						  <form id="frmREP" name="frmREP" action="/atenas.cgi" method="get">
							<input type="hidden" id="opType" name="opType" value="?opType?" /> 
							<input type="hidden" id="pgCode" name="pgCode" value="?pgCode?" /> 
							<input type="hidden" id="lblId" name="lblId" value="?lblId?" />
							<div id="dvREP" style="display:block">
							<table align="center" cellspacing="0" border="0" cellpadding="0">
							  <tr><td><div>
									<table class="displayTableNew">
										<tr>
											<td class="tableConfig">Usu&aacute;rio</td>
											<td colspan="5">
												<input id="lblLogin" name="lblLogin" tabindex="1" maxlength="16" size="17" onkeypress="if(isEnter(event)){login();return false;}else{return true;}" />
											</td>
											<td><a href="#"><span class="sprt img-icnH" tabindex="0" title="Informe o usu&aacute;rio para acesso ao webserver."></span></a></td>
										</tr>
										<tr>
											<td class="tableConfig">Senha</td>
												<td colspan="5">
													<input type="password" id="lblPass" name="lblPass" tabindex="2" maxlength="6" size="17" onkeypress="if(isEnter(event)){login();return false;}else{return true;}" />
												</td>
											<td><a href="#"><span class="sprt img-icnH" tabindex="0" title="Senha de acesso."></span></a></td>
										</tr>
									</table>
									<table id="tbLogin" class="footerNew" align="center">
										<tr><td align="center"><a href="#" onclick="login();" tabindex="3">Entrar</a></td></tr>
									</table>
								  </div></td></tr>
							</table>
							</div>
						  <div id="dvMsg" style="display:none">
							</div>
							</form>
						</td>
					  </tr>
					</table>
					</td>
					</tr>
					<tr class="sprt2 img-footr">
				<td align="center">
					<a href="http://www.henry.com.br"><span class="sprt img-logoHenry" ></span></a>
				</td>
              </tr>
            </table>
          </div>
        </td>
      </tr>
    </table>
  </body>
</html>

system · 2017-06-12T13:48:35.000Z

Renan33 post:1:

Running Avast version 17.4.3482.

You might have posted to the wrong forum, this is the Business (cloud) forum where I believe the current version is still 17.4.2520.

The products are similar and the solutions the same, but maybe you meant the
Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier forum https://forum.avast.com/index.php?board=2.0 ?

Eddy · 2017-06-12T14:40:23.000Z

Looks like you are correct about the version GFM
https://forum.avast.com/index.php?topic=203632.0

system · 2017-06-12T16:23:46.000Z

No, this is the correct forum.

If I click About Avast, it says Version: 17.4.2520 (build 17.4.3482.0).

Eddy · 2017-06-12T16:32:53.000Z

I’m not surprised if this is the reason why it is blocked.

https://www.virustotal.com/en/url/1164f8a2910326278a7b08f35997cf06dbea53312548fae75f3ba0858058964c/analysis/1497284847/
https://www.virustotal.com/en/ip-address/177.185.194.112/information/
http://urlquery.net/report.php?id=1497282733435

http://zulu.zscaler.com/submission/show/e324e4c560e901d72e7a53f5ab0bb82a-1497284819
http://retire.insecurity.today/#!/scan/3271c9557d93805104f33cb7d090c78ef662a8950c93791ad060910de24641c8

DavidR · 2017-06-12T17:41:59.000Z

Renan33 post:4:

No, this is the correct forum.

If I click About Avast, it says Version: 17.4.2520 (build 17.4.3482.0).

This sub-forum is for the Avast for Business - new version 2.28 - as Eddy mentioned. You are using a different (Avast for Windows) version,
Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier.

Eddy · 2017-06-12T17:49:47.000Z

In his original post the OP mixed up the version and build number as it seems.
Version 17.4.2520 is (as far as I know) the latest client version for the cloud business version.

Asyn · 2017-06-12T17:55:34.000Z

Eddy post:7:

Version 17.4.2520 is (as far as I know) the latest client version for the cloud business version.

Confirmed.

system · 2017-06-12T19:21:52.000Z

Guys, I am using Avast for Business.

http://i.imgur.com/HGRemwg.jpg

And when I log in console, it says: Version 2.28.60. I have 33 computers using this version.

Anyways, I am using a local IP to access: http://172.16.10.99/.

Why is it being blocked? I see no warning message or any log.

DavidR · 2017-06-12T20:48:53.000Z

Renan33 post:9:

Guys, I am using Avast for Business.

http://i.imgur.com/HGRemwg.jpg

And when I log in console, it says: Version 2.28.60. I have 33 computers using this version.

Thanks for the clarification, it really is strange that the same build number is used on two different programs with different versions and names, confusing at the very least. I’m using avast free version 17.4.2294 (build 17.4.3482.0)

system · 2017-06-13T03:55:45.000Z

Sorry for the version confusion before.

Renan33 post:9:

Anyways, I am using a local IP to access: http://172.16.10.99/.

Hmmm, being a private subnet I’d expect it to not scan with the web shield. I have a strong feeling this is going to be a problem for Avast Support to diagnose, I would lodge a request with them as maybe it’s not recognizing the subnet correctly as being private.

In the cloud console settings for Web Shield, under Main Settings tab, there is a tick box for “Do not scan trusted sites”. Is it enabled? And is the site in your browser’s trusted site list?

If you have a DNS name for the IP, try to use that in the exclusions. Being Javascript it might need to be put in the “Script Exclusions” tab and enabled.

My advice would also be to double check your subnet mask, disable IPv6 if enabled and not needed, and update your network card driver.

Have you tried a couple of different browsers to see if the issue is specific to a certain browser?

Sorry I don’t think I can help much further.

system · 2017-06-13T10:34:07.000Z

GFM post:11:

Sorry for the version confusion before.

Renan33 post:9:

Anyways, I am using a local IP to access: http://172.16.10.99/.

Hmmm, being a private subnet I’d expect it to not scan with the web shield. I have a strong feeling this is going to be a problem for Avast Support to diagnose, I would lodge a request with them as maybe it’s not recognizing the subnet correctly as being private.

In the cloud console settings for Web Shield, under Main Settings tab, there is a tick box for “Do not scan trusted sites”. Is it enabled? And is the site in your browser’s trusted site list?

If you have a DNS name for the IP, try to use that in the exclusions. Being Javascript it might need to be put in the “Script Exclusions” tab and enabled.

My advice would also be to double check your subnet mask, disable IPv6 if enabled and not needed, and update your network card driver.

Have you tried a couple of different browsers to see if the issue is specific to a certain browser?

Sorry I don’t think I can help much further.

Yes, I have “Do not scan trusted sites” enabled. Added it to trusted sites list but It didn’t work.

I have tried several browsers (chrome, firefox, edge and IE) and two different machines (one windows 10 and one windows 7). It only works If I disable web shield.

I have opened a support ticket, because this used to work before.

Thank you for your help.

Eddy · 2017-06-13T14:19:55.000Z

I hope you created the ticket for business support.

system · 2017-06-15T05:47:58.000Z

Renan33 post:12:

I have tried several browsers (chrome, firefox, edge and IE) and two different machines (one windows 10 and one windows 7). It only works If I disable web shield.

If your machines are all the same vendor, it really would be worth checking for a newer network driver (not necessarily one from the vendor which often are not updated). I had a similar problem ages ago where a certain brand of PC in my network would not browse unless the shield was off. Upgrading the network driver fixed it. I think it was a Broadcom network chip if I recall.

I have made a habit of keeping a copy of old installers (offline installer, not the small web one). Might be worth downgrading back to an older version you know works, at least you will not have to disable the component and can keep some strength in your protection.

Support should be able to supply you a copy of a previous release for your site. At least they used to be able to.

Wish you luck!

Manley · 2017-06-15T20:07:47.000Z

I am having the same issue now. I have a legit website that we use and I have it in my Web Shield exclusions, but Web Shield is preventing me from uploading pictures to the website. With Web Shield disabled, then it works. With Web Shield enabled, the picture upload fails.

system · 2017-06-19T14:03:00.000Z

Same. We have an internal java based web application. Until recently it now prevents you to upload Spreadsheets. Nothing in the logs, no notification just doesn’t work and hangs.

Turning Web Shield off allows it to. Not ideal!

Eddy · 2017-06-19T14:45:21.000Z

Manley and Martin,

your problems are different from those of the OP.
Please start your own thread and provide details.

Announcements