I find that avast tries to connect to links on sites that I’ve closed a long time ago and also keeps connections open to sites that I have closed a long time ago. This results in by browser (firefox) to become so unresponsive that I have to close it every so often to get these connections released.
I have seen similar threads but no solution being offered to solve this problem.
Any ideas what settings I can change / tweak to get rid of this annoying behaviour ?
No, avast does not connect to any site.
ashWebSv.exe (the WebShield) is just a proxy: it redirects internally the traffic to scan. But it does not initiate any connection by itself. Something is trying to connect from your computer.
I suggest you make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
Ok, let me get my head around this. I do understand that avast serves as a proxy.
As I understand proxies (and I’m quite happy that I may be wrong) avast will install itself as a server on the http port.
Any connections I make to external sites will in real terms be to avast’s server which will open the connection to the server I’m trying to connect to. It thus inserts itself in the middle of the connection and can then scan the data coming in and going out. (If I look at my firewall logs with avast activated, ashWebs opens the connection. If I disable the webshield, Firefox opens the connection See attached images.).
Thus avast does actually do open the connections to the endpoints on behalf of firefox. For some reason it just does not drop them after firefox closes a page or takes a very long time to do so.
I know that there is very little one can do to detect I a socket is still being used by the requesting program short of having a TCP driver that detect connection drops etc.
I see no difference at all in the handling of Firefox browser connections whether they are intercepted by avast or not.
The all come down when Firefox closes them and they go - as they should - into timewait status before shutting down and that takes a only a few seconds. To the best of my knowledge there are no features in avast for any changing of the management of sessions it intercepts - it is just passing them on as it gets them from the browser - and, of course, it does not manage at all secure connections.
Does the connection viewer you are using show the current status of the connections (connected/timewait etc)? Typically Firefox opens up a large number of sessions initially to retrieve all the page contents and they then close down fairly quickly leaving one or two connected for refreshing purposes.
Yes, The connection log does show the connections going from open to closing to wait_close etc. Most of the times, the connections actually closes within a few seconds. There are however exceptions where connections remained open or were even still connecting 10 minutes after I closed a web site. This most often happens when the connects is retrieved from an upstream proxy in stead of the actual web site.
As I have written proxies myself I know what a pain in the behind it is to detect connections being dropped rather than being closed properly. Maybe the problem stems from this ?