Hi everybody,
I use “avast! 4 home Build 4.6.691”, my computer runs Windows XP, SP1; AMD Athlon 1800+, 256MB RAM.
I connect to the Internet via dial-up and have McAfee Internet Security 5.02 including Firewall 4.02 (I deinstalled VirusScan before I installed avast).
I don’t use an E-Mail-Client but E-Mail via WWW.
Browser is Firefox 1.0.7.
I am in great doubt, how to configure my McAfee-firewall regarding WebShield (ashWebSv.exe) and the other avast-programs!
As I read in the FAQs, Section “Updates” following the question “What should I know about using avast in combination with a firewall”: “The components of avast! 4 that should be allowed to connect:…” => I granted ashWebSv.exe full and unfiltered access in my firewall. Was that dangerous??
When I read the section “WebShield Issues” it says that “WebShield needs the same access rights as Your browser”; so I became afraid that full rights were maybe too much and changed the rights from unfiltered access to filtered access and activated a “learning mode” for the communication of WebShield.
At the moment it (asHWebSv.exe) has the following filtering rules (translated to English):
“allow outgoing communication
if the protocol is TCP/IP
and the remote port is 80”
“allow incoming communication
if the protocol is TCP/IP
and the remote-port is
3006, 3008, 3010-3015, 3017, 3019-3038, 3040-3080, 3082-3087, 3089-3146, 3148-3156, 3158-3176, 3178, 3180-3182, 3186-3195, 3199-3200, 3202, 3204-3208, 3210-3213, 3216, 3219, 3221-3223, 3225, 3227, 3229-3232, 3235, 3237-3239, 3241, 3243,3
and the local-port is 12080.”
Then I compared that to the firewall-rights of my browser Firefox:
“allow outgoing communication
if the protocol is TCP/IP
and the remote port is 21, 80, 443, 3003, 3005 or 3013-3014”
“allow incoming communication
if the protocol is TCP/IP
and the remote-port is 3004, 3006 or 3014-3015”.
As You see, the rights differ between WebShield and Firefox! And WebShield has much more ports open on the incoming side! Are the restrictions regarding Firefox still in effect or are they being overridden by the more liberal rights for WebShield?
If I switch off the learning mode of my firewall, it asks from time to time whether I would allow incoming traffic to WebShield on ports in the range of 3???. If I answer “No”, then sometimes everything seems to be alright, and sometimes Firefox says “document contains no data” and something misses in the browser-window or some operation doesn’t work.
I don’t understand exactly, how the components “Internet”, “Firewall”, “Browser” and “WebShield” interact. Is it possible, that my Firewall-Settings open doors for malware to bypass the firewall through WebShield, because WebShield is a “transparent proxy”, and may programs that I didn’t allow to access the internet in the firewall mask themselves by accessing the internet via WebShield?
Please tell me, how I should configure the avast-Programs in the firewall to have the maximum protection by each of these components! What is necessary, what is irrelevant and what is dangerous?
Many questions, I know…
Thank You in advance,
Horst Schneider