Network shield and blocked URLs

I know there was a thread on this at one time, and a number of other users had the same problem. But to the best of my memory, at the time there was no clear-cut solution.

It’s very rare that I’ve had a URL blocked by avast – in fact, the only one I can remember was a sample link someone had posted here to demonstrate its function (Gooogle rings a bell). Like some others, I did not get avast’s popup warning that it had blocked access, only the “not found” screen. It did show in the “recent attacks” log, though.

The popup warning for DCOM attacks works just fine, so I’m baffled. Any suggestions?

Sorry Mike I’m not sure I understand what it is that you want ?

These are the only alerts you get with the network shield as it differs from standard scans.

First you would get the pop-up in the bottom right of the screen (as with normal alert) but no main pop-up window, see image1, the gooogle one you mentioned, this site has now been taken over and no longer works as a test.

As a result of avast blocking access to the site your browser would fail to connect and woul pop-up some message, see image2 from firefox (my default browser).

Thanks, David, guess I didn’t express the question properly. What else is new, right? :wink:

I simply meant I’d like the avast alert to show up, same as it already does for DCOM exploit attempts. As I’d mentioned, back when the url-blocking feature was introduced the warning alert would apparently display for some users but not others, and I don’t think a “common denominator” pattern was found as to who experienced this, let alone a solution.

Mike, as you know, DCOM attacks are related to the absence of a firewall and a Windows not updated. Is it your case?

The thinking at Alwil (which, guess what, I don’t agree with either) is that since it isn’t an attack in the same way as DCOM or the other virus alerts, that they don’t display the standard alert.

For me the network shield malicious site alert is way too low key and should be the same as normal alerts (yes it would need different wording), as the pop-up without audible alert is too easily missed and the only thing you notice is the problem that the page won’t load and you don’t know why.

You are left trying to find out why and if you even have the slightest inclination it might be avast, so you check the usual location, the avast log viewer and find nothing as it isn’t recorded there either and I feel it should. Not many know about the last attacks in the network shield so are unlikely to even look.

Me I’m for standardisation, same alert for all, standard visual & audible alerts (with an entry in the log viewer), with different wording for the Network Shield malicious site alert. This would fall in line with the other alerts that have a different wording depending on why avast alerted.

I’m not aware of the url blocking working for some but not others. I have one entry in url blocking .pif as I don’t believe avast should be being used for multiple urls, there are better tools for the job, firewall, hosts file and a slew of other tools no doubt. I would say that the majority of instances where the url blocking doesn’t work is incorrect application of the url and or poor use of the wildcards.

Sorry David, guess I confused communication one more time – can I blame my brain injury? :-[

I’m not aware of any cases where url blocking flatly doesn’t work (unless, of course, the user’s turned off the network shield). The problem I’m seeing, and if I remember correctly several others encountered this too, is that I’m getting no indication from avast that it’s blocked the url, other than that the event shows up in the network shield’s recent-attacks log. A blocked DCOM event, on the other hand, does display that small but very distinct notification in the lower right, as you’d mentioned. I get the impression that the network shield works (at least from the user’s viewpoint) in different ways for the two kinds of events.

As for DCOM events, you’re right, theoretically the firewall should be catching those, and I’d inquired about that ages ago. Supposedly blocking the specific IP ranges involved (always the same, tied in somehow to Rogers’ corporate customers) didn’t change anything, so the general consensus seemed to be that if avast was catching them, don’t worry about it.

Well think of avast’s network shield as a back-up for certain ports in your firewall if avast gets it before the firewall it isn’t an issue, if it doesn’t then that is likely to be because the firewall got there first.

The thing is most people have their firewall set not to notify, in most cases that is what you want or you would be constantly notified by port probes and DCOM or other exploit attempts, etc. Also many people don;t look at their firewall logs, even if they are available or easily accessible.

But I wouldn’t worry if avast threw up some DCOM alerts, etc. but I would confirm that my firewall was actually running.