Problem with Flash security

When flash application connect to server by 80 port, it get security request, not http format. Avast(Web shield) denied answer, and application can`t connect to server.

==Security answer ========================

<?xml version=\"1.0\" encoding=\"utf-8\"?> ======================================

You will fix this problem?

Are you sure this is from the web shield ?

It looks more like firefox possibly with NoScript or another browser with a security setting related to cross site scripting and I don’t thing the web shield checks for anything like that. If it found anything it wasn’t happy with I would have thought you would have got an avast alarm.

Yes, i sure.
I testing this problem on several browsers.
When i deactivate web shield, or add adress server to ignore list, all ok.
Server and flash are at my hosting.

PS. Flex too have this problem.
PSS. Avast dont alarm, it cut this request and dont alarm. A find this problem by statistic. On all computers where install avast, application don`t work, on another computers all ok.
PSSS. On all computers install Avast Home Free

If you want check it, i can run server and application. Write me PM. if you can write on russian i am grateful. I bad know english.

What other security applications do you have, anti-spyware, firewall, etc. ?

It could well be that there is a clash between two applications and disabling one removes the clash.

It could also be that the use of the flash application on port 80 (HTTP) and not conforming to the HTTP protocol. I have seen that on some streaming audio ad the only way round it was to add the IP address in the web shield, customize, basic tab, Ignored addresses: field, see image.

Sorry I’m only an avast user like yourself, but your English is very good.

Hopefully one of the Alwil team can pick up this topic.

All another security application were disabled (outpost, comodo, other antivirus).
Yes, problem in that, what flash security confirm from server not conforming HTTP protocol. in First post you can see example
I am game developer, and i think about usability for users =) if all users need setup antivirus if they want play in my game, it is bad =)))

That is the problem when you have a http filter like the web shield, which redirects port 80 traffic and it is expecting HTTP protocol traffic and standards.

I’m no developer but does it have to be port 80 to another port that doesn’t have a specific protocol ?

Many people played from office and have opened only 80 port =(
Game may connect not only 80 port. It is not critical problem.
But if solved this problem, it`s add usability for several users.


You have other antivirus on the same computer? ???

If so, to disable other antivirus will not be enough and will cause problems.

Perhaps this is related to the problem you have now? ???


All antivirus and firewalls, without one, diasbled all time. All security soft install for only test.
PS. What you say about this problem? you will fix this or it you security politic? =)
PSS. IMHO if you add Adobe Flash security protocol in you antivirus, is not security bug =)


Even when disabled, resident scanners load low level device drivers, which can still conflict and cause you problems.

What is the disabled antivirus?


Manadgment → Services → → Disabled, Stop;
Autorun → ;
Sometimes i deinstall software.


OK … I will offer no more help. ::slight_smile:

Maybe David will chime in again … or someone else. ???


Thank you, about attempt help.
This problem not in the soft. It is security setting avast (Web scanner) (Disallowed not http protocol on 80 port)
I would like you opinion about this setting. Its will fix, or not?. =) All can resolve it if add server in list ignored address, but many user who played, dont have need qualification for this action.
If they have other opened port to internet, then all ok, but if on they network all port closed (opened only 80, and install avast, and they cant right change rules) its problem.

The location from where they play shouldn’t determine the port used, if they are connecting to a web page on http port 80, surely there is nothing to stop the developer of the game specifying a different port after the initial communication/connection if this is an on-line only game. However, if it is one that has to be fully installed or have an element on the hard disk, then it should be easy to specify the connection address and port.

Other games seem to manage this without problem or we would see much more of this on the forums and we aren’t seeing this.

It isn’t so much, disallow in the web shield (as I wasn’t aware that it had this functionality, certainly not documented in the help file), just that it can’t handle the non-http protocol causing the error.

As I said before I’m just an avast user as is CharleyO, so we a) don’t have enough knowledge of the inner workings of the avast web shield or b) the power to change anything. I have just been making suggestion as to how it might be possible to avoid the web shield proxy when non-http protocols are used.

Ok, thank you :wink: :-X

I’m hopeful one of the Alwil team will pick up on this, but you could also contact support (at) avast dot com (remove spaces in address and replace (at) with @ and dot with .). Give an outline of the problem and a link to this topic to save repeating everything you have entered.

I don’t know if I understand the issue correctly. To me it seems you are sending non HTTP data on HTTP port 80 and with WebShield it does not get through.

This may indeed happen, althouht WebShield tries to relay non-http requests when it recognizes one. If you can post the request and response, maybe we can fine tune the routines to detect your requests as well. But in general I would suggest using HTTP protocol on port 80. It is just a small change, add a simple HTTP request line and HTTP response line and everything will get easier for you as a developer. WebShield is not the only HTTP proxy listening/monitoring port 80. In companies there might and frequently are regular HTTP proxies as well.

Has anybody found a solution for this?

We’re running into the same issue.
A flash application opening a socket connection to another IP on port 80, but it fails because it seems Avast! does not allow to load the cross domain policy file.

Only solution so far is uninstalling avast! and installing a different virus scanner.

Thanks,
Tom

It isn’t that avast doesn’t allow it, it isn’t a firewall, as lukor said using the HTTP port that the web shield filters to scan, is expecting HTTP protocol and if that isn’t using the http protocol then there are problems.

There are several options short of an uninstall:

  1. use a different port so that the web shield doesn’t monitor non-http traffic.
  2. terminate the web shield, the provider monitoring the port 80 traffic. This has obvious downsides in that your general web browsing isn’t protected.
  3. if this is for one site only that this problem occurs then you could add that IP to the web shield, Ignored addresses: field, see image example. This has the benefit of the web shield still being enabled and protecting your general browsing.

As lukor said avast isn’t the only security application monitoring port 80 as the web is now becoming the most used route of entry for malware and as such more security applications are likely to start monitoring this traffic.

Hello Tom,
what exactly do you mean when you say that “Avast! does not allow to load the cross domain policy file” ? Is there any special file you are trying to load and how? Thanks. (sorry for my ignorance, I don’t do any flash programming)

Lukas.