Hello.
Am I right in saying that with sygate + webshield, If I set IE or FF to ask, sygate wont ask me to allow them to access the internet?
Or if i block IE and FF they can still access the internet?
Hello.
Am I right in saying that with sygate + webshield, If I set IE or FF to ask, sygate wont ask me to allow them to access the internet?
Or if i block IE and FF they can still access the internet?
Yes that is correct.
For 4.6.603, this was the case not only for say IE or FF but also for VeryUglyTrojanSendingOutTheContentsOfYourHarddriveViaHttp. This has changed in 4.6.623 though…
The reason is tha Sygate works on NDIS level and therefore doesn’t see any communication that doesn’t actually hit the wire (i.e. is localhost only).
I have been using sygate since the beta version of the webshield and sygate has always asked my if I want to allow FF or IE to access the internet when set to ask.
And when I set them to block, they are blocked,.
However I did a reinstall of windows xp today, put sygate back and noticed that IE and FF were able to access the internet without sygate asking me. Furthermore when I blocked them both they could still access the internet.
Anyway I think I know why.
Before my reinstall I have always had this option unticked,
Enable smart DNS
It is located @ Tools > options > security > Enable Smart DNS.
I also have smart dhcp unticked but I find its the dns one thats causing the problem.
With smart DNS unticked sygate will always ask me to allow FF or IE to access the internet when I set to to ask
And when i block them they do not work .
Is this a cure for the local proxy issue with sygate and webshield?
As Vlk told you, Sygate wont ask you for browser access. And there is nothing you can do about it. But is that such a big problem?
It is Sygate issue and Avast’s webshield don’t pass trojans and like without asking, so it should be ok.
Please read my post above yours
Sygate will ask you for other applications!!!
Really wonder how you got asked for browsers before?
Maybe your webShield was not turned on then.
Jarmo.p
I am not an idiot.
I suggest you try it yourself.
Sorry if I sounded rude. I cannot do that cause I don’t have pro version of the firewall. Just I have never heard that Sygate proxy could be fixed with that smart dns or any other setting. I might be wrong and you are right.
I should have said that I am using the Pro version.
If there is anyone with the pro version, can you please give my solution a try?
DukeNukem,
You’re not alone with this problem, check out my posts here: http://forum.avast.com/index.php?topic=11662.0…
Regards,
=AirCeej=
AirCeej, i do not have any problems
I do however have a possible fix for sygate 5.5 Pro and webshield problem whereby internet explorer and FireFox can access the internet even if they are blocked or if set to ask sygate does not ask you to allow them access.
in the free sygate version, smart dns and dhcp are enabled by default and cant be disabled (in free version only). so it seems its normal to keep them enabled.
Ive re-installed sygate free and all works fine with latest avast. It didnt with previous avast, so I was using zonealarm…
NB I dont have proxy server checked in IE connections. Webshield redirected port is the default 80.
Jarmo, I don’t have the Pro version too.
The Smart DNS cannot be unchecked in the free version (as all other users posted here).
But I do have a local proxy and, sorry Vlk, but this is still present in the 4.6.623 version and the OptIn=0 (avast4.ini file setting).
For it’s not good to have allowed all outbound HTTP traffic through the proxy without asking for permition
Privacy and security issues or, like Vlk joked (maybe because it’s not his computer ;D): VeryUglyTrojanSendingOutTheContentsOfYourHarddriveViaHttp will be allowed to connect.
Stevejrc,
Unless something’s been changed in the latest version of Sygate Free PF (I’m using 5.5 build 2710 – as there are allegedly too many bugs with 5.6), then the problem with 80 as the Web Shield’s redirected port is: programs are no longer checked by Sygate PFF before gaining access to the ‘net – which means (at least in my version) you now have a mostly one-way firewall (see the various entries here: http://forum.avast.com/index.php?topic=11925.0). You can test this by configuring programs to ask for rights before gaining access to the ‘net. With 80 as the redirected port, they should get through unscathed; however if you blank the redirected port in the WS, then Sygate should ask you for permission before the program gets out.
The solution in the above thread to blank port 80 in the Web Shield solved the Sygate permission problem, although routing Firefox through the Web Shield brought about different problems discussed here: http://forum.avast.com/index.php?topic=11662.0. So for now the trade-offs with the current solution are:
· Programs are checked by Sygate PFF before accessing the Internet
· Firefox (in my case) with “Direct connection to the internet” checked - doesn’t get the advantages of the Web Shield, yet it doesn’t suffer from the current anomalies either.
=AirCeej=
No, it does not solve. It just ‘disable’ WebShield. When you enable it again (writting port 80), the firewall does not use that ‘allow rule’ but connect anyway through WebShield (and not through the browser itself). I did the test right now…
Yeah, I’m afraid in this case Technical - it does; and what you stated in your reply only mirrors what I found as the problem. I certainly want Sygate checking traffic in both directions and working in concert with Avast so a rouge program/virus/other wont get through. If I redirect through 80 then half of my Internet protection (all outbound traffic) through the firewall is lost. So considering I still have protection with Avast’s other shields and all I/O is checked to and from the ‘net through Sygate w/80 blanked in WS; this is far better than having the use of the Web Shield, routing Firefox through it and getting the certain URL display problems I’ve cited - along with not having any outbound protection through the firewall.
As checking two-way traffic to and from the computer has my highest priority in conjunction with the other shields in Avast, then I currently have the level of protection I enjoyed before Alwil added the Web Shield, and none of the problems since its introduction. Obviously it would be better if I could employ the use of the Web Shield, route Firefox through it without any display anomalies, AND have Sygate check traffic in both directions, but evidently that is not a current option.
Update:
Wow!
When version 4.6.603 was first downloaded on 4 different computers (3 running XP Home SP2 w/Sygate PFF 5.5 builds 2637 and 2710; 1 running XP Pro SP 1 w/Sygate PFF 5.5 Build 2710) I had the following problems:
· Firefox wasn’t being checked by the Web Shield though it was running.
· Programs that should’ve asked for rights through Sygate no longer did (which is what prompted me to write in the first place).
Interim Part 1:
· Upon getting the initial fix (as it were) from Jarmo P, Sygate once again was checking outward-bound programs, but I was getting display anomalies in Firefox on certain URL’s.
Interim Part 2:
· Some time on the 15th, I manually downloaded 4.6.623 and the same problems persisted (at least I think I tested for them anyway) ;).
Now (3/18/2005) with the current version of Avast and the following default settings reinstated:
· Web Shield redirected to Port 80
· Firefox set for “Direct connection to the internet”
All the problems (with which I experimented a few different ways, before and after reboot on all 4 computers) have been corrected! I presume Alwil downloaded a new version of 4.6.623 (mine is set for automatic), and this cleared it up! If this is the case, WAY TO GO AVAST TEAM!!!
Regards,
= AirCeej =
What an interesting topic! I do use Sygate PFPro and was unaware of the new developments till I saw this thread. So I had to run my own test. SPFPro is set to ‘ask’ and I utilize advanced rules to controll access to the internet. This is what happened:
I disconnected from and reconnected to the internet. An SPF popup appeared asking whether to allow avast! Web Scanner to contact download.windowsupdate.com. Permission was given.
I directed FF to a site in my bookmarks for which no advanced rule exists in my ruleset. The connection was promptly made.
The traffic log shows that it was not FF that contacted the site but avast! Web Scanner (ashWebSv.exe).
It would be deeply appreciated if anyone can fill me in on the following:
Since security seems to have been breeched, what did the avast gurus have in mind when they came up with this new twist?
If FF can hitch a free ride to uncharted territory, shouldn’t Mr Trojan claim (and enjoy) similar priviledges?
How exactly can one implement (idiot-style, i.e., click on… etc.) the redirections and direct connections of the last post?
What cause (if any) is there not to ditch avast at this point and go back to, let’s say, Norton?
kpfuser,
untick the smart dns option in sygate pro security tab.
Now try your experiment again.
And report back
In fact, this is not a WebShield leak. It’s a Sygate (at least the free version) problem.
My problem - which will be of anyone who uses an IP annonimizer, Proxomitron, MultiProxy, etc.) - is the local proxy. Sygate has a problem/bug and cannot handle the connections.
Built 623 updated to a new WebShield behavior. This is well known: http://forum.avast.com/index.php?topic=1647.msg100190#msg100190
Only allowed browser are automatic added to the white list of WebShield.
Until now, nobody proves me that we’re not losing the DDD authentication features of the firewalls. If a DLL uses the browser for connection, WebShield will serve as a tunnel (proxy) and the firewalls (at least Sygate free) won’t detect this. WebShield is making us lose this firewall feature.
Of course, if I’m wrong, I have no doubt to regret 8)