When the host sends an TLSv1 Encrypted Alert message, including a “Next Sequence Number” X, the client will return an acknowledge packet with an ACK value of X-1
When disabling the WebShield, the corresponding ACK packet will use the value X as it should, so the problem is related to Avast
When the host is using a NetScaler as loadballancer v10.1, it will not accept the package causing the tcp session to be broken.
We are seeing similar behavior against our Netscaler gateways running 11.1 code. We attempted to contact Avast about the issue but they aren’t responding. We noticed this behavior roughly 2 weeks ago. Right now our workaround is to have external users remove the product from their machines and install another product.
We noticed this behavior roughly 2 weeks ago.Could it be related to the firewall / Portscan bug ? (I think a fix has been released today?)
if so you may try
Turn off port scan
Avast UI → Protection → Firewall → Settings → Advanced → Uncheck “Enable automatic port scan detection”