URL exclusion in WebShield AVAST not working.

Hello all,

Issue: No access to DRAC5 interface website. (Dell PE2950) at home in test environment.

Workstation: Windows 10 x64 Pro English
Avast version: Free 17.2.2288
Virus def. : 170311-0
Browser: IE 11

Unable to access the website from DRAC5 when the option “Enable HTTPS scanning” is enabled in WebShield.
Because there is no update available for the DRAC5, I want Avast to exclude the url from the DRAC5 in Webshield.
When I add the website to the exclusion list (http://ipaddres) I can’t still not access the webinterface.
I have to disable the option “Enable HTTPS scanning” to get access to the webinterface.

Does someone know how I can exclude the DRAC5 webinterface from scanning by Webshield, so I can you the option “Enable HTTPS scanning” ?

Kind regards,
S.O.

https://www.avast.com/faq.php?article=AVKB168 (Excluding files/websites)

Hello,

Tried that manual and still no success.

I had add the IP address as https://ipaddress and still no luck.

Kind regards,
S.O.

I don’t believe you have given the address you are actually trying to exclude, but an example of what you have entered (as it doesn’t appear to be valid).

What is the full URL you are trying to exclude, what you have actually typed in the exclusion field ?

Hello David,

To access the DRAC I type https://192.168.254.10 in my browser.

I added https://192.168.254.10 in “Settings” >> “General” >> " Exclusions" >> " Urls"

See attachment for screen snip.

Kind regards,

S.O.

  1. Try typing a /after the IP and before the * wildcard e.g. https://192.168.254.10/*

  2. I don’t know if https would be correct on a local IP address.

  3. Next, given that this is a local IP and you are using a browser to access it. I don’t know if the Web Shield would be scanning local IPs.

That said You could put this in the Web Shield Exclusions AvastUI > Settings > Components > Web Shield > Customise > Exclusions. You could also consider excluding the DRAC executable in the ‘Processes to exclude’ option.

Hello,

I tested option 1 >> No success

Also added exclusion to the location bullet 3.

Still the same issue.
:-\

Kind regard,

S.O.

I’m at a loss as to what else to suggest, the only thing that comes to mind is changing the https to http in the exclusion. As I said I just wonder about https in local communication.

In earlier versions of avast there used to be a setting to ignore local communication, but I can’t find that option at the moment.

OK did some digging and it is still there.
AvastUI > Settings > Troubleshooting > scroll down (I hadn’t gone down far enough) to Redirect Settings. Check the ignore local communication and see if that works. Or try adding the local IP address to the Ignored addresses: field.

Hello David,

First of all, thank you for the time :wink:

I have tried to add the IP address to AvastUI > Settings > Troubleshooting >Redirect Settings with no luck :frowning:
Also tried only the IP address, tried https://ipaddress and tried http://ipaddress with no success.

The setting “Ignore local communication” was already enabled by default.
Tried this setting disabled but also no success.

It looks to me, that exclusions doesn’t apply to the option “Enable HTTPS scanning”.
I don’t know if this is by design or a bug.

Kind regards,

S.O.

Unfortunately as an avast user, I don’t know if https isn’t accepted or work in exclusions.

Some time ago when https traffic wasn’t scanned it wasn’t possible to enter an https url in exceptions, well that isn’t entirely correct (it tagged it with http). But it didn’t work.

Did you try excluding the process I suggested before:

That said You could put this in the Web Shield Exclusions AvastUI > Settings > Components > Web Shield > Customise > Exclusions. You could also consider excluding the DRAC executable in the 'Processes to exclude' option.

Something else to try if this isn’t already enabled - Web Shield settings - enable the ‘Scan traffic from well-known browser processes only.’

Hi David

I am not sure what to enter in the “Processes to exclude” option.
By entering the website I get a certificate warning. This is correct because the cert. past due.
But when the option “Enable HTTPS scanning” is enabled, web browser doesn’t put up the screen with the cert. warning at all.
The website doesn’t open at all.
IE 11 show only " Waiting for 192.168.24.10" and the circle goes round and round…

Do you have any ideas where I can find the values I have to enter in “Processes to exclude”.

Also tried “enable the Scan traffic from well-known browser processes only.” but that doesn’t give any better response.

Kind regards,

S.O.

What is the executable that runs this DRAC (you will have to excuse my ignorance, I have no idea how this works), it is connecting to the internet acting like a browser and the web shield would be trying to monitor that traffic. It is that executable that you have to enter.

Use the browse button (image) to navigate to the executable.

Edit typo.

Hi David,

Accessing DRAC5 is the same as opening an https:// website.
The only thing is that this website controls a Dell server remotely.

So you can see and give command to the server without an normal operating system.
It runs on a dedicated hardware card with its own web-interface.

See attachment where you see an example.

Grtz, S.O.

Given that I don’t have said hardware card “It runs on a dedicated hardware card with its own web-interface.”

I’m in an even worse situation than you, as I can’t test it. I’m at a loss as to what is going on.

This really needs an avast team member to pick this up.

Hi,

I’ll forward this to the devs behind the Web Shield.

You should get a reply by Monday.

Hello David and Alikhan,

Thanks for you help any way.

Grtz, S.O.

Hi, seems like you are doing everything correctly. The complete string to exclude an HTTPs URL from scanning is inside WebShield’s settings dialog, URLs to exclude and enter the following string into one line:

https://192.168.254.10;https://192.168.254.10*;https://192.168.254.10/*

(please don’t ask why, in 99% cases https://192.168.254.10* is also good enough)

What we would really like to find out is the reason, why you are having the issue with WebShield and DRAC5. We would really appreciate if you’ll be able to gather some debugging logs for us. I’ll post you in PM on Monday with detailed instructions, as soon as I’ll get in touch with the team.

The most probable reason is the fact that the cert is expired (am I right? Is the certificate correct but just expired?) However, the URL exclusion should also help you.

Thanks.

Hi Lukor,

You are correct about the certificate.
The certificate is expired and when the option " Enable HTTPS scanning" is disabled, I get in IE11 the warning about an untrusted certificate.
That is normal reaction and an expected reaction.

When I try to add “https://192.168.254.10” the * is automatically added by Avast.
So I have added “https://192.168.254.10*” and " https://192.168.254.10/*“to the exclusion list of " Webshield” and at “General”.
Disabled shields and (re)enabled shield for a services restart.
No success so far.

Let me know what I can do to assist.

Kind regards,

S.O.

Hi Lukor,

Hereby an Wireshark package capture picture about the network communication between DRAC and computer.
I hope this helps.

Kind regards,

S.O

https://192.168.254.10;https://192.168.254.10*;https://192.168.254.10/*

You need to add that in one line of webshield exclusions.

Have you done that?