URL exclusion in WebShield AVAST not working.

DavidR · 2017-03-22T22:50:41.000Z

What is the executable that runs this DRAC (you will have to excuse my ignorance, I have no idea how this works), it is connecting to the internet acting like a browser and the web shield would be trying to monitor that traffic. It is that executable that you have to enter.

Use the browse button (image) to navigate to the executable.

Edit typo.

system · 2017-03-25T19:57:12.000Z

Hi David,

Accessing DRAC5 is the same as opening an https:// website.
The only thing is that this website controls a Dell server remotely.

So you can see and give command to the server without an normal operating system.
It runs on a dedicated hardware card with its own web-interface.

See attachment where you see an example.

Grtz, S.O.

DavidR · 2017-03-25T20:25:48.000Z

Given that I don’t have said hardware card “It runs on a dedicated hardware card with its own web-interface.”

I’m in an even worse situation than you, as I can’t test it. I’m at a loss as to what is going on.

This really needs an avast team member to pick this up.

Alikhan · 2017-03-25T21:37:51.000Z

Hi,

I’ll forward this to the devs behind the Web Shield.

You should get a reply by Monday.

system · 2017-03-25T22:01:46.000Z

Hello David and Alikhan,

Thanks for you help any way.

Grtz, S.O.

lukor · 2017-03-25T22:07:08.000Z

Hi, seems like you are doing everything correctly. The complete string to exclude an HTTPs URL from scanning is inside WebShield’s settings dialog, URLs to exclude and enter the following string into one line:

https://192.168.254.10;https://192.168.254.10*;https://192.168.254.10/*

(please don’t ask why, in 99% cases https://192.168.254.10* is also good enough)

What we would really like to find out is the reason, why you are having the issue with WebShield and DRAC5. We would really appreciate if you’ll be able to gather some debugging logs for us. I’ll post you in PM on Monday with detailed instructions, as soon as I’ll get in touch with the team.

The most probable reason is the fact that the cert is expired (am I right? Is the certificate correct but just expired?) However, the URL exclusion should also help you.

Thanks.

system · 2017-03-25T22:46:38.000Z

Hi Lukor,

You are correct about the certificate.
The certificate is expired and when the option " Enable HTTPS scanning" is disabled, I get in IE11 the warning about an untrusted certificate.
That is normal reaction and an expected reaction.

When I try to add “https://192.168.254.10” the * is automatically added by Avast.
So I have added “https://192.168.254.10*” and " https://192.168.254.10/*“to the exclusion list of " Webshield” and at “General”.
Disabled shields and (re)enabled shield for a services restart.
No success so far.

Let me know what I can do to assist.

Kind regards,

S.O.

system · 2017-03-25T22:52:07.000Z

Hi Lukor,

Hereby an Wireshark package capture picture about the network communication between DRAC and computer.
I hope this helps.

Kind regards,

S.O

Alikhan · 2017-03-25T23:01:54.000Z

https://192.168.254.10;https://192.168.254.10*;https://192.168.254.10/*

You need to add that in one line of webshield exclusions.

Have you done that?

system · 2017-03-25T23:09:07.000Z

Hi Alikhan,

I have added that exact string in to the exclusion of Webshield and tested.
Still the same issue.

Kind regards,

S.O.

system · 2017-03-25T23:14:07.000Z

Hi,

Also tested with the same string in de “General” exclusions with no luck.

I think it has something to do with “TLSv1”
TLSv1 is not save anymore.
But I use this for internal use and it doesn’t get access to the WEB.

Thanks,

S.O.

system · 2017-03-29T19:32:18.000Z

Hello,

I have heart nothing at this moment from the team yet.

lukor post:17:

Hi, seems like you are doing everything correctly. The complete string to exclude an HTTPs URL from scanning is inside WebShield’s settings dialog, URLs to exclude and enter the following string into one line:

https://192.168.254.10;https://192.168.254.10*;https://192.168.254.10/*

(please don’t ask why, in 99% cases https://192.168.254.10* is also good enough)

What we would really like to find out is the reason, why you are having the issue with WebShield and DRAC5. We would really appreciate if you’ll be able to gather some debugging logs for us. I’ll post you in PM on Monday with detailed instructions, as soon as I’ll get in touch with the team.

The most probable reason is the fact that the cert is expired (am I right? Is the certificate correct but just expired?) However, the URL exclusion should also help you.

Thanks.

Is there something I have missed?

Kind regards,

S.O.

DavidR · 2017-03-29T19:49:36.000Z

Did you receive the PM from lukor ?
If so he should outline what you need to do to gather that debugging data, so that he can analyse it.

system · 2017-03-29T19:57:27.000Z

Hi,

I didn’t receive any messages or instructions.
Therefor the friendly reminder

Kind regards,
S.O.

Alikhan · 2017-03-29T20:07:17.000Z

I will send Lukor a message to get in contact with you.

system · 2017-03-29T20:15:19.000Z

Hi,

Thank you.

This evening I installed and tested the version 17.3.2290 (build 17.3.2442.0)
But still the same challenge.

Kind regards,

S.O.

vojtech · 2017-03-30T08:46:33.000Z

What does the browser say when HTTPS scanning is enabled?

system · 2017-03-30T14:01:21.000Z

Hello Vojtech,

The browser doesn’t show anything when HTPPS scanning is enabled.
I only see “Waiting for 192.168.254.10” in the Tab of the browser.

See attachment.

Kind regards,

S.O.

vojtech · 2017-03-31T11:49:40.000Z

Hello,

please use this utility to generate WebShield logs and send them to me by email. When you are asked about WebShield technology, select StreamFilter (proxy is a legacy method).

http://public.avast.com/~peterka/WebShield/NsfTroubleshoot.exe

system · 2017-04-03T21:12:07.000Z

Hi Vojtech,

I have sent you a message with the info.
Hope it helps.

Kind regards,

S.O.

Announcements