I just tried http://sceper.ws/page/2 and it is blocked whether I enable or disable URL blocking in Web Shield.
I don’t want to exclude a URL from the entire Web Shield scanning, just to unblock a URL and keep Web Shield scanning enabled.
But, If I do uncheck Web Shield URL blocking all together:
The URL blocking option in Web Shield does not disable URL blocking when disabled. It is not fixed.
It did work for me with adding “http://www.sceper.ws/page/2” to exclusions.
AGAIN … that excludes it from all of Web Shield. Not just the URL blocking part of Web Shield.
And it does NOT fix the bug in that checkbox.
Or are you saying that Avast uses the term WEB for all of the internet? In that case Avast is just plain wrong. www or no www in the URL really shouldn’t matter.
Yes, that excludes it from all of webshield, and I think this is intended.
If you mean the “Block malware URLs” checkbox, I filled in a bug report that is doesn’t include URL:Mal2 detection. 
Webshield scans everything that comes from the net.
Www or no www are two different subdomains. The fact that most webservers are configured to prepend “www.” if no subdomain is specified does not mean they are the same.
If you mean the "Block malware URLs" checkbox, I will report that is doesn't include URL:Mal2 detection
Thank you.
Webshield scans everything that comes from the net.
That makes the name Webshield factually incorrect
For the sceper url www or no makes no difference. Both work if typed in the browser. However, the page selector on the bottom of the site always leads to pages without www. Excluding the sceper domain, with or without www will indeed exclude it, but that is not what I want. It now also excludes the domain from the script scanning and other parts of Web Shield. That is an unnecessarily broad method of exclusion, imo. I really think it would be nice to have a way to exclude a specific URL from URL blocking, and keep the URL blocking feature itself enabled for all other URLs 
Perhaps NetShield was not as catchy
But then we would have people who excluded their favourite site and are confused why there is a popup telling them an infection was blocked. Didn’t they just add it to exclusions?
And then, we have the following case: Assume we have a domain (blockeddomain.com). On that site there is an iframe with advertisement/game/stream:
I don’t mind the popups. And the blocking of the actually malicious parts of a site. Either on the domain or loaded from 3rd parties. But that still does not mean a URL should be blocked entirely if the URL blocking checkbox is left unchecked. This needs to be cleared up. I might not agree on how it will implement a blockade, but at least the description should match the behaviour.
I also think that when an iframe or script wants to load a malicious external site, that is the specific part that should be blocked (and generate a popup with the correct warning). Not the site that hosts the iframe or similar. So the result would be that the site is loaded but without the harmful elements. It might not function properly, but that is fine. The popup would clue you in that something was amiss, and what you get to see is the portion of the site that could be displayed safely.
Blocking only the malicious parts on a site is like censoring a book.
I say show everything or nothing at all, like it is now.
Especially when a warning is shown while parts of the website can be viewed without a problem will confuse the users.
That analogy makes no sense. Do you hold the same view with regard to ad blockers or script/cookie/tracking blockers? Otherwise, you are being quite the hypocrite. Ad networks are a prime source of malicious 3rd party code.
Block the entire site that is using a malicious ad(network)
I agree, and that is why I filled in a bug report
This is not implementable (is that a word :)?)
When we see a malicious code, we must block the whole file that this is in - this is how AV works. We might detect a couple of bytes in an .exe file, and block it all, the very same way we might detect a couple of characters in a HTML page to block it all. Because what if there is another piece of malicious code that we do not detect? The safest option is to block the whole file. The detections we create would have to be MUCH more complicated if we wanted the rest of the site load safely. That would just not be viable.
The safest option is to not go online at all. But that is also not viable in today’s world. So we need granularity in our online access. A way to properly choose what elements are shown and which aren’t. And for the sake of practicality it needs to be automated. That is what a Web Shield is for, imho.
This is what Malwarebytes does >> https://blog.malwarebytes.com/malwarebytes-news/2013/05/oh-the-sites-you-will-never-see/
Not if this is an advanced option for advanced users. Keep the default wholesale blocking, but give more experienced users more control I say.
This approach is much more sensible imo
But that is not possible, because even advanced users do not fully understand what which detection means and what danger it poses.
I say, block everything or nothing. If the detection is correct, it will be brought to the owner much faster (than if everyone just excludes it) and therefore will be healed much faster. If it is a false positive, it will be fixed much faster (because the users actually want us to fix it).
Creating advanced options would be very time consuming and prone to bugs (and bug here could mean an infected user!)
Totally disagree. Block it. As far as I’m concerned, no site is that important that you can’t report what you think is a false positive and wait
for a correction if you happen to be right.
I don’t think you should force everybody to the same lowest common denominator of protection granularity. The all or nothing approach. A a default, yes fine, but not as the only option. By forcing this, you also force people to disable more of their AV than necessary, to enable the access they feel they must have. So as an AV supplier you then choose to expose them to more harm (by their own doing) because they will eventually opt for an all or nothing approach themselves, and disable their AV altogether. Because they were not provided the option to selectively waive certain precautions.
It is NOT a false positive. In the case of for example an ad network serving malicious ads, that ad network can be blocked without blocking every site that would otherwise show ads from that network. This is what ad blockers do. You would not be OK with ad blocking software that completely blocks every site with an ad. i.e. pretty much everything, these days. An ad blocker is more selective. The code is stripped, and the rest of the site is shown. Script blockers do the same but with other code. And yes, sometimes that breaks part of the site. That is why it should be an advanced option only. But an option nonetheless. Imo.
You’re reading something into my reply that wasn’t stated.
Bock it. If the user doesn’t agree, report it and wait for a correction from Avast if the users assumption was correct.