Web Shield problem

Hi - I recently installed Avast home v.4.7 on a laptop running Windows 2000 Pro. I seem to be having a problem with Web Shield. Currently, Standard Shield shows 1800+ scans for this session. Web Shield shows 15. I believe most of the 15 are from the home page for IE6 (google) because when I changed it, closed the browser, and then reopened, the new home page was noted as the last scanned.

Almost all my browsing is done with SeaMonkey however, and while I can’t be sure, I don’t think any of the SeaMonkey activity is being picked up by Web Shield. For example, when I access google from SeaMonkey, including when I make it the home page, Web Shield doesn’ pick it up.

My LAN settings are “Automatically detect settings” for IE and “Direct connection to the Internet” for SeaMonkey.

Any help appreciated - Thanks in advance.

I don’t know if sea monkey is on the approved browsers list (unfortunately there is no way a user can check this as the list is hidden and there are no references to what is on the list).

You don’t mention what sensitivity you have it on, I suspect High ?
Normal is the default, what might be happening is that the standard shield is scanning files as they are created in the browser cache. If seamonkey is similar to firefox as in it doesn’t have file types on its browser cache.

Web Shield Test - http://www.eicar.org/download/eicar.com, clicking on this harmless test link should cause the web shield to alarm, and give the option to abort the connection, if not then the standard shield may alert as it has got on to your HDD.

If SeaMonkey isn’t on the approved browser list it should be added because I’ve been using this exact setup for several years on 98SE, where you need to configure things manually, with absolutely no problems (it’s just a rebranded Mozilla, actually). I’ve installed only the browser portion of the download and I like it better than FF, which is a great browser but is getting a bit “overdesigned” for my personal taste.

When I clicked the link you posted I got an Avast warning, which I assume means Web Shield, immediately. but the last URL mentioned in the Web Shield dialog box is still www.google.com.

I checked my Kerio firewall settings and no Avast process is marked “Denied”, so I still don’t know what the problem is. I changed the protection level from high to normal, and if that makes a difference I will post back.

One thing that’s different about this time vs. my old 98 installation is that for the W2K installation there is no proxy server involved. Is that normal?

Yes,it’s normal. Webshield and the mail protection are transparent on win2k and up.

Well it seems I just fixed things by going to your tutorials for manual proxy setup and then changing SeaMonkey and IE to manual proxy configurations. Now Web Shield scans everything, including at the high protection setting.

Because the fake “virus” link you posted brought up a warning, I think Web Shield may have been working all along, but somehow it wasn’t reflected in the count in the Web Shield dialog box.

Unfortunately, 1. I don’t know what browsers are on the approved list and 2. I have no input either way as an avast user like yourself.

Sorry but that doesn’t mean it was a web shield detection, that is why I made the distinction about the lack of a choice with a web shield detection (to help in confirmation if the web shield was monitoring), your only option is ‘abort connection.’ If it got past the web shield because it wasn’t being monitored then standard shield would likely alert.

If Kerio was blocking ashWebSv.exe then you wouldn’t be able to browse ‘if’ the web shield was working with seamonkey. The fact that you have google.com in the last scanned value would indicate it is monitoring, but what, have you used another browser which might be racking up web shield activity ?

The manual setting effectively forces seamonkey to use the web shield proxy, but I don’t know if that would mean it is scanned. The reason I say this is you can pause the web shield and traffic still flows through the proxy but it isn’t scanned. The only way to really confirm is to periodically check the scanned total in the web shield details. Also try the eicar test link again and confirm that it is the web shield that is intercepting it.

RF. Look in Kerio’s “Firewall status” window and it should tell you Aswebsv.exe connections at localhost. If your Internet programs are using Webshield then all instances of it should show as Ashwebsv.exe with the corresponding protocol, IP, and port numbers. As far as if Seamonkey is on an approved list? Any program that uses http can be configured to use Webshield. I hope this helped.