Web shield Stopped working

I regularly go to eicar to test Avast that it is working and every time I test it the webshield catches the virus and aborts the connection.But today I deiced to test Avast again and this time the standard shield caught the virus, not the web shield. So, I checked the web shield and it was on but no files have been scanned and under Comodo firewall traffic list the web shield always appears but now I don’t see it anymore.

Were you trying to click a link which was https:\ secure encrypted as the web shield can’t/doesn’t scan https only http traffic.

What is your OS, browser ?

I assume you can browse the web normally as if comodo was blocking it you couldn’t ?

Have you changed your connection recently, e.g. do you use a web proxy to connect to the internet (e.g. web accelerator) ?

My os:windows xp pro sp2
My browser: Firefox 2.0.0.12 and Internet explorer 7

I have recently reinstalled Comodo firewall and I have moved most of the Avast files to my own safe files in Comodo so I don’t see too many alerts and I have the defense + disabled. I have also installed Ad muncher yesterday.

Web shield seems to work only when I shutdown ad muncher.Do you know how to configure Ad muncher to allow the web shield to work.

open avast4.ini (usually here…C:\Program Files\Alwil Software\Avast4\DATA).Scroll down list until you find [WebScanner] or click edit tab>find >and type in webscanner.Then underneath that, add this line
OptinProcess=admunch.exe

Then save and close.You will probably have to restart admuncher and avast.Admuncher should now work with avast http scanner.
m

As far as I’m aware admuncher uses a proxy to achieve its filtering, if so, you have two proxies, you need to add the admuncher proxy to the redirect port of the web shield and uncheck ignore local communication.

Hello David…
I dont believe admuncher actually uses a proxy (although it acts like one),but it filters at a system level.there is no admuncher proxy to add to the redirect port in that case.
m

It has to be intercepting the http traffic in order to be able to filter ads, that intercept is what id effectively blocking the web shield doing its job as the traffic is intercepted.

Why does my firewall say Ad Muncher is making "server" and outbound connections? This is just how Ad Muncher filters your browser's transfers; when your browser tries to connect to a web server, it is instead connected to the local Ad Muncher program (hence why it is creating a listening ("server") connection). Ad Muncher then connects out to the original target of the browser, which accounts for the outbound connections. These connections are perfectly normal and no cause for concern; the listening sockets are of no use to anyone except the programs on your computer trying to connect out.

So there should be something about the ports used by admuncher in the firewall logs assuming Splinter hell has a firewall that provides logs and outbound monitoring.

If not, not a problem, opting in admuncher alone I don’t think will work without unchecking the ignore local communication.

Hello David…
It does intercept all http traffic ,but at a system level.It does not work like proxomitron which filters through a dedicated port 8080.Connections are filtered between admuncher and the browser using localhost 127.0.0.1.I use admuncher succesfully with avast using optinprocess .There is no need to alter the webscanner settings at all.
M

It is most certainly a weird way to do things as the web shield isn’t the only application that filters http content. I see on the admuncher forum many issues with other applications, some symantec and on-line armour firewall, etc. The crazy thing I see is people disabling protective services to allow admuncher to work.

Im not sure about symantec problems with admuncher.However in online armors case ,the OA developers acknowledeged in a recent thread that the problem between OA and admuncher was due to OAs coding and not admunchers.This has supposedly been fixed in OAs latest build.Nod32 2.7 also used a different method of http scanning at the winsock level.However the recent version 3 has reverted to a proxy…much too the annoyance of many folks who dont like that method.Personally i think admunchers transparent method of hooking into http is much preferred over proxies as there is no need to configure anything and it works with all browsers.It can also be disabled with no ill effect to the applications routed through it.
m

Could provide a screenshot on how to do this please. ;D

Here are some screenshots

Thanks for help, now my Avast web shield and Ad muncher are working togehter. :slight_smile: