Web Shield's URL blocker is blocking on a non-listed URL

I have URLs listed in the Web Shield’s URL blocker feature. I went to the following web page and it got blocked by Avast:

http://www.xobni.com/download

Yet that doesn’t match on any of the URL strings that I added to the URL blocker of Web Shield that are listed below. I can’t even find the “ni.com” string in the avast4.db file. If I disable the URL blocker, I can visit that web page. When it is enabled, that web page is blocked. However, with the URL blocker enabled, I can visit:

http://www.xobni.com/

So why does the inclusion of “download”, a substring not in any of my URL strings, cause Avast to block on it?

List of URL strings in Web Shield’s URL blocker:
.247realmedia.com
.2of7.net
.adbrite.com
.adbureau.net
.AdRevolver.com
.adriti.com
.adsdk.com
.adsonar.com
.advertising.com
.avenuea.com
.brandclik.com
.brightcove.com
.builtintext.com
.burstnet.com
.chitika.net
.clickz.com
.coremetrics.com
.doubleclick.com
.doubleclick.net
.echotopic.com
.fastclick.net
.feedburner.com
.focalink.com
.googlesyndication.com
.hitbox.com
.infolinks.com
.intellitxt.com
.kontera.com
.linkworth.com
.mediaplex.com
.mediatext.com
.optspots.com
.pointroll.com
.promoplexer.com
.quantserve.com
.shoppingads.com
.sitemeter.com
.snap.com
.tradedoubler.com
.tribalfusion.com
.valueclick.net
.vibrantmedia.com
.yieldmanager.com
.zedo.com
ad?.msn.com
adserver.yahoo.com

To be absolutely honest, the avast URL blocking feature is an absolute waste of time for this type of blocking. It really wasn’t designed for this.

First there is no way to import a list to avoid having to enter them individually, you can’t export the list so if a problem you would have to enter them again.

There are many tools that are specifically designed for this and you can import pre-formulated lists. You can Use your Hosts file in conjunction with a Hosts file management tool. You can use an add-blocking extension for your browser, etc. You can also use your firewall, all of which are easier than using the URL blocking in avast.

I don’t know why it might be blocked, are you sure it is avast that is blocking it and if so what exactly does avast say ?

I can visit that site so it isn’t the network shield which was the only possibility I though could possibly have any input.

What error message are you receiving?
Are you sure that it is avast which is blocking the access to that page?

Edited: David was faster, as usual ;D

Why? It works (well, has worked) quite well.

Then WHAT was it designed for? Sure seems URL blocking is what it does.

Quite true. I did have to do a reinstall of Avast (after PC Tools’ Threatfire managed to quarantine the ashserv.exe file as a false positive and disposed of the file when I tried to restore if from quarantine). I have the list and was able to manually re-enter it.

Have you ever looked at a pre-compiled hosts file? There are over 50 entries alone just for the .com and .net TLDs for Doubleclick’s hosts, and that doesn’t cover all TLDs nor do they have all the hostnames listed. The management – assuming you actually do manage that hosts file per YOUR choices – is a far worse nightmare than a few dozen entries in Avast’s URL blocking list (unless, of course, you decide to delegate complete authority to someone else as to which hosts get blocked). With Avast’s URL blocking, I can include a hostname but I can also block on domains which covers a LOT of duplications in the hosts file (because URLs there must be fully qualified to the hostname, not just the domain).

Yep, except the add-ons that I was using in IE7 are not compatible with IE8. Plus I’ve had problems with some sites (where I do want full functionality), like my bank site and my ISP’s webmail login, because of substrings on which the ad-blocker was matching. It became too difficult to drill into all the ad-blocker’s rules trying to figure out which rule was causing the problem, so eventually I simply added the entire domain to the ad-blocker’s exception list. That took me 4 days to figure out and I got clued in only after disabling the add-on and noticing the sites then worked okay. I’m not really interested in eradicating every possible advertisement in the web pages that I visit but just the major proliferating marketing resources.

I’ve used 3rd party firewalls before, including TallEmu’s OnlineArmor (where I really like its RunSafer mode) and Comodo; however, both got in the way of several programs that I use which, for example, will dynamically load drivers and set global hooks. Even when I train the HIPS function (app rules) in these 3rd party firewalls+HIPS products, or go into their app rules and give them full privileges, the problematic programs remain problematic. I can’t just disable their HIPS functionality or reboot into Windows’ safe mode because something remaining of these programs still interferes. I have to configure them to not load on next reboot, reboot, use the programs, reconfigure to load on next reboot, reboot, and then I’m protected again. I’ve reported several problems or deficiencies with both these products. So I simplified my setup and went back to the Windows Firewall. Rather than use HIPS (app rules) in these 3rd party firewalls to regulate what program can load, I use SRPs (software restriction policies). If I find a program making unwanted or covert connections for which there is no explanation or a means to configure it network accesses, I get rid of that program.

I’m not really looking to further complicate my security setup. I’m the type where security is okay as long as it doesn’t get in my way or overly consumes my time putzing around with the security product rather than just use it.

Avast is blocking the content and inserting its placeholder text (announces Avast blocked the content and gives the URL of what it blocked). This is its static placeholder text that it replaces in the region within the page where the blocked content would have appeared. This isn’t an error message. This is the expected placeholder that Avast inserts into a web page to alert the user that it blocked that content.

I think David is thinking - maybe I’m wrong… - that specialized tools could block ads with more accuracy, besides the fact the list could be automatically updated. No need for manual work.

Another vote for AdBlock and NoScript into Firefox.

Can you elaborate? Maybe a link to that program…

Most ad-blockers that I’ve used do not just have long lists of sites to block. They also incorporate rules based on substrings they test within a URL links or within DIV or TABLE elements (to piece the text back together that these are used to divide apart). This is akin to why anti-virus/malware products don’t just rely on signatures but include heuristics to monitor for unknown pests.

I really don’t want to get into arguments over which is the better method of content blocking, especially because I’m not interested in squeezing out every possible ad from every web page that I visit. Which method of ad-blocking is best is NOT the point of my original question that started this discussion.

And that has what to do with my question? I’m not getting into a side argument over which web browser to use. Those are add-ons. I’m not interested in configuring every web browser installed on my host to install another add-on and manage ad-blocking within that web browser which is separate from managing ad-blocking in another web browser. I’m also not interested in performing ad-blocking within the web browser but upstream of it.

At one time, I used OpenDNS as my DNS server instead of my ISP’s DNS server. OpenDNS lets you create an account where you can select from several categories the types of web sources that you want to block, plus they let you add your own list of domains to block. Very handy and obviously very upstream of the web browser, my host, my router, and cable modem. However, I had problems with that service regarding interstitial pages they would inject in the web traffic so I moved my list of blocked domains from OpenDNS to Avast’s Web Shield with its URL blocking. And, no, I’m not getting into yet another side discussion regarding OpenDNS.

Either run the group policy editor (gpedit.msc) under the Computer Configuration → Windows Settings → Security Settings node or use the local policy editor (secpol.msc), and look under the Software Restriction Policies node (if it isn’t there, you have to right-click on the parent node and choose to add a default set of policies). SRPs were mentioned as to why I am not using a 3rd party firewall because the HIPS function (application rules) regarding what can load into memory can be managed by SRPs (i.e., no additional software must be installed or managed). However, SRPs have nothing to do with my original question. They were merely mentioned as a qualification as to why I went back to the Windows Firewall. I don’t need a 3rd party firewall. HIPS is performed on my host by SRPs. I only need inbound rules in my firewall. Any program that would require an outbound network rule will be eradicated if its behavior is not configurable to my satisfaction.


Perhaps the developers or tech support don’t visit these forums. I was trying to find out if there is a known problem with Avast’s Web Shield component regarding its URL blocking function in getting confused as to what it should be blocking, or if someone saw something that I didn’t as to why the URL for the web page was getting triggered by the URL strings specified under the URL blocking list (something akin to having someone else look at your failing code to get a different pair of eyes and perspective to find your error). So far, no one has mentioned an obvious blunder in the list of URL strings on which to block where one, or more, of them would result on a match against the URL for the problematic web page but then I’m not sure anyone actually bothered to look at that list of URL strings to verify that none of them match the web page’s URL.

To me, none of the URL strings in the blocking list should match against the URL for the web page mentioned (where Avast sticks in its placeholder text noting that it blocked that content).

By the way, today Avast is not blocking on the previously problematic download web page. I had not altered, added to, or deleted from the URL blocking list in Avast’s Web Shield. Go figure.

Alas, later it blocked on a different site (whose URL did not match on anything in Avast’s URL block list). I was way too busy at the time to spend time on investigating this new incorrect block so I didn’t record its URL. All I had time for at the moment was to check the URL to the page and verify that nothing in the URL block list should have matched on it.