Comodo Firewall and Avast 7

[Guest]

[Ronny]

This is my idea.

Leave the web shield active, leave CFW active if you don't mind that legit apps can surf the web without CFW being able to block that traffic.
That should not be a big issue in protecting against malware as Avast should stop the malware before it would be able to connect back to the internet.

The only thing you can't prevent in this case is 'Phone Home' features of legit software that routes trough the web shield.

Malware should be caught by Avast not by a Firewall alert in this case.

[clockwork]

Disabling Avast features is not a work around I'm looking for.

I told you what you need to change (only having that block rule at bottom) so that the other workaround works.

Lets hope you don't stumble across some malicious scripts while surfing the web.

Use no-script firefox addon.
Use a sandbox.
If your antivirus can not detect malicious code, how should the web shield do this?

That should not be a big issue in protecting against malware as Avast should stop the malware before it would be able to connect back to the internet.

Malware should be caught by Avast not by a Firewall alert in this case.

I would not trust a definition based antivirus to manage network traffic that way

[Ronny]

I would not trust a definition based antivirus to manage network traffic that way

I wasn't writing what I would do, I would ditch Avast without doubt, I dare to run CIS without the AV and still feel safe.
Never tandem multiple security products as that's in general lessening the overall security of your system, chose the one you like most and take the maximum of it.

Use tools like HitmanPro/Mbam/SuperAntispyware/Emsisoft emergency kit for a second-opinion cause they are all 'on demand' and don't hook live in you system.

[EricJH]

I am not an Avast user but would switching back to Avast 6 be an option?

With regard to malicious scripts. If they try to trigger a buffer overflow CIS will get it with its BO protection.

[clockwork]

Avast is the best antivirus i ever used. And i say that even allready while having everything not installed apart from data system protection!
The people who get scared when they need to make a decision to disable an avast feature, they forget that all the features are in that product, because it isnt primary for those people with a host intrusion protection like comodo defense+, but for those who have just an antivirus.

You are not in akut danger if you disable the web shield, or the email shield, or the IM shield, as long as your antivirus catches malware AND your host intrusion protection would give you the choice of things running.

As for the worry about scripts, avast has a script shield additionally!
And i am one of these poor souls who would have been totally unprotected if we would need a web shield. No infections. It is possible

[Wiired]

Clockwork if you have a work around that works with please post a screen shot of the rules I need what order they need to be in.  Including the web browser.

[clockwork]

This:

Here's a 'kludge' that should prevent unauthorised applications from being able to use the Avast proxy. Add an rule below your existing Application rules that blocks everything else:

Application Name - All Applications (found under Select File Groups when creating a rule)
Action - Block and Log
Protocol - IP
Direction - Out
Source Address - Any
Destination Address - Any
IP Details - Any

You just have to ensure any process that needs network access, has a rule above this. Not ideal, but it does work.

mod edit: I provided a quote instead of the link. It helps to keep the flow of reading. Eric

[Wiired]

Clockwork,  I tried that already.  So can you confirm this works for you as you have actually tested it?

If so please post your screen shot of it.  I don't mind if you remove the rules that aren't applicable.
I need to see the entry for the browser,  the deny all applications rule and avastsvc.exe and what order they are in.  Then I can setup the same my end and confirm if I'm doing something wrong.

I'll assume you have not tested it if you reply without providing the details I've requested.

[Radaghast]

There's probably a more reliable way than the last 'kludge' I came up with but it's a little more involved. basically, you'll have to:

1. Disable the DNS client service.
2. Add a block rule to AvastSvc.exe that blocks DNS
3. For the applications you wish to allow, create individual DNS rules
4. Crete a rule for 'All Applications' that blocks DNS queries
5. Place the 'All Applications' at the end of the Application rules list

This should only allow connections that can do DNS resolution themselves, then use the avast proxy for the connection. You could probably do this in a couple of different ways, but this is probably the easiest.

Just don't forget, whatever we do with these makeshift rules, they're only bandages, they're not designed to completely fix anything. Also, they might not even work as you might think. You're probably better off, either allowing browser traffic only through the proxy or disabling it altogether. There's still plenty of protection, or should be.

 
 
 

[Wiired]

I liked the first work around did it work or did you later discover it was no good?  Can you post a screen shot of that one?  I couldn't get it going.

I understand its a bandage but I don't mind as I can change the rules on the machines affected and then wait until Comodo decides it needs a functionality change.

[Radaghast]

I liked the first work around did it work or did you later discover it was no good?  Can you post a screen shot of that one?  I couldn't get it going.

I understand its a bandage but I don't mind as I can change the rules on the machines affected and then wait until Comodo decides it needs a functionality change.

It worked, most of the time, but in all honesty, it was less than reliable. If you don't want to limit the Web-shield to browser traffic only, then I'd suggest going with the DNS option above. It's a little more work to set-up but seems to work better.

[Beefed]

Went back to Avast 6, and all works as it should. Much easier.

[paroh]

Went back to Avast 6, and all works as it should. Much easier.

i am also thinking to went back to 6 version till the problem get resolved

[hellion]

Hi All,

I simply cannot understand why it's taking Comodo this long to resolve a CRITICAL issue.

Shocking.

[John Buchanan]

The simple solution is to use whichever AV you wish but not use Avast 7 Web Shield as it was designed for Win8

[Tags:]