Avast & CIS

First of all I should state that I am aware of the massive thread about this problem. So my apologies if this is flogging a dead horse.

I came across this issue setting up a new computer (Win 7 Home Premium SP1 x64) with up-to-date Avast 7 & CIS. I was completely confounded as on my own machine that has been running exactly the same OS, AV (with Web Shield enabled), and firewall for years does not appear to have any problem.

My machine has CIS fw set up with “custom policy” enabled, creating rules for safe applications, and “very high” alert settings (mirrored on the new machine). Unless I am missing something important, CIS will block all connections I have not yet vetted.

Setting the firewall policy to “block all” on the new machine does nothing and connections will bypass the firewall, as per the above forum thread (“custom policy” brings up sporadic alerts). However, on my machine “block all” will block all connections and Windows will register there being no available network connection.

Is there a reason why one works and the other does not? I assumed this was a blanket issue for all Avast 7/CIS users.

If you are using avast web shield on windows 7 theres a problem

Thanks for the reply.

Just to clarify, are you saying that the functionality of CIS firewall is not the issue here, and that Avast web shield poses a security risk on all Win 7 machines and should be disabled until the issue has been addressed?

Even the Windows firewall is not able to properly filter connections when using the Avast 7 web filter on Windows 7.

I am not sure why your old computer works differently when using the same OS and AV and CIS set up.

First thing that comes to mind is that on your old computer you had all the rules in place and set up when using Avast 6 so you may not have been getting any alerts anymore. And therefor not noticing that CIS was actually no longer filtering after updating to Avast 7.

You can test my hypothesis by importing a factory clean Proactive Security configuration and activating it. It can be found in the CIS installation folder and make sure to import it under a different name like CIS Proactive Security Clean f.e… Then set your favorite settings and see what happens.

You can use the just released CIS v5.12 for Windows 8 to tackle the problem with the Avast webshield:

I imported the default Proactive policy and the firewall functions as I would expect.

Screenshot attached (hopefully…)

[attachment deleted by admin]

That’s interestingly odd and not what we’d expect.

Please make sure that there are no left overs of previously uninstalled security programs around. Not all uninstallers do a proper job. Left over applications, drivers or services can cause all sort of “interesting effects”.

Try using removal tools for those programs to remove them. Here is a list of removal tools for common av programs: ESET Knowledgebase .

Should I just run the one for avast?

I have MS Security Essentials but it’s not active, and I’m pretty sure none of the others are relevant.

Ok, I ran the cleanup tool for avast (5 & 6). This required a reinstall of 7.
No change. Firewall still running like a beast.

Should I be worried? or counting my lucky stars?

Please run the cleanup tools for every security program you ever had installed in the past. It’s good to make sure that there is not a stray service or driver left behind.

I’ve run the cleanup for Avast & MS Security Essentials that I know I have installed myself; Bullguard because it may have been preinstalled when I bought the computer; MS OneCare just in case. Reboot after each.

No obvious change in firewall behaviour.

It’s starting to become less apparent why I posted in a help forum when everything seems to be working ???

Ha. Forget everything I said. It is the same.

Allowing the initial port 53 request opens pandora’s box. I assumed it was acting differently as I didn’t get the alert for DNS requests on the new machine.

Apologies for the oversight. Logic has been restored.