CFW fails to block HTTP connections with Avast 7 - Update [V6][M198]

[Note from Mod - it’s all here but in bits, please see referenced 5.x bg reports and diagnostics from another user. Did not have the heart to insist on more from Radghast, who has been a stalwart. So forwarding to format verified]

CIS Firewall fails to block outbound browser connections to non-encrypted sites even when the application has been explicitly blocked. The problem would seem to be related to the Avast 7 Web-Shield, which acts as a proxy for connections over TCP port 80. If the shield is enabled, any application that uses this combination of protocol and port can connect, even when no firewall rule exists, or the application has been explicitly blocked.

A. The bug/issue - Firewall fails to block certain connections with Avast 7 Web-shield enabled.

  1. What you did

  2. What actually happened or you actually saw::

  3. Install a clean Windows 7 x64 system

  4. Install CIS V6.0 - No AV/GB/DNS

  5. Change firewall to Custom Policy Mode

  6. Change Alert Frequency to Very High

  7. Ensure ‘Create rules for safe applications’ is NOT checked

  8. Ensure ‘Do not show popup alerts’ is NOT checked

  9. Remove default firewall rules

  10. Reboot

  11. Allow rules to be created for svchost and System as required

  12. Install Avast 7

  13. Reboot

  14. Create Outgoing only rules for the Avast components

  15. Make sure the Web-Shield is functioning

  16. Open any browser and allow firewall rules to be created as required

  17. Make sure there are no browser rules for HTTP

  18. Make a connection to any non-encrypted site

  19. What you expected to happen or see:

Without a browser rule for HTTP, I would have expected the connection to fail

  1. How you tried to fix it & what happened:

Tried various ways of blocking the connection, from a complete ‘block all In/Out’ scenario, to more explicit blocking of the actual connection, which is:

TCP - Out - From 0.0.0.0 - To 127.0.0.1 - Any - 12080

Also tried blocking everything to the loopback zone in both Application and Global rules.

  1. If its a software compatibility problem have you tried the compatibility fixes (link in format)?:

It’s an issue that’s been known since Avast 7 was released at the beginning or 2012

  1. Details & exact version of any software (execpt CIS) involved (with download link unless malware):

Windows 7, x64, SP1 + Hotfixes
Avast 7.0.1474

  1. Whether you can make the problem happen again, and if so exact steps to make it happen:

It’s reproducible always.

  1. Any other information (eg your guess regarding the cause, with reasons):

Local Proxy connections are not blocked.

B. Files appended. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues):

See:

Original thread - Comodo Firewall and Avast 7
Original bug Report - CIS Firewall fails to block connections for blocked applications with Avast 7
New Version 6 thread with updated information - Avast bypass

Hi Radghast.

I realise you’ve reported this before,so tis is a bit of an ask, but this is a new major version, so would you mind filling in section C which will have changed in some respects, and appending a diagnostics report, which QA is requiring for CIS 6.0.

Many thanks in anticipation

Mouse

Sorry Mouse, nothing personal.

I think all the answers are available, however as far as a diagnostics report, it’s something I’d have to generate after I reinstall all the software, which I don’t have time to do now. If the report cannot be submitted as is, it will have to wait until someone else cares to take the time. Personally, I don’t believe it’'s a bug, I also don’t use Avast, I just do these things as a service.

That’s OK. Your reports are always well researched so as there is a prior report I think I can forward it, just a bit more work for QA to put the bits together.

I try to save them work when I can.

Mouse

Here is a system diagnostic file experiencing the same problem as bug report claims but with windows 8 x64 pro
May this will do… attached…I use avast 7. and it’s definitely a big hole.

[attachment deleted by admin]

Thank you very much for your report in standard format, with all information supplied (if in bits :slight_smile: ). The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

Mouse

Hi Radghast

Do you mean:

CIS Firewall fails to block outbound browser connections to non-encrypted sites even when the application has been explicitly blocked.

Just checking.

Mouse

Apologies, that is a typo, it should be non-encryptrd sites (HTTP not HTTPS)

Thanks, Radaghast

Mouse

Remains the same in 2708.

Tracker updated

Can you please check and see if this is fixed with the newest version? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Can you please check and see if this is fixed with the newest version (6.2.282872.2847)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

Can you please check and see if this is fixed with the newest version (6.3.294583.2937)? Please let us know whether it is fixed or you are still experiencing the problem.

Thank you.

PM sent.

The devs have been unable to replicate this issue, and as there has been no response confirming that the problem still exists they are assuming that this is fixed for CIS version 7.0.313494.4115. I will therefore move this to Resolved.

If this is still not fixed for you please both respond to this topic and send me a PM (including a link to this bug report).

Thank you.