CIS Firewall fails to block connections for blocked applications with Avast 7

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

CIS Firewall fails to block outbound browser connections to non-https sites when the application has been explicitly blocked. The problem would seem to be related to the Avast 7 Web-Shield, which acts as a proxy for connections over TCP port 80. If the shield is enabled, any application that uses this combination of protocol and port can connect, even when no firewall rule exists, or the application has been explicitly blocked.

A. The bug/issue - Firewall fails to block certain connections with Avast 7 Web-shield enabled.

  1. What you did

  2. What actually happened or you actually saw::

  3. Install a clean Windows 7 x86 system (not virtual)

  4. Install CIS - No AV

  5. Switch to Proactive Mode - disable sandbox

  6. Change firewall to Custom Policy Mode

  7. Change Alert Frequency to Very High

  8. Ensure ‘Create rules for safe applications’ is NOT checked

  9. Ensure ‘Do not show popup alerts’ is NOT checked

  10. Remove default firewall rules

  11. Reboot

  12. Allow rules to be created for svchost and System as required

  13. Install Avast 7

  14. Reboot

  15. Create Outgoing only rules for the Avast components

  16. make sure the Web-Shield is functioning

  17. Open any browser and allow firewall rules to be created as required

  18. Make a connection to any non-https site

  19. Make sure the connection is being proxied through Avast web-Shield

  20. Remove the firewall rule for the browser

  21. Open the browser and at the first alert select ‘Blocked application’

  22. When the browser has opened enter a URL to any non-hhtps site

  23. The connection succeeds even though the application is blocked.

  24. Check the connection status and observer AvastSvc.exe making the connection.

  25. What you expected to happen or see:

With the application explicitly blocked, I would have expected the connection to fail.

  1. How you tried to fix it & what happened:

Tried various ways of blocking the connection, from a complete ‘block all In/Out’ scenario, to more explicit blocking of the actual connection, which is:

TCP - Out - From 0.0.0.0 - To 127.0.0.1 - Any - 12080

Also tried blocking everything to the loopback zone in both Application and Global rules.

  1. If its a software compatibility problem have you tried the compatibility fixes (link in format)?:

Not sure there are any, Avast 7 is too new.

  1. Details & exact version of any software (execpt CIS) involved (with download link unless malware):

Windows 7, 32 bit, SP1
Avast 7.0.1407

  1. Whether you can make the problem happen again, and if so exact steps to make it happen:

It’s reproducible always.

  1. Any other information (eg your guess regarding the cause, with reasons):

This is not the only instance of the firewall failing to block certain connection types. The IPv6 problems have already been reported. However, I suspect this is a slightly different issue, more akin to TCP hole punching.

B. Files appended. (Please zip unless screenshots).

  1. Screenshots of the Defense plus Active Processes List (Required for all issues):

Done.

  1. Screenshots illustrating the bug:
  2. Screenshots of related CIS event logs:

See - Re: Comodo Firewall and Avast 7

  1. A CIS config report or file.
  2. Crash or freeze dump file:
  3. Screenshot of More~About page. Can be used instead of typed product and AV database version.

Done.

C. Your set-up

  1. CIS version, AV database version & configuration used:

CIS Premium 5.9.221665.2197, Proactive config

  1. a) Have you updated (without uninstall) from from a previous version of CIS:
    b) if so, have you tried a clean reinstall (without losing settings - if not please do)?:

Clean Install.

  1. a) Have you imported a config from a previous version of CIS:
    b) if so, have U tried a standard config (without losing settings - if not please do)?:

Clean Install.

  1. Have you made any other major changes to the default config? (eg ticked ‘block all unknown requests’, other egs here.)
  2. Defense+, Sandbox, Firewall & AV security levels: D+= , Sandbox= , Firewall = , AV =
  3. OS version, service pack, number of bits, UAC setting, & account type::

Windows 7 x86 SP1
UAC - Default - Notify me only when programs try to make changes to my computer
Account type - Both Standard user and Administrator

  1. Other security and utility software currently installed:

Avast 7.0.1407

  1. Other security software previously installed at any time since Windows was last installed:

None - Clean Install

  1. Virtual machine used (Please do NOT use Virtual box):

None.

Others are reporting similar findings:

Comodo Does not work with Avast 7!

[attachment deleted by admin]

2

Thank you very much for your bug report in standard format. We very much appreciate the effort you have made to document this bug.

We are sorry to trouble you further but there is one item of information missing or unclear in your post

  • Your UAC setting

The reasons we need these items of information, though they may not seem directly relevant to the issue are explained here.

We would be very grateful if you would add these items of information so we can forward this post to the format verified board, where it is more likely to get fixed. You can find assistance using red links in the Format and here. If you need further help please ask a mod. If you do not add the information after a week we will forward this post to the non-format board. If this happens we will tell you how to rectify this if you wish to.

In the current process we will normally leave it up to you whether you want to make a report which includes all necessary information or not. We may remind you if we think a bug of particular importance.

Many thanks again

Mouse

3

I’ve add the missing information.

4

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again

5

Please nite that some firewalls from other vendors handle this correctly:

See this link: https://forums.comodo.com/firewall-help-cis/comodo-firewall-and-avast-7-t82382.0.html;msg588619#msg588619