Comodo Firewall and Avast 7

I replaced several antivirus programs (used over time) with the portion of avast which covers the same sphere.
Data system protection.
It feels like the old programs, just better, with statefull.

I never installed all the other things. I just wanted an antivirus that detects things on my computer, and what i can use to scan new arrivals.

This situation has to be solved as soon as possible. And the firewall developer should take a look how their product can be bypassed by something like that.

I’m talking about the fact that the Avast web shield is allowing connections for applications, for which no individual rules exist. Basically, anything that wants out via TCP port 80, won’t be stopped, rules or not, providing avastsvc.exe has outbound access. I would, however, agree that the firewall(s) need to be looked at too.

Just adding my 2 cents worth in.
Avant 7 does indeed currently have issues that they are trying to resolve.
It may be safe to say the web shied issue is Avast’s issue and they need to resolve it.

I need to modify my earlier statement about this being solely an Avast problem. I’m in the process of tying other firewalls with Avast, to see which block and which don’t. So far, CIS and Windows 7 firewalls allow Avast to proxy applications, for which no rules exist, or which have received explicit blocks. Outpost 7.5 blocks the browser, when told to do so. I’ll try some more and retest tomorrow.

I mean the path is blank, with only a yellow folder icon on the left. You are correct that I often use the Purge function!

However, I would suggest that CIS adds Avast Software as a trusted vendor.


The thing isnt that avast isnt trusted.
It gets in both lists erased by purging because one of its parts is not “present” all the time. Not “present” things get purged.

In defense+ it is ok to use safe mode. There you get the avast file rule restored next time it becomes “present” again.
I use custom mode in firewall. In this case, if you purge the firewall list, the entry will be "re"created after you got a question, but not automatically.

Since i use avast, i remove things from the firewall list manually. It would be nice, if the avast file would be permanent “present”. Thats the point.

A couple of things. First, Avast is on the TVL. Second, avast.setup is a visualised file, that is, it doesn’t exist anywhere with that name. This is why, when you run purge, CIS can’t reconcile the entry with anything physical and hence offers it for removal. By the way, it helps to look at he the files the purge option offers for removal, before actually accepting.

Sorry, I forgot that avast is actually from Alwil Software. Thats why when I looked for avast software in the TVL it did not exist.


Initial results of testing the ability of firewalls to block requests from browsers and to a lesser extent, other applications, when Avast Web Shield is enabled, is as follows:

Windows 7 Firewall - Fail
CIS firewall - Fail
Outpost 7.5 - Pass
Online Armor Premium - Pass
PCTools IS - Pass

In brief:

  1. Clean Image (not virtual)
  2. Install firewall - reboot
  3. Install Avast 7 - reboot
  4. Test Web shield is working
  5. Connect to any site with a browser
  6. Block the browser in the firewall
  7. Attempt to connect to any site with a browser
  8. Disable Web Shield
  9. Attempt to connect to any site with a browser

CIS and Windows 7 firewall fail at step 7, that is, it’s possible to connect to any non-https site, when there is a rule blocking the browser from making any outbound connections. The connection is allowed vis the AvastSvc executable.

On the face of it, it looks like a bug in the firewall, so I’ll create a full bug report. If anyone has anything to add, please post.

[attachment deleted by admin]

On the face of it, it looks like a bug in the firewall, so I'll create a full bug report. If anyone has anything to add, please post.

Thanks Radaghast,

I hope that Comodo will do something about this soon! This is an critical issue!

Just two thoughts to share, in case they are worth anything:

  • It sounds to me as though there might be two Comodo related issues… a) that a block rule does not work, b) that Comodo thinks and logs that it worked.

  • I don’t know how Comodo and Avast hook into the stack, but over the years I can recall running into some install order dependent issues involving software that hooks the stack. Both Avast and Comodo developers will probably immediately know whether that could be able to come into play here, but I thought I’d mention for those who are exploring the issue.

So what version is your CIS?

[attachment deleted by admin]

Click the ‘Vendors’ row at the top of the list and start typing Avast…

Hi Radaghast, my CIS is Comodo Firewall, Product Version 5.9.221665.2197. If I type avast in the Vendors tab it does not show up. The attachment that I’ve uploaded is the list of vendors arranged in alphabetical order and it can be seen that there is not avast.

So why is that?..

Try Caps

[attachment deleted by admin]

OK, got it. Thanks.

Ok, first of all, sorry if this comes across as hijacking brightness’ thread. I’d start one of my own, but I just saw that a previous thread about the conflict between Comodo and Avast got locked in favour of this one.

I’m somewhat of a noob when it comes to computer security, but what I’ve read in this thread and others, including on the Avast forums, has me worried. Basically, I’m just looking for some kind of clarification as to what’s going on. I’ve read the relevant threads, including this one, and I’m still confused. I’ve seen people seeming to say Avast’s webshield can stop Comodo’s firewall from working, leaving my computer exposed to attack, and also that AvastSvc.exe can create a loophole in the firewall?

I’m currently running Windows XP with Avast! Free Antivirus 7 and Comodo 5.9.221665.2197 (including Defense+). I currently have webshield running. I also checked what applications Comodo’s set to allow through, by going to Firewall → Network Security policy → Application Rules tab, and there’s nothing there about AvastSvc.exe. However, avast.setup is set to “Allow IP Out From MAC Any To MAC Any Where Protocol Is Any”, whatever that means.

Basically, my question is: how secure is my PC at the moment, and what can I set Comodo and Avast to, to make it as secure as possible? Sorry if this comes across as a stupid question; like I said, I don’t really know much about this sort of thing, and I’m just trying to get some sort of clarification. :slight_smile:

@ Radaghast

Currently running Avast! 7 ( all shields enable. no autosandbox ) and CIS ( Fw in Custom mode & D+ in Paranoid with Sandbox ) Also as my sig says XP Pro Spk 3.

This behavior is not present in my system. I can block any application, browsers included, if I blocked them in the firewall. It must be a W7 related, any Vista reported with this problem ?

At Randomer

The reports are about the web shield.
As the next poster pointed out, some systems may not show this problem.
Personally, i would disable the web shield until the problem is cleared.

If you ask yourself if you arent safe without a web shield of an antivirus, you would be unsafe with the most of the antivirus programs out there :wink: . Unlikely.
Also you use comodo defense+ (i assume).