Firewall Logging Anti-virus events as blocked.

Since using V3, the Firewall Events Log keeps showing activities of ashWebSv.exe (the web scanning component of Avast) as being blocked. Checking the On-Access Control Pane of Avast indicates that the web scanner is working.

Source and destination of some events logged by Comodo are sites I’ve visited, such as this forum and Google.

I have set Avast exe files to be allowed any in or out activity.

Has anyone else noticed this? Why would these events be logged?

As I said, I’m using Avast anti-spyware
My O.S. is Windows XP Home Edition

These should be inbound connections that are blocked, mostly from port 80 of known and some unknown addresses, so have no effect on ashwebsv. Source seems to be some controversy, but leaving them blocked seems to cause no problems. To get them out of the system log, I added a rule ahead of the block and log under firewall/advanced/network securtiy policy/system (for inbounds to system idle process" and /ashwebsv that says “block/in/tcp/any/any/any/http ports” and the intrusion counter stopped counting them and the log stopped logging them.

All Source IP addresses are sites I’ve visited. The destination IP is a black hole (192.168.254.1).

Thank you for your input sded.

Many of my incoming were from unknown addresses, probably connected in some way with the main sites visited. 192.168.254.1 is a router LAN address-what is yours? Mine (192.168.1.1) shows up as the local address in the log.

sded

My IP is similar to 192.168.254.254

I’m not sure I understand your statement

"block/in/tcp/any/any/any/http ports"
I understand how to create rules, but I'm having a problem with your wording (it's probably me, not you).

What if I just block destination IP 192.168.254.254?

Thanks again for your time.

Typo in Rule; source and destination ports are reversed. Should be

Block
Protocol TCP
Direction In
Source Address Any
Destination Address Any
Source Port HTTP Ports
Destination Port Any

You probably don’t want to block everything coming into your router-don’t know how this will affect the implicit Comodo rules. Give it a try though and see what happens. :wink:

Thanks again sded.

I’ve added the following rule, as suggested by sded to prevent unnecessary log entries of Anti-Spyware activity (see original post);

Block Protocol TCP Direction In Source Address Any Destination Address Any Source Port HTTP Ports Destination Port Any

It did indeed block logging without any problem.