Win7x64 + CFW 5.12 + Avast6 Redirection = blocking problems(?)

Hello. I am seeing unexpected outbound blocking behavior with Win7x64 + CFW 5.12.256249.2599 + Avast6. I thought earlier versions of CFW 5.x weren’t affected by Avast6 style redirection. I think I tested that myself last year. I recently allowed an automatic update to 5.12 and it was afterwards that I first saw something odd. I haven’t yet nailed down the unexpected behavior in regards to well known browsers. To start, I’ll just describe the unexpected telnet behavior.

If earlier versions of CFW 5.x weren’t confused by Avast6 type redirection on Win7, and CFW 5.12 is confused by Avast6 type redirection on Win7, this telnet behavior would make sense to me. I’d like to run this past you guys for confirmation and comments though. Thanks. Edit: This is not an April 1 prank btw.

Windows 7 x64 SP1 settings…
Windows Firewall disabled for home/work and public networks

CFW 5.12.256249.2599 settings…
Firewall Security Level: Custom Policy
Firewall Alert Frequency Level: Very High (for testing)
Create rules for safe applications = disabled
Enable alerts for X = all enabled
Monitor NDIS protocols other than TCP/IP = enabled

Avast 6.0.1367 settings…
Webshield = started
Enable web scanning = enabled
Scan traffic from well-known browsers only = disabled
Use intelligent stream scanning = enabled

Test sequence…

Restart OS
Login as user with administrator privledges
Establish Internet connection via wireless
Wait a couple of minutes to let startup related network activity die down
Start Wireshark
Run cmd.exe which will be used to run telnet
Run cmd.exe as administrator which will be used for netstat -a -b

Set telnet.exe CFW rule to: blocked application, apply and exit out

telnet remotehost 80
No CFW prompt as expected
telnet connects to 127.0.0.1:12080
Type the word “get”, without quotes, into telnet to simulate beginning of
legitimate http request
AvastSvc.exe opens connection with remotehost 80
Test Result: CFW didn’t block telnet as expected

telnet remotehost 22
No CFW prompt as expected
telnet is blocked (see Note1 below)
Test Result: OK I think

Set telnet.exe CFW rule to: “Ask, TCP or UDP, In/Out”, apply and exit out

telnet remotehost 80
CFW alert, telnet.exe connecting to 127.0.0.1:12080, chose Block this request
telnet connects to 127.0.0.1:12080
Type the word “get”, without quotes, into telnet to simulate beginning of
legitimate http request
AvastSvc.exe opens connection with remotehost 80
Test Result: CFW didn’t block telnet as expected

Enabled Webshield “Scan traffic from well-known browsers only” option and
restarted Web Shield to be safe

telnet remotehost 80
CFW alert, telnet.exe connecting to remotehost:80, chose Block this request
telnet is blocked (see Note1 below)
Test Result: OK I think

Note1: In these blocked scenarios, I see no SYN to remote host but I do see
what appears to be locally generated/forged RSTs from remotehost. I’m
assuming this is “normal” but am not certain about that at this point.