avast blocks nntp traffic

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have been using the new version of AVAST! for a few months and it
seemed okay.  Today it informed me of a program update which I allowed.
After rebooting the computer I could not access any newsgroups with my
newsreader.  Suspecting the new update, I stopped the program
monitoring for a few minutes and tried again.  This time my newsreader
got through.

I searched for the problem online and saw on the manufacturer's support
forum others reporting the same problem with older versions of the
program.  The solution is to disable NNTP scanning in the mail module
or to download the modified mail module from the support site.  The
provided link was not any good.  I did not install the mail scanning
module in the original installation and did not have any way to change
the settings since the options were not there for the mail module.

Sorry to say AVAST! was uninstalled from my computer and now I am using
MSIE.  I may go back to Avira again someday but I don't feel like
tweaking everything to stop the nag screen for now.

Re: avast blocks nntp traffic

badgolferman wrote:
Quoted text here. Click to load it

Did you mean Microsoft Security Essentials?

Re: avast blocks nntp traffic

FromTheRafters, 9/13/2011,9:34:51 PM, wrote:

Quoted text here. Click to load it

Yes, I did.

Re: avast blocks nntp traffic

badgolferman wrote:

Quoted text here. Click to load it

NNTP scanning, like e-mail scanning, is superfluous.  It changes when
malicious content gets detected but not if it gets detected.  I don't
bother installing several of the modules in Avast, including: mail
shield, P2P shield, and IM shield.  That leaves me with just the file,
network, web, and behavior real-time shields because those are all you
need.  The others are superfluous and simply bloat the product.

For now, I'm also not installing their script shield.  There are
programs that have scripts used within them to define their behavior and
their script shield interferes with them.  For example, the color scheme
employed by Windows Media Player is defined by a script that gets set to
select a value for the color theme but Avast's script shield interferes
with that internal script so WMP ends up with its default red color
scheme.  They thought they fixed it in a later release but it still made
WMP as red for some users.

Their webrep (web reputation) plug-in for web browsers is pathetic.  It
mimics the function of the WOT and McAfee SiteAdvisor toolbars.  The
idea is to show a rating for web sites found in a search or that you
visit but these ratings are out of date (bad sites haven't been rated
yet, bad sites that changed to be good are still listed as bad, and good
sites get listed as bad because enough users bitched about them but
their reviews show they obviously don't have the brains to really know).
It doesn't take too long when using WOT, SiteAdvisor, or webrep to see
that the vast majority of sites aren't rated and of the few that are
rated there are too many that are incorrectly rated.

Don't bother installing Avast and then disable all the superfluous
shields as that results in Avast bitching with a red tray icon and
notification in its GUI that it's not providing full protection.
Uninstall Avast and then do a *custom* install where you only select to
include the file, network, web, and behavior shields.

Re: avast blocks nntp traffic

VanguardLH, 9/14/2011,2:01:38 AM, wrote:

Quoted text here. Click to load it

I DID do that in the first place.  I never installed the mail, webrep,
IM shields because I don't use them.  Yet the update seemingly did not
recognize that and blocked NNTP traffic, without giving me a way to
undo the blocking.

Re: avast blocks nntp traffic

badgolferman wrote:

Quoted text here. Click to load it

Oops, missed in your starter post where you mentioned that you did not
install the Mail shield module.

In the past, I've probably had a couple occasions where there was a
problem with network connectivity but it was for all network access.
You state it was just for NNTP traffic (because you don't mention any
other protocol that got blocked, like pinging, HTTP, FTP).  I had to
reboot the computer to get Avast to stop blocking.  I've had the same
problem with about the same occurrence with other security products,
too, including some paid ones.  Something gets hung, causes some
interference, and having to force a fresh reload of the program gets it
working again.  Did you ever do a reboot after the Avast update?  If
that didn't help, did you do a reboot into Windows' safe mode, login,
and again reboot and login into normal mode?

What OTHER security products are you using?  For example, some users try
to incorporate Threatfire with their AV/firewall combo but run into
problems with it or with another security product.  Some security
products just don't get along with each other.  Sometimes the problem
gets traced back to trying to share the system hooks and either these
products don't like to share or the order in their chaining causes
problems.  While the generalization is that you can have multiple
security products installed if only one is active (i.e., running in the
background with its real-time or on-access monitors) and the others are
passive (not loaded until you do it manually when you want to run an
additional scan), some security products still dig in their system hooks
or run background processes although you configure them not to load on
Windows startup or on login, so apparently inactive products can still
interfere with the active one.  Sometimes you have to experiment with
the combo of security programs you want to use to see which will work
well together.

By the way, I visited the Avast forums and didn't see a bunch of posts
from users that got the latest update reporting that NNTP traffic got
blocked.  In the last week, one was not about an update problem but a
user that did a dirty install which resulted in connectivity problems
(all protocols, not just NNTP).  Another was a user that already had
problems between the AV and other programs and then went to Avast and
still had the same problems, so he didn't address the original problem.
Another was about a deliberately interrupted update and then there were
problems because Avast was in some limbo state.  Another user did a
fresh install of 6.0.1289 (latest) but that was the IS edition (AV plus
firewall) and the problem was with the firewall component.  Another
installed Avast *after* they got infected and expected a completely
clean and healthy host after installing Avast on a host already
corrupted.  I thought the 1289 update came out a few days ago but
looking at their forum for the last week of posts doesn't show anyone
complaining about losing just NNTP connectivity.

Re: avast blocks nntp traffic

On Wed, 14 Sep 2011 01:01:38 -0500, VanguardLH wrote:

Quoted text here. Click to load it

You can change the settings so it doesn't warn you about those disabled
shields anymore. Uninstall and custom reinstall isn't necessary.

--
s|b

Re: avast blocks nntp traffic

s|b wrote:

Quoted text here. Click to load it

But why install superfluous modules that you then disable and also have
to configure not to monitor?  If you don't install them in the first
place then you don't have to disable them and you don't have to
reconfigure the status monitor to ignore the disabled modules.  Why
throw cherries into your apple pie that you then have to remove so it's
just an apple pie?

Re: avast blocks nntp traffic

badgolferman wrote:

Quoted text here. Click to load it

If you get the paid version of Avira there is no nag screen; I know,
what an odd concept to pay for something that works. I don't have an
issue paying for a product that works as intended, but that's just me.

--
Sir_George

Re: avast blocks nntp traffic

On Tue, 13 Sep 2011 21:29:28 -0400, "badgolferman"

Quoted text here. Click to load it

I use this freeware firewall:
http://www.privacyware.com/PF_support.html

It blocks (the messages from) avnotify.exe (Avira)
 :-)

--
Fred W. (NL)

Re: avast blocks nntp traffic

On Tue, 13 Sep 2011 21:29:28 -0400, "badgolferman"

Quoted text here. Click to load it

If you want to give Avast another chance, take a look at the "Expert
Settings" under the Mail Shield tab. The Mail Shield may be redirecting
your NNTP traffic over the NNTPS (SSL) port 563 instead of the plaintext
NNTP at 119. If your box or your firewall or the corporate firewall or
the NNTP server or ... isn't happy with NNTPS then the connection will
fail. The Expert Settings tab will let you choose no encryption and the
regular port 119, which may restore your Usenet access.

--
Rich Webb     Norfolk, VA

Re: avast blocks nntp traffic

Rich Webb wrote:

Quoted text here. Click to load it

If the OP is being truthful, in his reply to my reply (and in his
starter post but I missed it as did you), he said that he did NOT
include the Mail shield in an install of free Avast.  So that
transparent proxy isn't there.  While other users were reporting the
NNTP block problem, the OP's description of their posts makes it clear
that they did install the Mail shield.  He did not.

For some reason, Avast is blocking only NNTP (well, that's what we are
to assume from the OP's mention of only NNTP traffic blocking) and
supposedly without the presence of the Mail shield.

However, since the OP has uninstall Avast (and went to MSE), there's
nothing we can do to troubleshoot the problem for him.  He changed the
environment *before* he even posted here so I'm not sure what he wants
us to help him with.  

Re: avast blocks nntp traffic

VanguardLH, 9/14/2011,2:30:53 PM, wrote:

Quoted text here. Click to load it

I posted to inform the group of the problem with the Avast update.  

Frankly I'm somewhat offended by the statement "If the OP is being
truthful...".  There's no reason for an insinuation like that.

I clearly stated in my original post I had not installed the mail
shield in the first place so there are no options to configure.  I also
said there were reports on the forum of older versions having the NNTP
blocked by the mail shield.  I also stated the computer had been
rebooted.

What else do you think I am not being truthful about?

Re: avast blocks nntp traffic

badgolferman wrote:

Quoted text here. Click to load it

I meant if what you said were true.  Better would have been to say "If
the OP is true" or "If the OP is correct".  Users often make assumptions
or conclusions that turn out incorrect/untrue.  Without the Avast
environment, there's nothing there to verify anymore so we can only make
guesses as to what happened.

Re: avast blocks nntp traffic

On Tue, 13 Sep 2011 21:29:28 -0400, badgolferman wrote:

Quoted text here. Click to load it

You could have simply unchecked the NNTP scan option... I don't see the
problem.

--
s|b

Re: avast blocks nntp traffic

s|b, 9/14/2011,11:02:22 AM, wrote:

Quoted text here. Click to load it

The problem is those settings are not available to me.  The mail shield
was never installed on the original installation and the program update
somehow enabled the NNTP blocking, but it never gives any setting to
disable it.

Re: avast blocks nntp traffic

On Wed, 14 Sep 2011 22:02:29 -0400, badgolferman wrote:

Quoted text here. Click to load it

Ah, I misunderstood. I just reinstalled XP with the latest version of
avast! Free Antivirus (a custom install where I unchecked Web Rep and
P2P Shield). In Mail Shield I unchecked NNTP (like always). Usenet works
fine.

--
s|b

Re: avast blocks nntp traffic

s|b, 9/15/2011,6:42:59 AM, wrote:

Quoted text here. Click to load it

But the secret is you actually installed the mail shield.  I never
installed it, yet the program update enforced its default settings
without giving me a way to disable them.  Bad design.

Re: avast blocks nntp traffic

On Thu, 15 Sep 2011 15:06:55 -0400, badgolferman wrote:

Quoted text here. Click to load it
 
Quoted text here. Click to load it

Must be a bug because I've done some updates and Mail or P2P were never
enforced. I will certainly check this when there's a new update.

--
s|b

Re: avast blocks nntp traffic

badgolferman wrote:

Quoted text here. Click to load it

So you're suggesting that Avast users encumbered with this NNTP blocking
problem uninstall Avast and then do a custom reinstall which includes
the Mail Shield so they can then adjust the NNTP settings.  If so, did
you try that?  I bet if you did, it still wouldn't have helped.  Since
the transparent NNTP proxy wasn't involved in your setup (because you
omitted the Mail Shield in the install of Avast), something else was
causing the problem.

Did you ever try uninstalling Avast, using their uninstall utility
(http://www.avast.com/en-gb/uninstall-utility ), and do a reinstall
(again without the Mail Shield) to see the NNTP problem went away?  I
haven't needed their uninstall utility so I don't know if it works if
you already used the normal uninstaller via Add/Remove Programs.  It
might want something of the program to exist rather than just go ahead
and cleanup and file and registry remnants left behind by a normal
uninstall.

So how's MSE been working for you so far?  I've used it on several hosts
but eventually decide it gets in my way too often.  During its updates
my host became almost unusable.  When it was scheduled for a scan, it
impacted my host so much that I had to stop the scheduled scan.  MSE
excels over both Avira and Avast to disinfect a host but only on the
pests that MSE can detect.  MSE has lower detection coverage than Avira
or Avast, so you're choice is better disinfection or better prevention.
I do daily full & incremental image backups as my means of recovery so
disinfection is a major concern for me, and if the pest doesn't get in
then I don't have to disinfect.  MSE is simpler to use and doesn't get
in the way as much as the more robust AV programs.  If MSE gives you the
security comfort level you like then keep using it.  If you want to
retry Avast in the future and you hit the same NNTP blocking (but all
other protocols are working okay) then come on back for help.

Site Timeline