-
-
Notifications
You must be signed in to change notification settings - Fork 497
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regarding Avira Antivir updates... #136
Comments
I'm glad you brought up this issue as I too was just experiencing this exact same situation when trying to compile and run a Go source file that required network access. With Go, issuing "go run example.go" produces several temporary folders in the form of:
Where XXXXXXXXX is a random number. So every time Go created these temporary folders—one containing the executable which was run—simplewall would work as intended and always notify of me of network activity, however, I could never whitelist the executable as XXXXXXXXX would always change for every run so I ended up having to uninstall simplewall's filters while I was working with Go. Fortunately for Go there is a workaround but it got me thinking about how to improve simplewall's handling of these types of situations. The best solution I could come up with would be for simplewall to allow users to add folders as "Allowed apps"/"Blocked apps" and also incorporate the use of a wildcard (*) or Regex. Some examples: This would whitelist all files in the immediate folder "Temp":
This would whitelist all files in the immediate folder "Temp" along with any sub-directory (at any depth) beneath it:
This would whitelist any file named "example.exe" in any sub-directory (at any depth) beneath "Temp":
This would whitelist all files in the immediate folder "go-build*\" (go-build\, go-buildABC\, go-buildXYZ\, ...):
This would whitelist all files in the immediate folder "go-build*\" (go-build\, go-buildABC\, go-buildXYZ\, ...) along with any sub-directory (at any depth) beneath it:
So for my particular situation, it would've been nice to whitelist something like the following:
|
Are you still experiencing issues? I was about to try out allowing the domains listed here for all apps. but then found out that the update process went fine. I currently have all Avira processes, except for avcenter.exe and fact.exe set to allowed. |
nope, these domains listet there are very old and not true (at least for my instance and country). I had to manually check the firewall logs to get the domains that got blocked and then whitelist them globally. avira also makes a difference between manually initiating an update and letting it automatically update. one might work, while the other doesn't. so, it works that way, but the solution is bad. instead of allowing IPs globally it would be much better to whitelist processes following a pattern or subdirs. |
That may be true, but afaik that's a limitation of Windows Filtering Platform and not of simplewall. |
Personally I don't know if I'll need them, but I see that you haven't posted the list of domains you have had to whitelist. Perhaps it's useful for more people if you post them here. |
@ltguillaume hm i don't know if WFP is the bottle neck.. maybe @henrypp could tell us. it doesn't make sense to post static IP addresses here for other users, because:
The only advice i could give atm is, look for yourself: everytime Avast wants to update, simplewall shows one or more popups.. instead of allowing or blocking those, copy the current pending IP address into a global allow rule. if you missed an IP check the Firewall log (enable it if necessary). it seems to be about 5-10 different IPs depending on the update methods (manually or automatically). |
You're right, sry, I misunderstood. I thought you used domain names instead
of resoped IP's.
The way you describe is the way to go then, yeah. I'll try to keep up
without global rules, though, see for how long it works.
|
No wildcards will be in simplewall, ever.
IP are different because Avira used CDN and all country are different update IP's. and, oh jesus, you can open simplewall logs and see where updaters connects, then create rules (or do the same from notification window). |
@henrypp why not? if programs demand for features like wildcards, why stick without them? of course it's possible to circumvent the problem by applying global ip rules. |
@tokariu AFAIK it's simply not possible with the sort of rules that can be created for the Windows Filtering Platform. |
@ltguillaume idk, if that's the reason, than we probably have to accept it. |
Avira's getting slower and slower, the update process upon boot takes ages, and its advertising is annoying as hell (BgPKiller doesn't work anymore). I recently fixed someone's system that was completely riddled with useless software by Avira, because of the aggressive advertising, he couldn't even send e-mails anymore because of an Avira bug and every single click lead to a browser window with some Avira ad page (note: the system was not infected by the know Ame.Avira Redirect Virus). I really recommend Avast! (again, now that it's improved tremendously in terms of bloat, modularity and advertising) or Kaspersky. |
@xEBFE what workaround, please? |
@frederikhors, for my particular situation I needed a way to compile/run a *.go file directly from Notepad++. That is where the NppExec plugin came into play. Unfortunately, if there was code within the *.go file that would trigger network activity, I could not use a NppExec script such as the following:
As that's where it runs into the issue of the temporary build directory and simplewall crying about network activity (as outlined in my previous post). To work around this issue, instead of calling "go run" directly, I would call "go build" directly and (if the build was successful), directly execute the compiled binary. As windows will only execute the command after the "&&" if the first part doesn't fail.
This way, the binary will always be produced in the same directly as "go build" was called in (and not a temporary directory as "go run" does). So, the first time I issue this NppExec script simplewall will cry about network activity, but I can allow (whitelist) the resulting binary, and re-run the script as often as necessary from within Notepad++ as I make changes to the *.go source code without further prompts from simplewall. |
I have developed a simple utility to aid this problem by automatically parsing your packet log and creating allow rules for all IPs of a given process name (which doesn't need to be a full path 😉). This works wonders with the infamous Visual Studio and Docker updaters. You can find it here: https://github.com/ViRb3/simplewall-utils |
Great initiative! This should be a native feature, though, especially since the same thing happens for Microsoft Defender. |
Agreed. Would be usefull for all the aplications that change folders with every update to have some sort of wildcard feature available. |
We already had an opened issue regarding Avira updates here: #114
the problem was, that Avira randomly generates update.exe in different folders and therefor simplewall always blocks or asks the user for permission, otherwise no updates get installed.
randomly update.exe's are generated in:
where ****** is completely random.
in previous issue-114 the mentioned solution was to look up the IP addresses of Aviras update server and allow them globally.
This idea is not very good, because Avira deploys their updates via akamai/aws and other CDNs and their IPs change frequently (despite telling differently in their FAQ from the year 2010), rendering global IP whitelistings useless.
The best solution would be to implement wildcards for apps, or create app-rules for all programs within a selected folder.
unfortunately, simplewall doesn't allow the selection of folders or wildcards/patterns when adding apps to the list.
But I found a working solution in a clumsy workaround:To get Avira updates working without the need of whitelisting global IPs every few days, I added the Folder:as an App to the simplewall app-list. However, simplewall doesn't allow adding folders to the applist via it's menues/GUI.The solution was to export the apps.xml (via File -> Export -> apps.xml), then edit the file with a text editor manually and replace:with:then import the app-list again with: File -> import -> apps.xmlThat way, you have a Folder as an App in your simplewall applist and you can apply firewall rules to the Folder and all it's containing programs, even if they are randomly named and generated.It seems to work for me this way, but maybe someone else can verify that it also works for him/her.regarding simplewall, I wish we could add wildcards or folders directly from the UI to solve these situations, maybe there is a way to implement that feature?
EDIT:
It turned out that it doesn't work. You can have a folder as an App in your simplewall app-list, but it doesn't work for the containing .exe's.
Therefor we are more than ever in the need of a wildcard/folder-whitelisting solution.
The text was updated successfully, but these errors were encountered: