Avast real site bypasses firewall dns



  • Hello! Am wondering if there is any way to force avast real site (or any other software for that matter) to respect the firewalls dns. I used this guide to force all requests to the firewall https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html but avast real site still bypasses it. Thanks in advance!


  • LAYER 8 Global Moderator

    Turn it OFF in avast... That is a feature of that software to send dns to their dns servers via tls..

    https://support.avast.com/en-us/article/188/
    To disable Real Site, go to Protection ▸ Real Site, click the ON slider, and select a listed time duration. The slider then switches to OFF. We do not recommend you turn this feature off permanently by selecting the Stop indefinitely option.



  • Hello! thanks for answering! Although I know that if I turn it off my dns will work fine, the point is to force every client who may use avast real site or any other software like this to use the firewalls dns. I don't understand really why my nat rule doesn't do that already with avast.



  • I'd just not use Avast:-

    https://www.grc.com/sn/sn-744.htm

    "Steve: Uh-huh. Yeah. The Avast Online Security, Avast SafePrice, AVG Online Security, and AVG SafePrice extensions have all been pulled from the Mozilla add-on repository after they were found to be silently collecting far more user-identifiable data than was required to do their jobs"



  • @arch1tect You may have to use something like Group Policy or at least user or registry permissions, depending on your environment, to control access the the Avast settings.


  • LAYER 8 Global Moderator

    Yeah this touches on a hot topic right now to be honest.. Applications attempting to use dns that is not what the OS points to.. That they "call" it a security practice is nonsense plain and simple...

    Taking control away from using the locally set dns is not going to be good for anyone - other than the people running the NS being pointed to.

    Application(s) that overwrite what the OS says to use for dns is pure BS...

    If an application wants to validate it has internet access and wants to query for something - sure, use OS assigned dns.. Or sure if you want to ping some IP like 8.8.8.8 or something.. Sure - but trying to circumvent the OS assigned dns is not a direction these companies should be going..


Log in to reply