Problems with AVs - Githubissues

basil00 / WinDivert

WinDivert: Windows Packet Divert

https://reqrypt.org/windivert.html

Other

2.46k stars 500 forks source link

Problems with AVs #42

Closed filipevserra closed 9 years ago

filipevserra commented 9 years ago

I'm having a issue when I try to use passthru with the AVG Internet Security and Avast. Calling the passtrhu with the line: passthru.exe "outbound and (ip || ipv6) and tcp and tcp.PayloadLength > 0" 1 with AVG installed and updated, I can't access any site anymore. And with Avast, I can't access my e-mails through Thunderbird.

Analysing the windivert.c, I've notice that the callback for the function FwpsInjectNetworkSendAsync0 is getting a C000021B error on status.

I think that's everything ok with WinDivert, but I can't reproduce the same behaviour with WFPSampler from Microsoft.

I've alread contacted the AVG and Avast support for this problem.

The people in Avast is now analysing the problem, but didn't found any problems yet.

Is anybody having this problem too?

Thanks.

basil00 commented 9 years ago

Thanks for the report. Could be related to #41 (the OP also mentioned AV software)?

C000021B means STATUS_DATA_NOT_ACCEPTED, which can be causing if the other driver is blocking the traffic, IIRC. It can also be caused by other things.

filipevserra commented 9 years ago

Hi. Yes, it could be related. I'm trying to contact the AV developers to give us a help with this problem. I thing that maybe something in AVs WFP is blocking our packet reinjection. In AVG I've opened an issue about this problem http://forums.avg.com/br-pt/avg-forums?sec=thread&act=show&id=8526#post_8526 In Avast we tried a contact by email, and they're analysing the problem too. Thanks!

basil00 commented 9 years ago

From the recent AVG release notes (2015.5961 HOT FIX 5):

Fixed issue with Firewall blocking internet access when Banco do Brasil software (WinDivert) is installed.

So the problem has been fixed I assume.

Also anyone know what the Banco do Brasil software is?

filipevserra commented 9 years ago

Banco do Brasil has a security module called Warsaw that made use of Windivert. https://seg.bb.com.br/home.html#en

TechnikEmpire commented 8 years ago

FYI same type of conflict exists with Bitdefender firewall. Can't have anything that uses WinDivert running while the Bitdefender firewall is enabled. Doesn't matter much to me, just saw this thread and figured I'd notify.