Why Avast Causes TCP Timeout Errors in Chrome
Avast Premium Security’s Firewall implements a behavior-based detection system that monitors for unusual connection patterns. Chrome’s HTTP/2 connection pool creates multiple simultaneous TCP connections to different CDN endpoints during page loads. Avast’s firewall may interpret this pattern as a potential intrusion attempt and temporarily block Chrome’s outbound connections, causing the TCP handshake to timeout.
Avast also implements a Web Shield that scans HTTPS traffic. When the Web Shield’s cache is full, it may delay the TLS inspection of new connections, causing the TCP handshake to timeout before Avast completes its scan and allows the connection to proceed.
Resolving Avast-Induced TCP Timeouts
Adding Chrome to Avast’s Trusted Applications
Open Avast → Settings → Protection → Firewall → Application rules. Find Google Chrome and set the Access to Allow and the Internet access to Allow. If Chrome is not listed, click Add application and browse to C:Program FilesGoogleChromeApplicationchrome.exe.
Disabling Avast Web Shield HTTPS Scanning
Open Avast → Settings → Protection → Core Shields → Customize → Web Shield. Uncheck Enable HTTPS scanning. This prevents Avast from intercepting Chrome’s HTTPS connections, eliminating the delay that causes TCP handshakes to timeout.
Excluding CDN IP Ranges from Avast Firewall
Open Avast → Settings → Protection → Firewall → Packet rules. Add an Allow rule for the following IP ranges: 104.16.0.0/13 (Cloudflare CDN), 13.224.0.0/14 (AWS CloudFront), 172.217.0.0/16 (Google CDN). This prevents Avast from blocking CDN connections that are essential for web pages to load.
Call to Action
Use the webs.ninja gateway to run a TCP handshake latency diagnostic with Avast temporarily disabled. If the diagnostic shows successful handshakes without Avast, apply the trusted application and HTTPS scanning disable fixes above.