Menu
EN
Support
AdGuard Blog AdGuard v7.13 for Windows: Encrypted ClientHello support and more

AdGuard v7.13 for Windows: Encrypted ClientHello support and more

May 19, 2023 4 min read

It's been a long time since we've had a blog post about AdGuard for Windows. It's finally time for a change, and for a good reason: we've released a new version, and it boasts significant improvements that are worth telling you about.

Experimental Encrypted ClientHello support

With this release, AdGuard for Windows gained 17(!) new low-level settings. Now, however, we will focus on only one of them: Use Encrypted ClientHello. Enabling this experimental feature will make your connection even more secure.

Use Encrypted ClientHello feature

ClientHello is the very first packet of an encrypted connection which contains the name of the server you are communicating with. This packet remains unencrypted, allowing the ISP to track which website you are accessing. Encrypted ClientHello (ECH) is a new technology that should solve this problem and encrypt the very last unencrypted bit of information.

AdGuard's Encrypted ClientHello support implementation

For the Use Encrypted ClientHello feature to work, Block ECH must be disabled and DNS Protection — enabled. And this is the main reason why we've enabled DNS Protection by default for all users, new and old ones. The thing is that ECH relies on data obtained through DNS, so in order for AdGuard to receive this data and enable ECH globally for users, DNS filtering is necessary.

Upon running AdGuard for Windows after a clean installation, DNS protection will be turned on with the system DNS server and AdGuard DNS filter enabled. The same will happen if you update the app with the DNS module disabled. However, if you update the app with the DNS module already enabled and configured, no changes will occur.

Note that Encrypted ClientHello technology can only work when supported on both client and server sides. Today, ECH support is implemented in a limited number of apps. Chrome and Firefox, for example, are in the process of adding it. Here we have no choice but to wait. But thanks to AdGuard, ECH support will automatically work in all apps and browsers on your device. As the Use Encrypted ClientHello feature is experimental, it may also lower your browsing speed a bit. But, we're currently working on solving this issue.

How to make sure ECH is working

  1. Enable the Use Encrypted ClientHello feature
  2. Go to https://crypto.cloudflare.com/cdn-cgi/trace/ and see if it says sni=encrypted

How to check if ECH is working

  1. Or go to https://defo.ie/ech-check.php and check if it says SSL_ECH_STATUS: success

How to check if ECH is on

New Advanced settings

We've already mentioned that the latest AdGuard for Windows update features a bunch of new low-level settings. Not all of them will be of use to you, but check them out so that you know what else AdGuard can do to make your Internet experience even safer.

All new advanced features can be divided into six groups:

  • Anti DPI options allow to modify packets at a low level during filtering to prevent tracking via deep packet inspection

    • Adjust size of fragmentation of initial TLS packet
    • Add an extra space to the plain HTTP request
    • Plain HTTP request fragment size

  • Keepalive settings allow to configure settings to work with keepalive connections

    • Enable TCP keepalive
    • TCP keepalive interval
    • TCP keepalive timeout

  • Filtering exclusion settings allow to exclude both Wi-Fi networks and particular subnets (specified in the CIDR notation) from DNS filtering

    • Exclude specified IP ranges from filtering
    • IP ranges excluded from filtering
    • Exclude specified Wi-Fi network names (SSID) from DNS filtering

  • DNS-related options allow to fine-tune DNS settings

    • Use fallback DNS upstreams
    • Use HTTP/3 for DNS-over-HTTPS
    • Query DNS upstreams in parallel
    • Always respond to failed DNS queries

  • Certificate security options allow to check certificates of websites and web services

    • Check websites' certificate transparency
    • Enable SSL/TLS certificate revocation checks
  • Enable filtering at system start-up. Now by default, AdGuard for Windows does not filter traffic after OS startup. If you want filtering to be performed even if AdGuard is not launched, you should enable this option.

For details on all Advanced settings, new and old ones, check out our Knowledge base.

In addition to the changes described above, we have done a lot of work: updated CoreLibs, DnsLibs, Scriplets, WFP and TDI drivers, fixed different issues and improved various features. The full changelog of AdGuard v7.13 for Windows is available on GitHub.

Liked this post?
May 19, 2023 4 min read Release notes AdGuard news
Anastasiia Fedotova Anastasiia Fedotova

Recommended articles
9,934 9934 user reviews
Excellent!

AdGuard for Windows

AdGuard for Windows is more than an ad blocker. It is a multipurpose tool that blocks ads, controls access to dangerous sites, speeds up page loading, and protects children from inappropriate content.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Mac

AdGuard for Mac is a unique ad blocker designed with macOS in mind. In addition to protecting you from annoying ads in browsers and apps, it shields you from tracking, phishing, and fraud.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Android

AdGuard for Android is a perfect solution for Android devices. Unlike most other ad blockers, AdGuard doesn't require root access and provides a wide range of app management options.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for iOS

The best iOS ad blocker for iPhone and iPad. AdGuard eliminates all kinds of ads in Safari, protects your privacy, and speeds up page loading. AdGuard for iOS ad-blocking technology ensures the highest quality filtering and allows you to use multiple filters at the same time
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard VPN

74 locations worldwide

Access to any content

Strong encryption

No-logging policy

Fastest connection

24/7 support

Try for free
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard Content Blocker

AdGuard Content Blocker will eliminate all kinds of ads in mobile browsers that support content blocker technology — namely, Samsung Internet and Yandex.Browser. While being more limited than AdGuard for Android, it is free, easy to install and still provides high ad blocking quality.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard Browser Extension

AdGuard is the fastest and most lightweight ad blocking extension that effectively blocks all types of ads on all web pages! Choose AdGuard for the browser you use and get ad-free, fast and safe browsing.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Assistant

A companion browser extension for AdGuard desktop apps. It offers an in-browser access to such features as custom element blocking, allowlisting a website or sending a report.
Read more
9,934 9934 user reviews
Excellent!

AdGuard DNS

AdGuard DNS is a foolproof way to block Internet ads that does not require installing any applications. It is easy to use, absolutely free, easily set up on any device, and provides you with minimal necessary functions to block ads, counters, malicious websites, and adult content.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Home

AdGuard Home is a network-wide software for blocking ads & tracking. After you set it up, it’ll cover ALL your home devices, and you don’t need any client-side software for that. With the rise of Internet-Of-Things and connected devices, it becomes more and more important to be able to control your whole network.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Pro for iOS

AdGuard Pro has much to offer on top of the excellent iOS ad blocking in Safari already known to the users of the regular version. By providing access to custom DNS settings, the app allows you to block ads, protect your kids from adult content online, and safeguard your personal data from theft.
By downloading the program you accept the terms of the License agreement
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Safari

Ad blocking extensions for Safari are having hard time since Apple started to force everyone to use the new SDK. AdGuard extension is supposed to bring back the high quality ad blocking back to Safari.
Read more
9,934 9934 user reviews
Excellent!

AdGuard Temp Mail

A free temporary email address generator that keeps you anonymous and protects your privacy. No spam in your main inbox!
Read more
9,934 9934 user reviews
Excellent!

AdGuard for Android TV

AdGuard for Android TV is the only app that blocks ads, guards your privacy, and acts as a firewall for your Smart TV. Get warnings about web threats, use secure DNS, and benefit from encrypted traffic. Relax and dive into your favorite shows with top-notch security and zero ads!
Read more
Downloading AdGuard To install AdGuard, click the file indicated by the arrow Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, drag the AdGuard icon to the "Applications" folder. Thank you for choosing AdGuard! Select "Open" and click "OK", then wait for the file to be downloaded. In the opened window, click "Install". Thank you for choosing AdGuard!
Install AdGuard on your mobile device