Author Topic: Avast automatic updates disabled, attempts to access Internet, huge memory usage  (Read 2512 times)

Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
I have Avast set up for manual program and definition updates only. It must ask my permission to connect to the Internet for all reasons. I am not participating in the "avast! community", and thus, under all of this, Avast should not be attempting to connect to the Internet for any reason unless I specifically request it to update.

However, silly me trusted Avast to not connect without asking me first, and I set up ZoneAlarm to allow Avast access to the Internet.

This morning I found my computer slowed to a crawl. The Windows XP Task Manager reported AvastSvc.exe using from 100MB to 200MB under Mem Usage and around 470MB under VM Size, which is abnormal for idle operations - the respective values should be 25MB and 10MB. I double checked the Avast graphs, which reported no activity at the time.

I have since denied Avast access to the Internet, requiring ZoneAlarm ask me first. Right now, the ZoneAlarm logs report 13 attempts by AvastSvc.exe and four attempts by AvastUI.exe to make outgoing connections today. It's not supposed to be making connections to the Internet for any reason, and yet it continues trying.

I had to cold boot my computer to stop it from making its outgoing connections and using this extreme amount of memory, as restarting through the Start menu wouldn't restart until AvastSvc.exe was finished doing whatever it wasn't supposed to be doing. Ever since, memory usage has returned back to normality.

I won't be allowing Avast to access the Internet for any reason (which should only be program and definition updates) until this is resolved.

1) Why does Avast need to connect when I don't want to update right now?
2) Why would it be using insane amounts of memory when it's supposed to be idling?

Thanks!

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21789
  • Gender: Male
    • Personal Message (Offline)
what avast version do you have     7.0.........?
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
I'm running program version 6.0.1367, as reported by the UI under Maintenance -> Update.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21789
  • Gender: Male
    • Personal Message (Offline)
try latest  7.0.1426
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
I'll await a response solving this problem first. Upgrading to a new version won't necessarily solve the problem if the problem still exists in the new version. I still want to know why Avast is trying to connect when I haven't requested it to, and why it's using a crazy amount of memory when it's connecting without a purpose.

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21789
  • Gender: Male
    • Personal Message (Offline)
There have been many bug fixes since your version...
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Gopher John

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1399
  • Gender: Male
    • Personal Message (Offline)
I'll await a response solving this problem first. Upgrading to a new version won't necessarily solve the problem if the problem still exists in the new version. I still want to know why Avast is trying to connect when I haven't requested it to, and why it's using a crazy amount of memory when it's connecting without a purpose.

AvastSvc.exe acts as a proxy.  Any attempt by a browser and many other programs are routed thru AvastSvc.exe, so that is likely what you are seeing there.  If you are using Avast Free, when you open the AvastUI it attempts to load the ad that it shows on it's Summary | Current status page.

Windows itself or other programs checking for updates can trigger traffic to/thru AvastSvc.exe.
Pentium4 3.4GHZ, 2.0GB RAM, RADEON x850 XT Platinum Edition, WinXP Pro SP3 32bit, IE 8
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: AIS 2014 9.0.2018, WinPatrol Plus, SpywareBlaster 5, Opera 12.17, Firefox 28, MBam Free, MCShield, CCleaner

Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
Thanks for the detailed response, Gopher. I wasn't aware that AvastSvc.exe acts as a proxy - I learned something new, here.

However, I've blocked Avast! from Internet access without my permission via ZoneAlarm. So does that mean that, when AvastSvc.exe is unable to connect to the Internet, it doesn't bother routing the socket client request and lets the Windows socket API handle that part itself?

I'm going to have to put my brain to work on fixing the memory problem. What are my best options for troubleshooting when I want to know why Avast! is using an excessive amount of memory, virtual or otherwise?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69238
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
<snip>
However, I've blocked Avast! from Internet access without my permission via ZoneAlarm. So does that mean that, when AvastSvc.exe is unable to connect to the Internet, it doesn't bother routing the socket client request and lets the Windows socket API handle that part itself?
<snip>

No it means that you effectively can't connect to the internet if you have ZA block avastSvc.exe, it will continue to attempt to connect as it isn't aware or doesn't care that something is blocking it; there is no interaction between the two programs, e.g. ZA can't change the setting in avast, for it not to act as a proxy.

As far as updates go you need to allow avast.setup or no updates, auto or manual.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
So does that mean that, when AvastSvc.exe is unable to connect to the Internet, it doesn't bother routing the socket client request and lets the Windows socket API handle that part itself?
No it means that you effectively can't connect to the internet if you have ZA block avastSvc.exe, it will continue to attempt to connect as it isn't aware or doesn't care that something is blocking it...

I trust what your statement means is that, as ZoneAlarm is blocking AvastSvc.exe (and AvastUI.exe) from accessing the Internet without asking me first, neither Avast application is able to connect to the 'Net. (I'm using Avast! Free, just for the record.)

Even with Avast! blocked in this manner, I'm still able to access the 'Net - Web browsing, P2P, whether they're Internet or local connections to my WAMP setup. So it's just Avast! that's blocked from socket access, and thus it's not currently acting as a proxy, which is the way I prefer it to function. avast.setup seems to be the only process that needs to access the 'Net if all I want Avast! to do if it needs to open up a connection is to update.

As Avast 7 is still relatively new, I'm going to wait another month or so before upgrading - my current registration will expire in a month, so that'll be fine timing.
« Last Edit: March 14, 2012, 09:53:56 AM by efeffess »

Offline Gopher John

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1399
  • Gender: Male
    • Personal Message (Offline)
You might as well uninstall Avast, as the WebShield is the primary protection when accessing the internet.  No AvastSvc.exe access, no WebShield protection.  You are not allowing Avast to function.

 I wouldn't run a security program I couldn't trust to access the internet.
Pentium4 3.4GHZ, 2.0GB RAM, RADEON x850 XT Platinum Edition, WinXP Pro SP3 32bit, IE 8
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: AIS 2014 9.0.2018, WinPatrol Plus, SpywareBlaster 5, Opera 12.17, Firefox 28, MBam Free, MCShield, CCleaner

Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
You might as well uninstall Avast, as the WebShield is the primary protection when accessing the internet.  No AvastSvc.exe access, no WebShield protection.  You are not allowing Avast to function.

I wouldn't run a security program I couldn't trust to access the internet.

Avast is more than WebShield, Gopher John. Shame on you for suggesting users uninstall it without also supporting its other capabilities. It's a fabulous antivirus utility, and also contains support for protection against scripts and system behavior recognition.

After some extensive research, and some clarifications from users in this thread, I've decided on a methodology to better control what Avast is and isn't allowed to do on my system.

For those concerned, keep in mind that I've got three decades of programming and two decades of computing security experience. So, when I say I want control over how applications function, that means the word "control" is underlined, highlighted, and in blazing orange firey letters, and speaks in one's head with the booming voice of God (or James Earl Jones).

Thanks for the responses.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69238
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
With the greatest majority of the malware coming from the internet, much of that from hacked sites and exploits; the web shield is very hot on that and in my opinion the best pro-active shield in avast.

By not using it you are reducing your level of protection considerably, your system, your choice.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline efeffess

  • Newbie
  • *
  • Posts: 7
    • Personal Message (Offline)
I'm in agreement with you, DavidR, that it's best users in general have all functionality enabled.

I have some utilities installed that negate the need for the extra features Avast offers, so I've disabled them as such. Unless one's an expert user, carrying out such an action is highly unrecommended. I've been studying viruses, malware and other computing security issues since the 80's, though, so I'm pretty well protected without the extra features.

As an added bonus, Avast shouldn't be active for anything except local scans. That's the problem I was having, and that's the problem I've resolved.

Thanks again for the heads up on Avast itself, though, to the responders.

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69238
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
My comments, were general as much for those reading it afterwards not just for your consumption.

There are many people that are well able to look after themselves, but for the majority of visitors to the support forum that is less likely. I too have many pro-active measures in place and a robust backup and recovery strategy, should the dark brown sticky stuff ever hit the fan.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now