Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: REDACTED on June 02, 2017, 11:04:29 PM
-
I'm running Windows 10 Creators Update (64-bit) with Avast v17.4.2294, and it keeps erasing my windows Proxy settings.
It is annoying me to no end, and I'm very nearly at the point of uninstalling avast entirely. Can somebody please tell me how do I disable this "feature"?
-
What part (shield/setting) of avast is doing it ?
-
I don't have the slightest clue. The only reason I even know it's Avast doing it is because I ran Process Monitor (from SysInternals Suite) and that was the only application that touched the proxy settings in the registry.
-
What avast program are you using Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier ?
Have you set any proxy setting in the avast Update settings ?
That said it shouldn't change your windows proxy settings as technically this would only be used for updates.
-
It's the free version, and I haven't set any proxy update settings. Frustratingly, when I try to google search this problem, I only seems to get results related to the proxy settings for update.
I'm assuming that's completely unrelated to my problem.
-
It's the free version, and I haven't set any proxy update settings. Frustratingly, when I try to google search this problem, I only seems to get results related to the proxy settings for update.
I'm assuming that's completely unrelated to my problem.
I had thought it might be firewall related, but since the free version doesn't have a firewall and would simply use the default proxy if set. There really shouldn't be any reason for it to change/erase them, I'm at a loss as to why this would be happening.
I would say that the update proxy settings would be unrelated.
It is a very long time since I used proxy settings (in XP), but my ISPs Modem Router doesn't allow for changes. And everything just works in my XP, Win7 and win10 systems.
Is there a specific reason you have to use a proxy ?
-
Yes, there is a very specific reason I'm using a proxy, and I'm not willing/able to stop that.
-
If you don't have the slightest clue, go found out.
Test things.
-
There really shouldn't be any reason for it to change/erase them, I'm at a loss as to why this would be happening.
DavidR, thank you for your candor. I'm not even familiar enough with the different areas of Avast to say which one this falls under. It could be general registry settings protection (which I had thought Avast doesn't do). It's possible this is extra precautions applied to general Internet Explorer options (as the proxy settings are part of the same set of controls that govern homepages and other IE settings).
For reference sake, the exact set of registry keys it's reverting are under HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
If you don't have the slightest clue, go found out.
Test things.
Eddy, that response is staggeringly useless (and in my opinion extremely arrogant, as well). You may as well have replied "Figure it out yourself, chump." Without even a starting point, testing things from scratch will take hours if not days of my time -- time which I would honestly much rather spend with my family. Reverting my proxy registry settings appears to happen at random irregular intervals (from as little as 5 minutes to as long as several hours between occurrences). Testing blindly means turning off components and waiting an unknown amount of time and hoping enough time has passed that if it was going to happen it would have.
A more useful response would be like DavidR's, something along the lines of: "I don't know why it's doing this, but changing registry settings sounds to me like it's related to the File System, so try starting with disabling the File System Shield and see if that works."
(For what it's worth, I have tried disabling the Web Shield, because that sounded like the best bet to me to start with, but that didn't prevent changing my proxy settings. The File System seems like my next best bet, but even if that was the solution I see no sub-setting in that Shield that would prevent this from happening, nor any way to set exclusions that target the registry. I see the File System Shield as the single most important component to successful anti-virus, so disabling it entirely is not a long-term solution.)
I realize that by only using the Free version the only avenues I have open to me are the KnowledgeBase and community support here, but if Eddy's response is typical of the level of "community support" that Avast engenders, I certainly won't ever be upgrading to a paid version, and would honestly likely choose some other antivirus vendor entirely.
-
I did asked you what part of avast/shield is causing the problem.
You could have found the answer by disabling them one at a time to see what part (if any) is doing it.
As it is your system, you will have to/test things and spend (some) time on it to find the culprit and solve the problem.
We can't do it for you.
-
There really shouldn't be any reason for it to change/erase them, I'm at a loss as to why this would be happening.
DavidR, thank you for your candor. I'm not even familiar enough with the different areas of Avast to say which one this falls under. It could be general registry settings protection (which I had thought Avast doesn't do). It's possible this is extra precautions applied to general Internet Explorer options (as the proxy settings are part of the same set of controls that govern homepages and other IE settings).
For reference sake, the exact set of registry keys it's reverting are under HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\
<snip quote>
As far as I'm aware the only interaction with the registry by the File System Shield would be if a detection was made of malware outside of the registry then it would check for any registry entry related to that detection. So it isn't scanning the registry in isolation as such.
The next thing I might consider looking at would be the Behaviour Shield, if it found the registry being changed, would it intervene. Since this is a relatively new function I'm not completely familiar with its workings.
Finally there is the Avast Self Defence Module, but that is there to protect avast files, folders, processes and presumably registry entries.
However, the last two I would consider preventative measures not allowing something to be changed rather than actually changing something. I haven't had to set any proxy settings and I don't believe avast has changed anything and the attached image is my registry key you mentioned.
-
The next thing I might consider looking at would be the Behaviour Shield, if it found the registry being changed, would it intervene. Since this is a relatively new function I'm not completely familiar with its workings.
Hmm, this one actually sounds like a strong possibility. I've had these proxy settings for a long time (I run a local instance of Privoxy as an ad-blocker, which I've found to be fantastic), and I've had Avast installed for a little over a year now. I've never had any problems with them until recently. And now that you mention the way the Behaviour Shield works, it's possible the timing of the problem coincides with my adding another exception to my proxy settings. I suppose it's possible Avast is detecting a change to the proxy registry settings and simply deleting all the the entries assuming them to be made by a virus or bad actor. I can certainly understand how setting a proxy server can be one vector of attack for a piece of malware, but if that's the case (and admittedly that may be a big IF), it's strange of Avast to not recognize there are plenty of valid uses for proxy servers as well (i.e. school, work, ad-blocking as I'm doing) and revert to a known-good state of the settings rather than flat-out erasing all settings.
The Behaviour Shield being a new feature makes sense as well, as I can appreciate that using proxy settings may be an atypical use-case for Avast's user base; not all edge-cases may have been well thought out in advance. Still, I'm fairly troubled that I have not been able to find any documentation even remotely covering what's happening to me. I'm placing a fairly high level of trust in my anti-virus software, and if it's making undocumented changes to my system, that is a concern.
So, let's be optimistic and assume the Behaviour Shield is the problem. (I've turned off that shield... I'll see if the proxy gets reset during the day tomorrow.) Are you (or anybody else) familiar with how I could set an exclusion for this? The "application" I'm using to edit the proxy settings is the Internet Properties control panel (i.e. C:\Windows\System32\inetcpl.cpl). It looks like I can only set exclusions on folders, and I'm not keen on exempting my entire System32 from Behaviour Shielding.
Thank you very much for your help and patience, DavidR.
-
This flavour of the Behaviour Shield was introduced in avast version 17.x.xxxx, so it is relatively new. Though it too as far as I'm concerned should be announcing any suspect activity rather than quietly blocking an activity so the user at least knows what is going on.
The avastUI > Settings > Components > Behaviour Shield > Customise has an Exclusions section, thought what to enter in there is a bit of a mystery as we don't know what it is acting on.
There is a Behaviour Shield log, though how helpful this might be for you I don't know, C:\ProgramData\AVAST Software\Avast\report\BehaviorShield.txt.
-
There is a Behaviour Shield log, though how helpful this might be for you I don't know, C:\ProgramData\AVAST Software\Avast\report\BehaviorShield.txt.
The log files is a great tip. Unfortunately, I've searched all 4 of them (Behaviour, Email, FileSystem, and WebShield), and none make reference to changing the registry during the affected time-frame (or at any other time, for that matter).
Nothing from Avast would lead me to think it's responsible for changing the registry, however it is very clearly AvastSvc.exe that is making the changes.
-
You need to really narrow it down to which shield is causing the issue, it's either:
- Web Shield
- File Shield
- Behaviour Shield
- Self Defence (unlikely).
Once you get time, disable each shield manually via Settings > Components.
-
im using proxy myself, no problem here. There is no way avast free can change the proxy settings on its own. Just reset avast to default under settings>troubleshooting>reset factory, so it will use the system settings maybe it will somehow cure your illness and will make u look into ur firewall apps or disable avast for a while and see which application(registry restore something/firewall) is changing the settings or a malware that u recently installed.HAHAHAHAHA. SysInternals?lol just a waste of processing power./ use task manager or resource moitor like a real man. I wouldnt trust that software if i were u.
-
Still no info on what part of avast is causing it from Carles.
Also no prove or even a indication that avast is causing it.
Could be very well Windows itself is resetting them.
-
Here is proof. Avast resets proxy settings from time to time without notifying.
It would be great to have a separate setting for this.
Thank you.
-
Hello Avast Team,
our company is using Avast Pro Antivirus 17.5.2302 (build 17.5.3559.0) and we are facing the same problem described by this topic.
As marcoregueira already posted, here the trace about Avast resets:
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"09:55:12,6729346","avastsvc.exe","2872","RegCreateKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings","SUCCESS","Desired Access: Write, Disposition: REG_OPENED_EXISTING_KEY"
"09:55:12,6729690","avastsvc.exe","2872","RegSetInfoKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings","SUCCESS","KeySetInformationClass: KeySetHandleTagsInformation, Length: 0"
"09:55:12,6729790","avastsvc.exe","2872","RegSetValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable","SUCCESS","Type: REG_DWORD, Length: 4, Data: 0"
"09:55:12,6730897","avastsvc.exe","2872","RegDeleteValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer","SUCCESS",""
"09:55:12,6731160","avastsvc.exe","2872","RegDeleteValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride","SUCCESS",""
"09:55:12,6731314","avastsvc.exe","2872","RegDeleteValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL","NAME NOT FOUND",""
"09:55:12,6731414","avastsvc.exe","2872","RegDeleteValue","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect","NAME NOT FOUND",""
"09:55:12,6731534","avastsvc.exe","2872","RegCloseKey","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings","SUCCESS",""
Thanks.
Microtek
-
Reported to Avast.
-
We have the same issue here. We use Telerik Fiddler, a very important Proxy tool for us for the debugging of HTTP requests, and Avast keeps resetting the Proxy while we are debugging, so debugging is basically made impossible through that.
-
We have the same issue here. We use Telerik Fiddler, a very important Proxy tool for us for the debugging of HTTP requests, and Avast keeps resetting the Proxy while we are debugging, so debugging is basically made impossible through that.
Can I bump this as I'm having exactly the same issues and it's really annoying considering I don't have any of the firewall features for Avast?
Here are my logs from Process Monitor;
Exe: c:\program files\avast software\avast\avastsvc.exe
3:37:04.2638664 PM avastsvc.exe 2692 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS Type: REG_SZ, Length: 82, Data: http=127.0.0.1:8888;https=127.0.0.1:8888
3:37:04.2641615 PM avastsvc.exe 2692 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS
3:37:04.3265197 PM Fiddler.exe 25308 RegQueryValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer NAME NOT FOUND Length: 144
Stack trace for the delete query;
0 ntoskrnl.exe SeLockSubjectContext + 0x3355 0xfffff80281f33bc5 C:\Windows\system32\ntoskrnl.exe
1 ntoskrnl.exe ObOpenObjectByName + 0x4218 0xfffff80281ef2468 C:\Windows\system32\ntoskrnl.exe
2 ntoskrnl.exe setjmpex + 0x3b63 0xfffff80281c0c413 C:\Windows\system32\ntoskrnl.exe
3 <unknown> 0x7ffc1be46d54 0x7ffc1be46d54
4 <unknown> 0x50dd3f97 0x50dd3f97
5 <unknown> 0x50dc6d63 0x50dc6d63
6 <unknown> 0x50ea1c93 0x50ea1c93
7 <unknown> 0x50ddb130 0x50ddb130
8 <unknown> 0x50dcb950 0x50dcb950
9 <unknown> 0x7ffc1be19c32 0x7ffc1be19c32
10 <unknown> 0x7ffc1be19b1b 0x7ffc1be19b1b
11 <unknown> 0x7ffc1be19ace 0x7ffc1be19ace
12 <unknown> 0x779b29fc 0x779b29fc
13 <unknown> 0x74a99e15 0x74a99e15
14 <unknown> 0x74a99ed3 0x74a99ed3
15 <unknown> 0x73b810de 0x73b810de
16 <unknown> 0x73b80fe7 0x73b80fe7
17 <unknown> 0x73c51371 0x73c51371
18 <unknown> 0x73b7c695 0x73b7c695
19 <unknown> 0x73b7c5b1 0x73b7c5b1
20 <unknown> 0x727b7b8d 0x727b7b8d
21 <unknown> 0x727b7557 0x727b7557
22 <unknown> 0x727db808 0x727db808
23 <unknown> 0x727dd974 0x727dd974
24 <unknown> 0x745fe89f 0x745fe89f
25 <unknown> 0x756b8744 0x756b8744
26 <unknown> 0x779a582d 0x779a582d
27 <unknown> 0x779a57fd 0x779a57fd
-
Can you upload .PML file from ProcMon?
-
Can you upload .PML file from ProcMon?
https://ufile.io/w1ssg
Thanks for taking a look drake127!
-
Hi, it appears that that PML file is somehow broken. It is missing module information and we cannot match those addresses to our code. Can you use updated version of Process Monitor or check your save settings? Even without private symbols, the stack window should not read <unknown>.
-
Would you be able to direct me to the version of Process Monitor you need me to use? This is what I've been using;
https://pasteboard.co/GW74jHn.png
Maybe it's easier if I print the stack the Process and Stack tabs associated with the RegDeleteValue instead?
https://pasteboard.co/GW75CeV.png
https://pasteboard.co/GW760RR.png
-
Hi again, I found out that you need to disable Avast self-defense (Settings->Troubleshooting), restart your computer and then you will see proper modules in Process Monitor. The result should look like the attachment. When you have it, upload the PML file again. Thanks!
-
here you go drake, thanks again;
https://ufile.io/y7tdw
-
Any ideas or clues yet drake127?
-
Shame not to hear anything yet. I'm just going to uninstall it and try something else, thanks for trying!
-
Just encountered this exact proxy clearing issue on a Windows 10 (Build 1709) computer. Uninstalling Avast Free Edition eliminated the problem.
-
Shame not to hear anything yet. I'm just going to uninstall it and try something else, thanks for trying!
Update to the latest version (17.9.2322): https://forum.avast.com/index.php?topic=212045.0
-
I am facing the same issue using Avast Premier (17.9.2322) on Windows 10, 64-bit (1709). As mentioned in previous posts the registry entries for proxy settings get deleted by avastsvc.exe. There doesn't seem to be a fixed period when this happens, nor a specific event that could trigger such strange behavior. Has anyone figured out the reasons? This is the only post I found that discusses the issue. It doesn't make any sense for many users that have to use a proxy for various reasons.
-
Same exact thing here. extremely annoying and fucking dangerous from a privacy perspective, especially for those such as myself who live in a country where you need a VPN to access the internet and viewing the wrong political opinion can get you a visit by police. Seriously F Avast for not looking into this. In the middle of browsing the system proxy resets with zero warning unmasking all your traffic and preventing access to western websites. Windows and Avast are both fully updated. Avast is reset, IE settings reset, network settings reset. I've reset everything and the issue persists. The only option I have is to uninstall Avast because this behavior is far more dangerous than the low risk of malware.
-
Hi, comrades - same way (process monitor, proxy settings reseting) i found this forum )))
Tests (not sure how it sound on english version of avast just)
1) Disabling browser-extension time2time recheck - not help
2) Disabling\removing all components (free ver) (except realtime, software updater. avast-itself protection disabled) - helps
(still testing)
-
Hi, comrades - same way (process monitor, proxy settings reseting) i found this forum )))
Tests (not sure how it sound on english version of avast just)
1) Disabling browser-extension time2time recheck - not help
2) Disabling\removing all components (free ver) (except realtime, software updater. avast-itself protection disabled) - helps
(still testing)
Not good advice and certainly not resulting in good protection.
I've reported the complaint to Avast.
-
Hello,
I have been bothered by the proxy setting being deleted for almost 6 months now until I found this forum/thread. All this time I thought it was Windows Update that was causing the problem (as I found in the other forum).
Our company bought more than 10 licenses and we need the VPN and proxy setting in our work.
Work around for web browsing can be done via Firefox proxy setting but other Windows proxy setting dependent such as skype etc. has caused too much trouble.
Some of my team eventually uninstalled Avast from their computers leaving Windows Defender running instead... not a very secured environment I suppose.
I was able to capture and reproduce the problem via procmon in my Windows 10 environment which is having the same problem... proof that Avast has been deleting the Proxy setting.
-----------
Time of Day Process Name PID Operation Path Result Detail
5:45:26.1757683 PM avastsvc.exe 2936 RegDeleteKey HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C3F4EA120CD88D91FDB2C5A6D307E77AC4A67B3D SUCCESS
6:23:30.5019661 PM avastsvc.exe 2936 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS
6:23:30.5020261 PM avastsvc.exe 2936 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride NAME NOT FOUND
6:23:30.5020384 PM avastsvc.exe 2936 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL NAME NOT FOUND
6:23:30.5020659 PM avastsvc.exe 2936 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect NAME NOT FOUND
----------
I really hope Avast do something about this quickly. Otherwise, they will lose more users other than free version!
-
You could try the latest beta: https://forum.avast.com/index.php?board=15
-
Thanks, Asyn.
I'm trying it asap... hope this works!
-
You're welcome.
-
Hi Asyn,
I got the result after installing the beta version, and updated to the latest version and definitions.
program version: 18.1.2326 (build 18.1.3800.0)
virus definitions version: 180208-0
number of definitions: 4.188.101
But, still the proxy setting has been deleted. >:(
-------
Time of Day Process Name PID Operation Path Result Detail
9:51:27.2593068 PM svchost.exe 3172 RegDeleteValue HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\34-bf-90-35-93-b8\WpadDetectedUrl NAME NOT FOUND
9:51:29.8380680 PM svchost.exe 3172 RegDeleteValue HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\34-bf-90-35-93-b8\WpadDetectedUrl NAME NOT FOUND
9:51:30.4886404 PM svchost.exe 3172 RegDeleteValue HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\34-bf-90-35-93-b8\WpadDetectedUrl NAME NOT FOUND
9:51:50.0398789 PM rundll32.exe 14984 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride NAME NOT FOUND
9:51:50.0399134 PM rundll32.exe 14984 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL NAME NOT FOUND
9:51:50.0399423 PM rundll32.exe 14984 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect NAME NOT FOUND
10:07:37.0274421 PM avastsvc.exe 3328 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer SUCCESS
10:07:37.0275323 PM avastsvc.exe 3328 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride NAME NOT FOUND
10:07:37.0275507 PM avastsvc.exe 3328 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL NAME NOT FOUND
10:07:37.0280877 PM avastsvc.exe 3328 RegDeleteValue HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect NAME NOT FOUND
------------
-
OK, follow instructions: https://support.avast.com/article/33/
-
Thanks, Asyn.
Done submitting the support file to Avast.
-
You're welcome. Hope it helps...
-
yes. hoping we get the response from support and have this fixed soon. thanks
-
I've shut down each protection shield one by one and nothing prevented the VPN settings from being reset. I'm starting to think Avast is purposefully sabotaging system proxy settings to prevent or expose people using a non-avast VPN or trick them into purchasing Avast's secureline VPN product. Why else has this dangerous security problem gone on so long with absolutely no information from avast?
-
actually tried the beta version last February... and it was fixed once but now re-appeared to the latest beta version.
The latest release did not fix the problem as well. We cannot wait any longer not knowing when this problem will be addressed.
Our company decided to look for the other antivirus software to replace Avast. This is very important to our company and we cannot wait any longer. :( :( :(
-
Ok, after months of happy living and no proxy sabotaging, this has now resurfaced. Was there an update in the last few days?! I can't seem to find release notes.
-
the company could not wait for the fix any longer.... we've decided to uninstall Avast and installed another software to all our laptops. >:(
-
I've just re-installed Avast Business Anti Virus 18.6.2540 and this is resetting my internet proxy a few minutes after I change it. It also remove the proxy address in the Update screen so I'm always getting warnings that my definitions are out of date. been doing it for the last year.
My family also use Avast and they don't have any issue, most likely because they have desktops that never leave the house but I have a laptop and have to turn off the proxy when I'm away from home. So I assume Avast thinks that me manually turning it back on is a virus doing it and os removes it
So bloody annoying and not impressed that Avast have done nothing to fix it.
Time to look for a new product
Can Avast recommend a rival anti virus product that actually works as expected?
-
I've just re-installed Avast Business Anti Virus 18.6.2540 and this is resetting my internet proxy a few minutes after I change it. It also remove the proxy address in the Update screen so I'm always getting warnings that my definitions are out of date. been doing it for the last year.
My family also use Avast and they don't have any issue, most likely because they have desktops that never leave the house but I have a laptop and have to turn off the proxy when I'm away from home. So I assume Avast thinks that me manually turning it back on is a virus doing it and os removes it
So bloody annoying and not impressed that Avast have done nothing to fix it.
Time to look for a new product
Can Avast recommend a rival anti virus product that actually works as expected?
You would be better to post in the Avast For Business sub-forum, https://forum.avast.com/index.php?board=65.0 (https://forum.avast.com/index.php?board=65.0).
Assumes you are actually looking for help, in which case they would need more information.
-
Reported to Avast. Patience, this is the weekend.