Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: beyondo on May 02, 2010, 04:46:00 PM

Title: Manually exiting Avast! without turning off self-protection module
Post by: beyondo on May 02, 2010, 04:46:00 PM
I can open services, and shut down Avast! manually with the self-protection module on,
provided I respond to the modal dialog it pops up filling the screen.  In this way, I shut down
all 3 Avast! services.

However, it leaves the UI running (AvastUI.exe).  I'm aware I can disable the self-protection module,
and then kill it with task manager, but I don't want to do that.  When I attempt to kill it with task
manager, why doesn't it pop up another modal dialog which I can respond to to let me kill it?

As it stands, if I don't want to muck with the self-protection settings, it appears I have to
install a kernel mode process kill program specifically for this purpose.  It seems silly because
the services (which I can shut down) are the critical pieces of Avast!, not the UI.

Please add this feature, or at least an "exit UI" option on the system tray icon.

(Yeah I'm aware I can hide the icon, but the task is still there, even if it isn't doing anything.)
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: DavidR on May 02, 2010, 04:59:46 PM
Why do you want to do this ?

avast is designed as a 'resident' on-access antivirus and the self-defence module is there to prevent it from being easily shutdown leaving you unprotected.

Given your other post it looks like you want an on-demand scanner which avast wasn't designed to be. Even with the services disabled/stopped the low level drivers will still be there.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: Dch48 on May 02, 2010, 05:03:28 PM
I think he's saying that if he can do it manually, then a piece of malware might also be able to do it. He's pointing out that the self protection might not be working as well as it should.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: DavidR on May 02, 2010, 05:17:45 PM
I'm saying nothing of the sort, the main point is why does beyondo need to do this.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: Dch48 on May 02, 2010, 05:28:33 PM
I'm saying nothing of the sort, the main point is why does beyondo need to do this.
I didn't say you were saying it, I meant that he was. I don't think he wants to able to do those things , only pointing out that he can do them without the self protection preventing it. Or, if he does actually want to do it for some unknown reason, why is he able to?
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: logos on May 02, 2010, 05:30:14 PM
my opinion is that avast services shouldn't let you disable them when the self-defense module is on ;) as to the UI, yeah there should be an option to exit, with an avast protection dialog box confirmation, so without having to disable the module in the first place.

 Why would that be needed? doesn't matter, you're running your computer and there can always be circumstances, like conflicts when trying out some other security software etc...

edit: I believe too that Avast services could be very easily disabled by malware, with the current self-protection system. There's just no real anti-termination protection.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: beyondo on May 02, 2010, 05:31:21 PM
Why do you want to do this ?
I only want the virus software running when I choose, not all the time.

avast is designed as a 'resident' on-access antivirus and the self-defence module is there to prevent it from being easily shutdown leaving you unprotected.
I understand the purpose of the self-defense module.

Given your other post it looks like you want an on-demand scanner which avast wasn't designed to be. Even with the services disabled/stopped the low level drivers will still be there.
Actually, I want to use the on access scanning too, but only at certain times...such
as let's say when I'm installing a new program.

I wasn't asking about the low level drivers.  I was wondering why the same "prompt-response"
system couldn't be used to terminate AvastUI.exe as it's used to terminate the services
(with self-protection module active).

Wouldn't that be consistent?  Is the problem that the modal dialogs are run by
the services themselves, so that when they exit nothing is left?
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: Dch48 on May 02, 2010, 05:33:01 PM
my opinion is that avast services shouldn't let you disable them when the self-defense module is on ;)

Exactly-- The question to me is this. even if wants to disable everything, why is he able to when the self protection is active?
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: doktornotor on May 02, 2010, 05:36:54 PM
Eh... geez folks, he just wants an Exit item on tray icon right-click menu (or equivalent on the disable shields prompt). Has nothing to do w/ malware disabling the avast services or whatever similar (which wouldn't really be so easy as it is since it uses alternate desktop requiring a manual action) - plus the AvastUI.exe thing doesn't provide any realtime protection anyway.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: DavidR on May 02, 2010, 05:44:06 PM
@ beyondo
Having it on-access only at times you are installing software is a bit of a waste of time if your virus database is out of date (IMHO) as you are suggesting (updating it every 30 days) in your other post. An out of date security application is a false sense of security.

Trying to cripple what is designed as a resident on-access antivirus if you want am on-demand antivirus use one designed for that use.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: beyondo on May 02, 2010, 05:55:56 PM
I set it to 30 days simply to make sure it wasn't constantly trying to access the internet.
The default is... 4 hours!?  I could certainly choose to update it more often if I wanted.

Avast certainly has a 'scan' function and I don't see why I can't use it for that purpose.
Often, I can verify that an installer (exe) has been out on the internet for some time
(using md5 hash) but don't know much else.  The fact that it dates, say, to 2008, is
enough to ensure it's covered by any recent virus program.

I picked avast because I was sick of McAfee and heard good things about Avast! and
am not aware of any virus program that is designed solely for "on demand" use.  I'm
aware of the risk of 0-day infections if I start downloading random exe's from porn sites.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: doktornotor on May 02, 2010, 05:59:25 PM
Well, w/ updating once in 30 days it's kinda pointless to use an AV. Your settings won't be honoured anyway, there's a separate thread about not even 1440 minutes (1 day) being honored. As for the rest, this is NOT designed as on-demand AV, simply because the drivers are loaded anyway even if you disable the realtime protection, so if you install another AV you are calling for a big trouble.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: igor on May 02, 2010, 06:24:56 PM
I'm aware of the risk of 0-day infections if I start downloading random exe's from porn sites.

With the number of ordinary sites compromised every day, any browsing (e.g. reading your favourite magazine) is of a similar risk. It's not true anymore (for a long time) that you have to visit "dangerous" sites to get infected.


If you disable all the services anyway (i.e. stop the resident protection), what's the point of the self-defense (i.e. why do you want to have it enabled)? I see no logic here...
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: beyondo on May 02, 2010, 06:33:12 PM
WRT to update interval, the large IT department at my work has us scheduled for weekly updates,
which they apparently believe is optimal.  Those that reconfigured their machines for daily updates
had the pleasure of having their machines shutdown last week last by McAfee due to netsvc.exe
being deleted (false positive).

With the number of ordinary sites compromised every day, any browsing (e.g. reading your favourite magazine) is of a similar risk. It's not true anymore (for a long time) that you have to visit "dangerous" sites to get infected.
I guess I'm an extraodinary man then.  I've never been infected since I put this computer together in 2000.
And I install a lot of stuff, some questionable, from the web.  I'm just careful about where I get it.  Actually,
I've had more problems from the virus software than from viruses--like the McAfee debacle last week.

If you disable all the services anyway (i.e. stop the resident protection), what's the point of the self-defense (i.e. why do you want to have it enabled)? I see no logic here...

I'm not following you here.  I'm going to have Avast! either on or off, when it's off, I'd like it all off, when it's
on I'd probably just be running the basic file access scanning (not the web scanning).
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: doktornotor on May 02, 2010, 06:35:17 PM
WRT to update interval, the large IT department at my work has us scheduled for weekly updates,
which they apparently believe is optimal. 

Well, your IT dept. definitely needs a sanity check...  ::) :o
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: igor on May 02, 2010, 06:42:34 PM
I guess I'm an extraodinary man then.  I've never been infected since I put this computer together in 2000.

Well... you think so ;)

I'm not following you here.  I'm going to have Avast! either on or off, when it's off, I'd like it all off, when it's on I'd probably just be running the basic file access scanning (not the web scanning).

I'm saying that if you stop the resident protection, the self-defense is pointless (it's there to prevent killing the antivirus by an unknown malware - but if you stop the resident protection, the antivirus doesn't run anyway) - so if you want to "use" the antivirus this way, simply disable the self-defense as well... I don't see why you want to have the resident protection stopped and self-defense active.


As for why the consent dialog isn't there for killing AvastUi... I assume because there exists a common "interface" for stopping services (which the user can invoke from the Service manager, for example) - while killing a process is quite a special action. Besides, I don't know why you'd want to kill AvastUI anyway - if you don't want it running, remove the corresponding auto-start entry from registry.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: beyondo on May 02, 2010, 06:57:05 PM
I'm saying that if you stop the resident protection, the self-defense is pointless (it's there to prevent killing the antivirus by an unknown malware - but if you stop the resident protection, the antivirus doesn't run anyway) - so if you want to "use" the antivirus this way, simply disable the self-defense as well... I don't see why you want to have the resident protection stopped and self-defense active.
Ok, I see what you're saying.  The reason I want to be able to shut everything down without turning off
the self-defense is that it's another thing I'd have to re-enable when I want to use Avast!.  Right now,
I have the main service set to manual, not automatic, and the AvastUI removed from the auto-start list.
Thus, I boot windows and Avast! is not running.  I can launch the main service manually, and then
click on the icon to launch AvastUI.exe and I'm good to go--two steps.  If I had disabled the
self-protection, then I'd need to go into settings and re-enable it, another step to remember.

As for why the consent dialog isn't there for killing AvastUi... I assume because there exists a common "interface" for stopping services (which the user can invoke from the Service manager, for example) - while killing a process is quite a special action. Besides, I don't know why you'd want to kill AvastUI anyway - if you don't want it running, remove the corresponding auto-start entry from registry.
See the above.  The reason is that though I indeed have the machine configured so Avast! doesn't run
on boot, if I do run Avast! and then want to stop running it, I can't shut down the AvastUI process without
shutting off the self-defense module, which I then must re-enable since I want to use it when I use Avast.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: igor on May 02, 2010, 07:06:25 PM
What I'm trying to say is that those times when you're running with the resident protection disabled are such a "security hole" - that it doesn't matter if you have the self-defense enabled or not for the rest of the time.

Anyway, I don't think there's any plan to add the consent dialog even for killing of AvastUi process at the moment; quite a lot of work with zero benefit.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: beyondo on May 02, 2010, 07:26:10 PM
What I'm trying to say is that those times when you're running with the resident protection disabled are such a "security hole" - that it doesn't matter if you have the self-defense enabled or not for the rest of the time.
So you're saying that because I choose to disable the Avast! completely at times when I'm, say,
playing a local game on my PC and not even connected to the web, that all of sudden I'm so compromised
it doesn't matter whether I protect the virus program from being killed off by malware when I actually
have it running, say during a new program install?

Well, you're entitled to your opinion, of course, but I don't believe that statement.

Anyway, I don't think there's any plan to add the consent dialog even for killing of AvastUi process at the moment; quite a lot of work with zero benefit.
I described the positive (>0) benefit above when I described how I wanted to exit Avast! cleanly with as few
steps as possible.  Lacking that feature adds a step.  It's hard to believe it's a "lot of work" since it would seem
the same modal code that you already use for service shutdown could be used,  but I'll take your word for it.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: Asyn on May 03, 2010, 01:04:21 AM
Well, your IT dept. definitely needs a sanity check...  ::) :o

+1 ;D
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: Dch48 on May 03, 2010, 03:58:50 AM
Well if you read the forums for MSE, people wwere having problems with the AV not being updated for days at a time and they were told that the definitions are only considered out of date when they are more than a week old and they shouldn't worry unless it goes past that without getting an update. So it isn't only that IT department that thinks that way.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: logos on May 03, 2010, 11:20:40 AM
Well if you read the forums for MSE, people wwere having problems with the AV not being updated for days at a time and they were told that the definitions are only considered out of date when they are more than a week old and they shouldn't worry unless it goes past that without getting an update. So it isn't only that IT department that thinks that way.

yeah that's also what I was thinking of when reading the thread here yesterday. But the OP is talking about 30 days without updating, not a week. I've been posting and complaining in that TechNet thread about MSE (first version only, it's been fixed now) not updating automatically and regularly during the first weeks (months actually) following the official release. But I got to admit that nobody is indeed very likely to have his system attacked by the latest threat on the web. And updating AVs twice a day is also overkill, not mentioning those (like bitdefender) updating every hour ;D this is ridiculous, and often just done for the hype ::)
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: PapaSmurf on May 03, 2010, 12:40:40 PM
Well, your IT dept. definitely needs a sanity check...  ::) :o

Not really, this is common. Most large IT's worry more about stopping threats at the server level. They just do not allow problems to enter the company. The individual scanners are more or less a secondary defensive response in the event that something may be missed at the server level.

However, to use avast in the sort of on/off method being discussed can be done with care. The operator would need to manually check for updates prior to any new installations, do the install, and then just to be safe, scan the install directory after install.
As far as the ui and protection module, this may be something the operator has to put up with. I know it is
not what you want to hear, but I do not think a "universal" kill switch will be added for the simple reason that as stated before, avast was not designed to be an "on demand" type of scanner. But it is
MUCH better than the system cows, (Norton, McAfee), at least you CAN kill the services in avast.
Just another opinion....happy computing :)
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: igor on May 03, 2010, 12:50:51 PM
I described the positive (>0) benefit above when I described how I wanted to exit Avast! cleanly with as few
steps as possible.  Lacking that feature adds a step.

What I meant is that it would save some work for you... and maybe a few other people - but tens of millions of other users don't need it. I believe the time can be spent in a more efficient way, i.e. on something most users would benefit from.

It's hard to believe it's a "lot of work" since it would seem
the same modal code that you already use for service shutdown could be used,  but I'll take your word for it.

I didn't mean the UI window itself (though yes, a new text would be needed, and translating it into almost 30 languages takes quite some time) - but rather the kernel mode code. Killing a process is a different action than stopping a service (where a "nice" interface for stop-request exists) - so a communication from the kernel driver into the user mode would have to be implemented, the consent dialog would be shown - and then the information has to go back into kernel and trigger an action.
Actually, I'm not completely sure if this could be done at all - because the filtering (causing the later "access denied") isn't done when the kill is requested, but earlier, when the process is opened - so in the end, you might see this warning screen pretty often, even when nobody is trying to kill the process, but just to show some info about it.
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: Dch48 on May 03, 2010, 05:53:12 PM
Well if you read the forums for MSE, people wwere having problems with the AV not being updated for days at a time and they were told that the definitions are only considered out of date when they are more than a week old and they shouldn't worry unless it goes past that without getting an update. So it isn't only that IT department that thinks that way.

yeah that's also what I was thinking of when reading the thread here yesterday. But the OP is talking about 30 days without updating, not a week. I've been posting and complaining in that TechNet thread about MSE (first version only, it's been fixed now) not updating automatically and regularly during the first weeks (months actually) following the official release. But I got to admit that nobody is indeed very likely to have his system attacked by the latest threat on the web. And updating AVs twice a day is also overkill, not mentioning those (like bitdefender) updating every hour ;D this is ridiculous, and often just done for the hype ::)
I'm getting 2 updates per day with Avast!5 Free, is that overkill?  lol  ;D

(Also--Norton is not a system cow, especially since the 2009 version. It is extremely lightweight and has no noticeable effect on performance. It never did for me and I used the AV from 2000-2005 and NIS from 2005-2009. I never had any issues of any kind, not even with uninstalling the various versions.)
Title: Re: Manually exiting Avast! without turning off self-protection module
Post by: logos on May 03, 2010, 07:19:52 PM
Quote
I'm getting 2 updates per day with Avast!5 Free, is that overkill?
definitely yes