Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: MAG on May 17, 2011, 11:19:36 PM
-
Just upgraded to AIS.
My AIS FW shows a number of unknown connections (w7 system) - see snip.
There are no Application Rules for Unknown
FW is set to Public
Anyone else seen this/know what's going on?
Thanks
-
If you upgraded from a previous version of Avast (Free, Pro) and got this (screen shot), I would uninstall and do a clean install.
-
If you upgraded from a previous version of Avast (Free, Pro) and got this (screen shot), I would uninstall and do a clean install.
Thanks.
That's the first thing I thought of - but it didn't make any difference to this behaviour unfortunately. :(
-
I know it's not what you wanted to hear, but something is wrong and it should fix the problem. Let us know. Thanks.
-
I know it's not what you wanted to hear, but something is wrong and it should fix the problem. Let us know. Thanks.
Not sure I follow you - I already did an uninstall/reinstall - and it didn't make any difference.
-
Now I'm confused...you did a clean install of AIS and the screen shot you gave us is what happened?
Have you tried an Avast Repair?
-
Yes - that's it.
I confess I didn't use the ASWClear tool - just control panel/uninstall programs - but it all went smoothly and reported no problems.
Also tried a repair.
-
So now everything is working correctly after using the Uninstaller Tool?
Edit: I think we have a little miscommunication here. Try uninstalling using the Avast Uninstaller Tool, then do a clean install and see if this fixes your problem. Let us know how this goes. Thanks.
-
No - I haven't tried the avast uninstall tool yet.
I was wondering whether this could be anything to do with leftovers from my previous FW (comodo), but there doesn't seem to be an uninstaller for that.
I did a Ccleaner file and registry clean after uninstalling comodo FW through control panel though.
I'll try aswclear in safe mode tomorrow.
-
If you find you have remnants of Comodo, check this thread from their forum: https://forums.comodo.com/install-setup-configuration-help-cis/uninstaller-tool-for-comodo-products-t71897.0.html (https://forums.comodo.com/install-setup-configuration-help-cis/uninstaller-tool-for-comodo-products-t71897.0.html). If anything is found, run CCleaner again, then reboot.
Then do a clean install of Avast. Let us know how it goes and if this resolves your problem. Thanks. :)
-
I don't really know if there are any comodo remnants - it seemed to uninstall OK. Thanks for the link to comodo uninstaller though - didn't know there was one (I see it is not provided by comodo themselves).
I don't really have time to look into this too much at present, and not being happy with a FW that shows unknown connections with no rules for them, I have uninstalled AIS FW and gone back to comodo for the present.
It may be worth noting that the unknown connections only show up when detailed view is ticked. Otherwise all the connections shown are known.
Could anyone else with AIS please do me a favour and just check if they get any such connections (bottom of page) when detailed view is ticked.
Thanks
-
Hi mag,
the number displayed after the word "Unknown" is a process identifier (PID), the same number should be listed in the task manager (if not, add it to the list of displayed columns from the TaskManager menu). Do you see any applications with such PID running on your system ?
Thanks.
Lukas.
-
Thanks for looking into this Lukas
It just happened on my XP system - unknown 2676.
There was no such PID showing in XP task manager.
(I am running an administrator account, and I have 'show processes from all users' ticked)
-
A bit more info is now available.
PID 2676 popped up in task manager (same session - resumption after hibernation) and it was wmiprvse.exe.
avst FW then fairly soon recognised it, and named the connection (which until minutes before was still showing as 'unknown').
wmiprvse then disappeared from task manager - presumably the process stopped, because whatever was using it didn't need it any more.
Within a few minutes avast FW was showing the 2676 connection as still present, but 'unknown' again.
So the 'unknown' connections seem to be ghost connections left in place after the processes that opened them have stopped?
But this isn't what seems to happens with the majority of processes. When they stop the connection just disappears soon after.
Any thoughts anyone?
Postscript - I am no longer confident that this observation was particularly relevant - see post below
-
Continuing my monologue on this topic....
I have now found out how to reproducibly create the AIS FW 'unknown connections'.
Open an application that connects and includes an outbound UDP 'listening' connection (eg PSI).
- AIS FW shows all the connections and the associated application name and PID
- Task Manager shows the PID and application name.
Close the application.
- AIS FW still shows the UDP 'listening' connection and the application name and PID. Other connections disappear.
- Task Manager doesn't show it any more because the application isn't running.
Close avast UI, then reopen it.
- AIS FW still shows the UDP 'listening' connection and the PID - but the name has now become 'unknown'.
You need to have 'Detailed View' ticked to see this.
Now what I need to know is why it happens - and why does it apparently only happen to me, yet happens on both my W7 and my XP systems? ???
I think it maybe has something to do with the fact that detailed view is also showing historic info - ie data on connections that have closed, and I now suspect (hope) that it is actually no concern at all!
-
Hi Mag,
how I see it this seems to be a problem with AIS FW cleaning (deleting) its records about active connections. What you see there are actually connection records that should have been already deleted from the active connections list. I am trying to find some bug in the code and come up with the fix. It does not reproduce here, so it must be depended on the specific situation it is happening in - e.g. all the services and their list of UDP ports they have opened. I have asked the QA team to come up with some configuration setups to reproduce that. Thanks for you analyses.
Lukas.
-
Thanks Lukas.
I'll try to keep an eye on which applications give rise to this.
As noted above, one is Secunia PSI v1.5.0.2.
-
Hi mag, I hope I have found a bug causing this improper cleanup of Firewall connections. It should be fixed in the next release. Thanks for pointing that out.
Lukas.
-
Thanks Lukas.
-
The avast! BSOD is very rare. I am providing avast! tech support to over 4000 organizations world wide. I earned avast! Rising Star 2010. Here is what I have learned on this subject:
I have cured avast! BSODs by using CCleaner registry tool. CCleaner should be run multiple times until it comes up clean. This may also be the last step, so keep reading.
A/V software is the most invasive application you will ever have on your computer. Many times there are leftover pieces of A/V software that cause conflicts (including avast!) I get very aggressive here by scouring the system for these. Look in Program Files for any directories of previous A/V programs. Get their removal tools and use them. Do the same for avast! (if avast!, run the removal tool for every version of avast! that has ever been installed)
Last statement is: removal tools still leave registry entries. So I use CCleaner, or manual registry hacks when needed.
Hopes this helps!
J.R. Guthrie
President at Advantage Micro Corporation
Failure Analysis Engineer