Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Endpoint Protection => Topic started by: wpn on August 02, 2011, 11:13:15 PM

Title: SBC FAQ
Post by: wpn on August 02, 2011, 11:13:15 PM
This FAQ is outdated! This FAQ was for the SBC product which incorporated the v6 product and made use of silverlight and ISS

***DISCLAIMER***
remember this is unofficial and if there is any wrong answer/solution or assumption in it please correct me...
I have composed this on my own initiative.
Here you can find the official FAQ: https://support.avast.com/index.php?_m=knowledgebase&_a=view&parentcategoryid=654&pcid=23&nav=0,1,23

Last edit: 15-03-2012 addition of corrupt mirror

Where can i find (BPP) documentation?
- You can find a quick install guide here: http://files.avast.com/files/documentation/quick-start-guide-business-protection-en-ww.pdf
- You can find the SBC admin guide here:  http://files.avast.com/files/documentation/business-protection-plus-administrators-guide.pdf
Other documentation: http://www.avast.com/download-documentation

Where can i find system requirements for the console / database / client
In the admin guide posted above

SBC wont install using a remote dedicated database server
The BUG for this problem is solved in the latest SBC release 1.1.131.7

However the machineaccount where SBC is getting installed needs permission on the database. Not a user account.

There are 2 methods for this:
Method 1 (machine local group):
    Create a local group on the sql server
    Add the Server account that is going to host the BP Console to that group
    Add the group into the SQL Server as a login with permission to create a database.

Method 2 (domain local group):
    Create a domain local group in Active Directory
    Add the Server account that is going to host the BP Console to that group
    Add the DL group into the SQL Server as a login with permission to create a database.

For method 2 its imperative that the settings for the group are DOMAIN LOCAL and not GLOBAL. The advantage is that you control it from Active Directory and not locally on a server where these settings could be forgotten.

How do i license now (reseller or avast input appreciated)
Every computer (server or client) gets a license. If you have 132 clients, then you buy 132 licenses. Depending on what you need to protect and what you desire to have it will be a BP or BPP license.
If you need to protect Exchange and/or Sharepoint then you automatically turn to BPP
If you desire to use the firewall or antispam then you also turn to BPP

Do i need an internet connection for installing the SBC
Yes its required for downloading the prerequisites and of course all the installation files and virus definitions

Where can i find any error logs?
Open the SB Console go to ADMIN - SETTINGS - TROUBLESHOOTING -  DOWNLOAD -> open zip file
In case of failed installation:
C:\Documents and Settings\All Users\Application Data\AVAST Software\Administration Console\Logs - WinXP/2k3
C:\ProgramData\AVAST Software\Administration Console\Logs - Win Vista/7/2k8

What does it mean when a Windows 7 Computer is rejected by the SBC after a successful roll out and the reason listed is "Computer banned"
http://forum.avast.com/index.php?topic=82530.0

Can i import the ADNM database to SBC database?
No, you have to start from scratch.

Is there a 64bit Outlook antispam plugin
No (not yet?)

When i turn off the firewall or antispam in a group, all computers in that group turn yellow and the client tells me its not fully secured
[1] Edit Group Settings -> Shields -> Firewall (Uncheck)
[2] Edit Group Settings -> Status Bar -> Firewall (Uncheck)

Unchecking those TWO settings will:
[1] Disable the Firewall
[2] Prevent the Status Bar issuing a Warning. Is this a NEW option?
(thanks studio_two for the new way with SBC release 1.1.131.7)

Where can i control the firewall or antispam in the GUI
No GUI controls yet available. see previous FAQ item.

How can i get email alerts back?
http://forum.avast.com/index.php?topic=82263.0
This comes from VLK

avastcfg://avast5/Common/NetAlert            SMTP:yourname@domain.com
avastcfg://avast5/Communication/SMTPFrom     from_address@domain.com
avastcfg://avast5/Communication/SMTPPort     25
avastcfg://avast5/Communication/SMTPServer   yoursmtpserver.domain.com

Please note that this change becomes effective only after the shields are restarted (e.g. computer rebooted).


Will SBC work with more then the stated 200 clients
With SBC 1.1 the boundary is 1000 clients. With appropriate HW it might handle little bit more.
Avast has been testing this and confirmed that 2000 clients is possible to and will support this in a later release (added this at 12-12-2011)

Can i deploy the SBC client without removing the obsolete ADNM 4.8 client
Yes you can. From own experience this worked flawless (although tested on just 1 computer)
Keep in mind that several directories from the old installation will stay behind on the computer, these need to be removed manually.

My unattended deployment fails, why
Did you give the account that you install the client with the LOGON AS SERVICE rights on all the computers? you have to set that in the grouppolicy security settings.
In a domain its easiest to do this with a GPO setting so it gets deployed to all domain clients automatically

How can i turn of the AUTO SANDBOX feature, its interfering with my users work
Edit group settings -> Expert Settings -> AutoSandboxEnabled -> 0

Does SBC has Active Directory integration for access control
No it does not. I (WPN) have read about possible plans to implement this in the (near) future.

Can i install SBC on a server that is already running ISS
No problems with installing, but you have to note that SBC is installing in "Default Web Site". So if you have another active website and the "Default Web Site" is stopped, you will need to move the Avast virtual directory to the active website.

Can SBC use a proxy server
Yes, it should automatically detect proxy settings from the default IE settings

Can i do an offline update of the VPS files
No, this is not supported at this moment. For a full answer check this thread:
http://forum.avast.com/index.php?topic=81971.0

Can ADNM manage v6 clients
No it can not at this moment. Rumors have been going around about a connector for controlling v6 clients from an ADNM server.
12-12-2011: the SBC is going to support 2000 clients. This could solve ADNM reliability for several people.

On average how much a day are the VPS updates in traffic
typically < 200KB a day per client 
On a network setup with 100 client this would come down to about 20MB traffic

Is there a French translation for the admin guide and possibly an FAQ
some faq : http://blog.avast.ch/faq/avast-6-business-protection/
the administrator guide : http://www.avast.ch/media/documentation/avast_guide_installation.pdf

Installer fails with a rollback claiming the service already excists
You probably run an installation before and cancelled it. This leaves the avast! Administration Console service installed.

Open a CLI as administrator and issue the following command:
sc delete "avast! Administration Console"
The quotes are there for the spaces in the name, dont forget them!
Now start your installer again.

Can I change the server from where the clients get their updates from?
Yes you can, you have to go into the expert settings from the the group settings.
Quote
Setting
avastcfg://avast5/Common/MirrorURL

Value:
http://servername/Avast/Mirror

Avast is reporting a lot of different infections on the same machine, but im sure i have no infection
Highly possible that you have some definitions from another AV product, most likely Windows Defender. Remove the conflicting AV product causing Avast problems and it should be fine.

when I try to connect to the avast! admin console I get: "unable to connect to website"
When checking the services, both services are in stopped state. When restarting the services theses errors are generated:

- "avast! Administration Console Monitor is not a valid win32 application".
- a dependency is not started (avast! admin console)

One workaround:
add a double quote (") in regedit around the path of the image : "C:\Program Files\AVAST Software\Administration Console\Avast.Sbc.Manager.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avast! Administration Console Monitor]
[/i]See attachment for image of regedit[/i]

Possibly this issue is caused by upgrading over an excisting installation of the console. But this is unconfirmed
solution (http://forum.avast.com/index.php?topic=92828.0)

Mirror Corrupted - Package Broken
http://forum.avast.com/index.php?topic=95626.0
The Error given in the Administration console is Package Broken (20000011).
Restarting the administration console services and manually running the Update Server definitions task will hang at xx% and does not create any entries in the mirror.log.

There is a temp file with the corrupted files.
Stop the Administration Console service and made sure Mirror.exe is not running
Delete the file from the temp folder
Restart the Services and the mirror should update successfully.

Depending on your environment settings in this case from Evangelist MAC (thnx for reporting) the file was found in C:\WINDOWS\Temp and was named _av_mirrI.tm~a38900


More to come of course. Any corrections or suggestions are welcome!
Title: Re: SBC FAQ
Post by: Infratech Solutions on August 03, 2011, 10:10:22 AM
Great job!  :)
Title: Re: SBC FAQ
Post by: soaked on August 03, 2011, 10:21:35 AM
Some corrections:

Where can i find any error logs?
Open the SB Console go to ADMIN - SETTINGS - TROUBLESHOOTING -  DOWNLOAD -> open zip file
In case of failed installation:
C:\Documents and Settings\All Users\Application Data\AVAST Software\Administration Console\Logs - WinXP/2k3
C:\ProgramData\AVAST Software\Administration Console\Logs - Win Vista/7/2k8

When i turn of the firewall or antispam in a group, all computers in that group turn yellow and the client tells me its not fully secured
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarFirewall -> 0
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarAntispam -> 0

Can i install SBC on a server that is already running IIS
No problems with installing, but you have to note that SBc is installing in "Default Web Site". So if you have another active website and the "Default Web Site" is stopped, you will need to move the Avast virtual directory to the active webite.

How to upgrade the old 4.8 managed clients to the new 6.0 clients:
Just run the deployment job, the existing 4.8 will be uninstalled and the new will be installed.

Regards
Title: Re: SBC FAQ
Post by: avast@@dvantage77.com on August 04, 2011, 02:39:58 AM
I wanted to post this scenario with the management Console (SBC) and the deployment Wizard.  If you DONOT want the PCs to reboot automatically (you would like it to happen on your schedule, like at night) then do not start the deployment Wizard. When the wizard was launched, the default started immediately to auto deploy and reboot.  This occured while customer transactions were live.  This can cause undesirable effects to business.  We immediately closed the Console to stop this process.  We moved forward with installation and created a new deployment without reboot.  We tested this with 1 install on a single PC, and it successfully installed and successfully DID NOT reboot.  Great, all is well.  We then created a scheduled new deployment for the rest of the clients, install, and DO NOT reboot.  What we did NOT know, is that the original install (auto-deploy and instantly reboot) was still in the queue from starting the wizard.   We removed the console, and reinstalled the console, did NOT start the wizard, and now all is well. 

This 2nd issue I want to post is related, but is an OLD issue, that presents itself with every version of every MFGR of every anti-virus product out there.  The removal of an antivirus program (uninstall) and the reinstallation of a newer or different antivirus, does not always go as planned. I battled this with Symantec, Norton, and McAfee that I sold for 20 years prior to avast!  Antivirus is very invasive.  Windows decomposes just sitting there. Just using Windows, uninstalling and reinstalling programs, and endless updates replacing endless updates, causes Windows corruption to occur with usage.  That's why every Windows XP has to be refreshed every now and then.  Uninstallers are sometimes useful, and sometimes not, and always leave leftovers on the system in the registry, and in program files, and in ...  So, sometimes nothing replaces the manual "scrape"  We all will  eventually see this issue during deployment from the Console, it is inevitable!  J.R.   
Title: Re: SBC FAQ
Post by: wpn on August 04, 2011, 10:17:01 AM
@ JR

Thanks for the info

about the uninstallation:  avast has a tool for this, it is intended to remove all that is installed by the avast installer even after uninstallation specially for the purpose you talk about.
aswclear.exe

This tool however is not centrally manageable
Title: Re: SBC FAQ
Post by: wpn on August 05, 2011, 01:16:56 PM
Thnx avast for the sticky
Title: Re: SBC FAQ
Post by: pascal.g on August 05, 2011, 01:50:54 PM
We have translate in French

some faq : http://blog.avast.ch/faq/avast-6-business-protection/ (http://blog.avast.ch/faq/avast-6-business-protection/)

the administrator guide : http://www.avast.ch/media/documentation/avast_Business_Protection_fr.pdf (http://www.avast.ch/media/documentation/avast_Business_Protection_fr.pdf)

the administrator guide : http://www.avast.ch/media/documentation/avast_guide_installation.pdf (http://www.avast.ch/media/documentation/avast_guide_installation.pdf)
Title: Re: SBC FAQ
Post by: Wheaties on August 11, 2011, 04:55:25 PM
Excellent post guys!  Thanks for the info...
Title: Re: SBC FAQ
Post by: wpn on August 12, 2011, 08:23:55 PM
your welcome
Title: Re: SBC FAQ
Post by: 1tb on September 02, 2011, 07:54:42 AM
Great job wpn!
Since the GUI is so lacking for what we need in most corporate environments, I'd like to see some examples with setting other Expert Settings in the console.
We have created a SERVER group and turned off unwanted shields - (When will P2P or IM be running on a corporate server console??- it's not generally something we would condone- ever!)  ::)
We also need much more control of the AV behaviour in almost all of our corporate environments. For example, vendors of many of our customer's require that their server processes and files are excluded from scans.

When we try to get support from the vendor, generally the first thing they will ask is: 
"Have you turned off file/process scanning on our application and data files in your AntiVirus solution? - If not then go away and do that before we will support you!"

For example, if a vendor writes MSSQL Server based product, they generally have specific install instructions which mandate AV scanning exclusions on all of the following:


When I asked the avast team if we need to tweak anything on a server, I was told "it should not be necessary to tweak anything"- So, I presume by this comment we are supposed to just trust avast to do the right thing on a server.  ???
But can we just 'assume' that *.mdf and *.ldf files are already excluded by Avast BPP default settings and if so, how would we verify this?

Similarly what about Exchange folders or files(*.edb, *.log) or Microsoft Internal Database files (*.mdb). Do we just assume these will not be impacted by avasts shields?

I'm afraid it just won't wash with our vendors- they will want a cast iron guarantee that the AV is not impacting their solution.

In closing we MUST have a way to easily add "Trusted Processes" from the Behaviour Shield, and "Excluded Folders and Files" from the File Shield.

So until avast team gets this in the UI - can someone please post how we bandaid this by fiddling with 'Expert Settings' in the BPP Console?
Title: Re: SBC FAQ
Post by: wpn on September 02, 2011, 09:04:32 AM
thnx for the compliment and for the input, cant agree with you more :)

if you miss features and all, i also have a feature request thread, its somewhere down the line right now, but ill look it up and bump it. Maybe you can post your requests in there too

Title: Why does someone delete my comment from this thread?
Post by: LorenzMan on September 18, 2011, 08:20:00 PM
http://forum.avast.com/index.php?topic=85000.msg689481#msg689481

Is it off topic, or don't you like my opinion?

L.
Title: Re: SBC FAQ
Post by: igor on September 18, 2011, 08:32:32 PM
I don't like your attitude "I'm not going to create a new thread, I'll hijack other people's threads instead".
Title: Re: SBC FAQ
Post by: LorenzMan on September 18, 2011, 08:40:12 PM
I'm not hijacking the thread of anyone, I'm only saying what I think trying to solve problems due to the new console.

Do you think is fairer delete thread of whom you don't like attitudes?
It could seem someone want to cover clients unsatisfaction...

L.
Title: Re: SBC FAQ
Post by: igor on September 18, 2011, 08:46:51 PM
I didn't delete any thread - I only deleted a (useless) post where you redirected/advertised your other post - which should have been posted into a new thread itself, but wasn't, so it was split into a new thread (so it's now better visible, right? hardly a cover)

And yes, you certainly are hijacking threads - your latest posts being an example. (In SBC FAQ? Come on...)
Title: Re: SBC FAQ
Post by: LorenzMan on September 18, 2011, 08:59:53 PM
I redirected to my post because my post, originally written under this thread, was deleted from here.

L.
Title: Re: SBC FAQ
Post by: igor on September 18, 2011, 09:01:00 PM
It wasn't deleted, it was moved into a separate thread, as it was off-topic there... what's so hard to understand about it?
Title: Re: SBC FAQ
Post by: LorenzMan on September 18, 2011, 09:02:14 PM
Quote
Is it off topic, or don't you like my opinion?

I asked...
Title: Re: SBC FAQ
Post by: pascal.g on September 22, 2011, 09:31:45 AM
Found this one with a client recently.

Can't move computer from one group to another
If your computers have special characters in their names that are not standard (like "_"), you won't be able to move said computer to another group when doing it from the "edit" button.
There's an easy solution to this.
Go to the "Network" section, choose "Grid view".There, you can simply select the computers you want to move and do so by simply right-clicking -> "move to group" -> "name_of_group".


(You should really not use special characters in your computer names, though.)
Title: Option to change the admin console name in the installer, or via SBC?
Post by: mpadams on October 10, 2011, 10:33:34 PM
The installer automatically is assigned the domain name of the management server. However, since some of my clients are outside our Intranet, I have to manually change systems to use its external name: and even then, not all my systems show up as connected. An ability to change this setting would be most helpful!
Title: Re: SBC FAQ
Post by: studio_two on October 24, 2011, 05:11:19 PM
When i turn of the firewall or antispam in a group, all computers in that group turn yellow and the client tells me its not fully secured
Via the advanced settings it is possible to control the firewall and antispam. In a later release there will be better GUI access
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarFirewall -> 0
Edit group settings -> Expert Settings -> avastcfg://avast5/Common/PropertyPowerbarAntispam -> 0
(thanks Soaked for the correction)

Unless I am mistaken, there is now a slightly easier way of doing this:

[1] Edit Group Settings -> Shields -> Firewall (Uncheck)
[2] Edit Group Settings -> Status Bar -> Firewall (Uncheck)

Unchecking those TWO settings will:
[1] Disable the Firewall
[2] Prevent the Status Bar issuing a Warning. Is this a NEW option?

HTH
Stephen
Title: Re: SBC FAQ
Post by: giogio on October 24, 2011, 05:20:05 PM
@Studio_two
Just replied here
http://forum.avast.com/index.php?topic=84594.msg701269#new
Title: Re: SBC FAQ
Post by: studio_two on October 24, 2011, 05:28:07 PM
@Studio_two
Just replied here
http://forum.avast.com/index.php?topic=84594.msg701269#new

Sorry for the duplication, but I wonder if the FAQ could be corrected / updated somehow?

Regards,
Stephen
Title: Re: SBC FAQ
Post by: giogio on October 24, 2011, 05:41:12 PM
Excuse me ,you're right, I think Wpn must do it becouse he has initiated this post..
Title: Re: SBC FAQ
Post by: wpn on October 24, 2011, 07:08:47 PM
fixed :D
Title: Re: SBC FAQ
Post by: wpn on December 12, 2011, 11:50:38 PM
i edited the starting post some
Title: Re: SBC FAQ
Post by: Calvin101 on December 28, 2011, 05:28:38 PM
I have a question, can we do setting on end-point Real-Time Shields from console?
Eg. Configure Expert Setting just like what we can do on end-point especially actions setting when a virus detected.
 
I’ve been tried everything I can do but there are only setting for on-demand scanning.

Hope someone could advice me on this.
Title: Re: SBC FAQ
Post by: wpn on February 09, 2012, 10:13:57 AM
there are possibly more solutions that can be added

if you see or believe that i missed one or more then please let me know by posting the link in a message in this thread :)
Title: Re: SBC FAQ
Post by: naviathan on March 19, 2012, 06:13:28 PM
Something I didn't see listed in the FAQ.  If you have issues deploying to clients/servers that have UAC (User Account Control) turn it off.  All the workstations I was working with are XP machines, meaning no UAC, but the SBS 2011 server would constantly give me an Access Denied [5] using good credentials.  Finally figured out it was the UAC stopping the install.
Title: Re: SBC FAQ
Post by: wpn on March 20, 2012, 12:47:06 AM
thats weird that you have that problem.

i am running Win7 in my environment and have UAC turned on and can deploy the package without any problem to Win7 client
Title: Re: SBC FAQ
Post by: avast@@dvantage77.com on June 11, 2012, 05:14:34 PM
I had a Windows 7 machine that worked with SBC, but with SOA it would not communicate until I disabled Windows Defender.
Title: Re: SBC FAQ
Post by: Infratech Solutions on June 11, 2012, 05:32:52 PM
It's a problem with the Windows Defender or with the Windows firewall?
Title: Re: SBC FAQ
Post by: avast@@dvantage77.com on June 11, 2012, 06:42:19 PM
It was Windows Defender, which I remove off every system. I guess I missed this one.  I had 1 client with a Windows firewall issue.  I had 3 that had mixed versions, didn't have new client and new console, and clients that had not reebooted.  So far, all my SOA conversions went well. Though, most are waiting for my return and the "J.R." go ahead!
Title: Re: SBC FAQ
Post by: nannunannu on June 14, 2012, 04:28:22 PM
How can i get email alerts back?
http://forum.avast.com/index.php?topic=82263.0
This comes from VLK

avastcfg://avast5/Common/NetAlert            SMTP:yourname@domain.com
avastcfg://avast5/Communication/SMTPFrom     from_address@domain.com
avastcfg://avast5/Communication/SMTPPort     25
avastcfg://avast5/Communication/SMTPServer   yoursmtpserver.domain.com

Please note that this change becomes effective only after the shields are restarted (e.g. computer rebooted).

So, I don't need to get an email every time a sheild takes an action, but I would like to get the SOA to send me an email alert if one of the machines goes from "Secured" to "Attention" or "Unsecured"...  I don't need constant reminders that the shields are working as designed, but if a shield stops working on a workstation, I want to know about it - and getting notified would be better than having to constantly keep the console open.

Any way to do that with the SOA?
Title: Re: SBC FAQ
Post by: nannunannu on July 20, 2012, 07:45:30 PM
How can i get email alerts back?
http://forum.avast.com/index.php?topic=82263.0
This comes from VLK

avastcfg://avast5/Common/NetAlert            SMTP:yourname@domain.com
avastcfg://avast5/Communication/SMTPFrom     from_address@domain.com
avastcfg://avast5/Communication/SMTPPort     25
avastcfg://avast5/Communication/SMTPServer   yoursmtpserver.domain.com

Please note that this change becomes effective only after the shields are restarted (e.g. computer rebooted).

So, I don't need to get an email every time a sheild takes an action, but I would like to get the SOA to send me an email alert if one of the machines goes from "Secured" to "Attention" or "Unsecured"...  I don't need constant reminders that the shields are working as designed, but if a shield stops working on a workstation, I want to know about it - and getting notified would be better than having to constantly keep the console open.

Any way to do that with the SOA?

Bump.  ??