Author Topic: avast.setup & Sygate firewall revisited  (Read 24526 times)

0 Members and 1 Guest are viewing this topic.

kpfuser

  • Guest
avast.setup & Sygate firewall revisited
« on: January 19, 2005, 11:56:33 AM »
I need to write an advanced rule for the above firewall. For this I must locate avast.setup. A search of the entire C drive via the WinXP search utility showed that no such file exists. A search of past posts in this forum uncovered a known issue on this matter and that avast.setup is a temporary file. This brings up the following questions:

1. In which folder is avast.setup created?
2. How long does it stay there before it is deleted?

Thanks in advance.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast.setup & Sygate firewall revisited
« Reply #1 on: January 19, 2005, 03:20:52 PM »
1. In which folder is avast.setup created?

C:\Program Files\Alwil Software\Avast4\Setup\setup.ovr is 'transformed' into avast.setup

2. How long does it stay there before it is deleted?

Until the update is finished (and you can see it into Task Manager).
« Last Edit: January 19, 2005, 05:22:10 PM by Technical »
The best things in life are free.

kpfuser

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #2 on: January 19, 2005, 03:42:18 PM »
Thanks!

I will see if I am fast enough to catch it next time before it vanishes. Last time I allowed the connection first on a one-time basis, collected the info on the respective connection, and by the time I got around to writing the rule avast.setup had vanished. Next time I will put the requested connection on hold till I can put together my rule with avast.setup present in its folder.

Thanks again.

kpfuser

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #3 on: January 19, 2005, 09:01:02 PM »
Well, it worked out OK in the end but not as I mentioned earlier. If  the request of avast.setup to connect is left unanswered, an advanced rule cannot be written because no other action will be allowed by the firewall except answering (yes/no) the request. Following Technical's info, the temporary file avast.setup will remain in its folder till the update takes place. Thus saying "no" to the pending request should keep avast.setup in its folder long enough to make writing the firewall rule possible. This is indeed the case and the rule was duly written. The downside: During six consecutive reboots, avast.setup asked to go to a different IP address each time, three of which cannot be found in the respective list of 16 IP addresses given in the FAQ files. In a nutshell, in the case of avast.setup, writing advanced rules for the Sygate firewall is possible but tedious due to the multiplicity of non-contiguous IP addresses avast.setup tries to connect to.  It should be added to the wish list of this forum that Alwil should purchase a block of IP addresses for their needs rather than the crazy quilt of disjointed IP addresses it now employs.

xyzzy

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #4 on: January 19, 2005, 09:41:48 PM »
The question is when Alwil abandons idea of avast.setup as disappearing and reappearing file...
X.


kpfuser

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #5 on: January 19, 2005, 09:56:25 PM »
xyzzy,

I just posted in their wishlist thread in this forum asking for what you said and for a more manageable block of IP addresses. Maybe you could post your views there too.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast.setup & Sygate firewall revisited
« Reply #6 on: January 20, 2005, 02:41:20 AM »
I posted there too... Hope that helps...
The best things in life are free.

General Failure

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #7 on: January 20, 2005, 11:31:43 AM »
Why did you need this rule?

I'm using Sygate 5.5 and automatic updates work like a charm.

Bye

GF

kpfuser

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #8 on: January 21, 2005, 01:30:12 AM »
General Failure,

I need advanced rules because this allows for better control of SPFPro. By allowing only the connections I need and blocking all other connections I can operate without ever seeing a single intrusion attempt, let alone a major attack. Unfortunately, writing advanced rules for avast.setup has become nearly impossible. To explain, writing such rules as detailed in previous posts in this thread turned out to be useless. This is so because next time avast.setup wants to connect to one of the IP addresses included in the rules, the respective rule is not activated at all and SPFPro either asks for permission again or refuses to connect depending on whether it is put in 'ask' or 'deny unknown' mode. So I am back at the drawing board. It seems that the remaining options are to

1. run SPFPro in 'ask' mode always so that I can allow avast.setup to connect wherever it wants manually each time., or

2, write the advanced rules for avast.setup without reference to any application, which would make them applicable to any executable in my pc.

Altough both of the above options sound generally OK at this point, they lack the neatness and assurance of air-tightness that comes from the knowledge that only specific executables are allowed to connect to specific (for each executable) IP addresses and in the direction (inbound or outbound) needed only. It is rather unfortunate that my experience with avast has to begin on such a sour note.

kpfuser

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #9 on: January 21, 2005, 11:49:27 AM »
Addendum.

Option 2 of the previous post does not work either. SPFPro just keeps either asking for permission to allow avast.setup to connect, if it is in 'ask' mode, or denying permission outright, if it is in 'deny unknown' mode. It just doesn't seem possible to anticipate and preselect a reply to a request of avast.setup. It is as if the firewall sees avast.setup as a new file each time the latter is created. Oh what a mess!

kubecj

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #10 on: January 21, 2005, 12:36:52 PM »
Isn't this just a overkill? It should be enough for avast.setup to give it full control once. Don't tell me that sygate doesn't allow that. The list of the ip it may contact changes constantly without a warning, so allowing avast.setup to access only some sites will degrade it's performance (without any gain)

avast.setup is temporary because it changes on every program update. I don't think there's a serious need to change that.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast.setup & Sygate firewall revisited
« Reply #11 on: January 22, 2005, 01:50:01 AM »
kubecj, Sygate only asked me once to connect... I allowed avast.setup and no more asked... Nice for me.
The best things in life are free.

kpfuser

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #12 on: January 24, 2005, 02:11:29 AM »
Quote
Isn't this just a overkill? It should be enough for avast.setup to give it full control once. Don't tell me that sygate doesn't allow that. The list of the ip it may contact changes constantly without a warning, so allowing avast.setup to access only some sites will degrade it's performance (without any gain)

Well, I set out to do exactly this.  In fact, with the help of Technical, I did it . I am not quite sure what you mean by "full control once" above. What I did was to allow avast.setup to connect to each relevant avast server not once but each time avast.setup wished to do so.  However, when

Quote
avast.setup .... changes on every program update.

or, as it seems, before every attempt at virus or system update, how can you expect such rules to work next time avast.setup mutates?

So all I can do is operate the firewall in 'ask' mode so that each time avast.setup asks to connect I can click 'yes.' However,

Quote
Sygate only asked me once to connect... I allowed avast.setup and no more asked... Nice for me.

does not coincide with my experience. To be sure, avast.setup does request a connection (as well as receives a return visit from an avast server) early on as soon as a dialup internet connection is established. Thereafter it appears that avast.setup has subsided for good. However, common sense should indicate that it can hardly be so. Indeed 4 hrs later avast.setup will be at it again. Now if this happens that you are not at your pc (as it happened to me 2 days ago), you will be presented with so many superimposed unanswered requests to connect that it will be a major chore, let alone annoyance, to answer them one-by-one with a yes or no so that they will disappear. A terse message that an error was encountered which may cause some avast files to be corrupted will be added for good measure too.

To summarize, running avast and Sygate together means that (1) you cannot run the firewall in 'deny unknown' mode (unless you switch back and forth between this and 'ask' mode), (2) you cannot leave your pc connected to the internet over long periods of time (such as may be needed for a large download) if you are not present, and (3) avast dictates to you on such matters rather than vice versa.

All this makes the statement

Quote
I don't think there's a serious need to change that.

somewhat debatable, in my opinion at least.

kubecj

  • Guest
Re: avast.setup & Sygate firewall revisited
« Reply #13 on: January 24, 2005, 09:34:07 AM »
(3) avast dictates to you on such matters rather than vice versa.

All this makes the statement

Quote
I don't think there's a serious need to change that.

somewhat debatable, in my opinion at least.

We simply reserve the right to plan our bandwith. So we're forcing the client (avast.setup), to download from the sites we say, not from the sites you choose.

Regarding 'asking', I think Sygate should ask you only after program update, and most users don't have that set to automatic. Copying ovr->setup should be irrelevant to Sygate (and its constant problems)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast.setup & Sygate firewall revisited
« Reply #14 on: January 24, 2005, 03:29:39 PM »
(2) you cannot leave your pc connected to the internet over long periods of time (such as may be needed for a large download) if you are not present

In fact, I'm permanently connected and have no problems with Sygate (free version).
avast.setup asked me to connect in the past and never more.


(3) avast dictates to you on such matters rather than vice versa.

AVG does the same... or even worse: the free users can connect only one server.
But, on contrary, the paid version users can choose which servers and in which order they must be connected, better than avast does  :-*
The best things in life are free.