avast.setup & Sygate firewall revisited

[igor]

But, on contrary, the paid version users can choose which servers and in which order they must be connected, better than avast does 

I really wouldn't say it's better. I mean - the users don't know anything about the servers; some of them may be down, unreachable, slow... so users' choice of the servers to use may be far from optimal.
On the other hand, kubec can easily see the current state of the servers and "tune" the settings as needed.

[Lisandro]

On the other hand, kubec can easily see the current state of the servers and "tune" the settings as needed.

Who's there on his vacations? 

[kubecj]

What? 

[Lisandro]

What? 

Poor Kubec, he does not have vacations  :'(
Thanks for the good hard work boys.

[davincim]

I hate to be the one to keep this thread alive, but I'm also experiencing problems with avast and spf (both free versions).

I've been browsing this forum for information and it appears to be a common issue among users with this setup. I'm not saying it's 50/50, but frequent enough to get a fix for I would think.

Anyway, I've setup an advanced rule to allow everything related to avast that I can find. I open up avast and it still shows the last update was 1/20/05. Before then it was back in December, and since then I've uninstalled, reinstalled, prayed, screamed, and managed to get it updated a little. 

When I forced an update, sygate prompted me again, which I found odd because I thought I gave everything permission. But, I gave it permission again making sure to check the "remember my answer" checkbox before doing so. I saw a brief display of avast updating itself. I get into the app again and lo and behold...still shows 1/20/05! The avast web site says 1/21 is the current version.

Does anyone have a solid solution for this? I'd really appreciate it. 

[Lisandro]

I hate to be the one to keep this thread alive, but I'm also experiencing problems with avast and spf (both free versions).
Does anyone have a solid solution for this? I'd really appreciate it. 

It's not a shame thing to keep this thread alive...
Just that I do not experience any trouble with Sygate and I'm receiving avast updates without trouble.
Rule based firewall could bring some trouble if 'anything' is wrong... For instance: other Windows applications and drivers must be correctly set: ndisuio.sys; alg.exe... etc.
A way of testing is disabling the firewall... if the avast update comes normally, so it's the firewall.
I indeed see that a lot of times Sygate does not bring the pop up message of connecting to focus, it won't be the most in top window. Other firewalls never do this (like ZA, for instance). Probably because Sygate uses a 'real window' and not a pop up message like the others.
Other times, only after boot I could 'see' the question for connection 

[davincim]

I neglected to point out that one of the things I tried was to set sygate to allow all traffic. That didn't work. I also uninstalled sygate...didn't work either. What I can't understand is why the rule I created wouldn't be the ultimate solution. 

[Lisandro]

What I can't understand is why the rule I created wouldn't be the ultimate solution. 

Can you post the rule?
Are you allowed to update? I mean, your avast registration key allows you to update?
See 'About' dialog when the update will expire...

[gbark]

I've been monitoring this thread for a while and have decided to jump in.  I've re-read the posts and didn't see this possibility noted.

IIRC Kerio has a mechanism that will detect if/when an application has been modified since the last time it's hash was calculated. I'm thinking that, perhaps Kerio is seeing each new iteration of Avast.Setup.exe as a different program (something in it's hash being different for some reason - creation time?) and therefore blocking it.

I use Outpost Pro 2.5 firewall and I've had a devil of a time getting Avast v4.5 to work smoothly. I can still check my logs and see that Avast has been blocked from an automatic update at one point in time and allowed exactly 4 hours later - without any activity on my part at all. Sometimes the rules work; sometimes they don't. 

It wasn't until I set up Outpost to ignore changes to Avast.Setup.exe's hash (Component Control, in Outpost terminology) that things started working more often than not.

Another thing not mentioned and may be a factor is if your Kerio configuration is blocking local loopback addresses. Adding loopback rules to Outpost's Avast rules was necessary for me because I block loopback as a default rule. My logs show Avast.Setup using the loopback address for something. I suspect that when setup.ovr is "mutated" into Avast.Setup.exe the loopback address is used.

At any rate, although my logs show blocked connections, they also show allowed connections, and Avast is (almost) always up-to-date whenever I check it. Perhaps these ideas will be of some help to you.

Best of luck. Avast is worth whatever effort it takes to get it to work; including manual updates (which I did for a while while I figured it out.) 

[Lisandro]

Thanks gbark... very illustrative.

It wasn't until I set up Outpost to ignore changes to Avast.Setup.exe's hash (Component Control, in Outpost terminology) that things started working more often than not.

Yes... this happened for me and I allow 'all' connections from avast.setup and had no trouble.
Unfortunatelly, I do not use Outpost anymore 

[gbark]

Technical,

I've always thought that I'd like Kerio if I ever had to drop OPP. I like KPF's more "graphical" interface, but OPP has its plug-ins and is so configurable that I doubt I'll ever switch. 

[Lisandro]

I've always thought that I'd like Kerio if I ever had to drop OPP. I like KPF's more "graphical" interface, but OPP has its plug-ins and is so configurable that I doubt I'll ever switch. 

My problem was about budget 
I'm using Sygate Personal Firewall (free) 

I feel like you... Outpost is very configurable... It's hard to left it behind  :'(

[davincim]

Can you post the rule?
Are you allowed to update? I mean, your avast registration key allows you to update?
See 'About' dialog when the update will expire...

For posting the rule, is this what you're looking for?

<begin>
Rule Summary:
This rule will allow both incoming and outgoing traffic from/to all hosts on all ports and protocols.  This rule will be applied to all network interface cards.   The following applications will be affected in this rule: avast! antivirus service,avast! e-Mail Scanner Service,avast! service GUI component.
<end>

And I checked the About screen. It shows my registration key, expiration says "never", and updates expiration says "March 1, 2006".

I appreciate everybody's input on this. I hope this information helps bring me closer to a solution. 

[kpfuser]

Oh my! Just a couple of days absence and now this flurry of posts! Well let me only say my bit on

Rule Summary:
This rule will allow both incoming and outgoing traffic from/to all hosts on all ports and protocols.  This rule will be applied to all network interface cards.   The following applications will be affected in this rule: avast! antivirus service,avast! e-Mail Scanner Service,avast! service GUI component.

Imagine something in your pc masquerading as (or hitching a ride on) avast.setup or any of the other avast executables. Why, you gave it permission to connect to (and be contacted by) any IP address on the internet! Hardly the best way to deploy a firewall. And this is  in a nutshell another aspect of my avast vs Sygate experience, i.e., in order to appease avast, one is forced to do something or another (in the above case degrade security)  that he would not do of his own accord.

Please note that the (too) wide permissions given by the above rule can be also achieved essentially by allowing manually the avast executables to connect where they want after clicking 'remember my choice and don't ask me again' before clicking 'yes.' This is so  because of an uncomfortable quirk of Sygate to act as if a given permission applies to any future request by the same executable.

It is this very quirk of Sygate  that made me operate it via advanced rules only, which had given me impressions of peace and quiet till avast put paid to them. Oh well, one can find solace in the realization that we, the non-Zone Alarm devotees, like to tinker (a.k.a. interact, configure,...) with the firewall rather than stick to a 'set and forget it' policy. So, in this respect , avast gives us all the interaction with the firewall we bargained for and then some!

[davincim]

kpfuser, I've been out all day, so just now getting back to your reply. And btw, thanks for that too! 

I see your point about the potential of something sneaking in along with avast components. I'm sure it's just as possible with a many, many other programs as well, with or without a firewall in use. The fact that this situation involves a firewall probably lends itself to a little more scrutiny, too.

I am, however, making a desperate attempt here to continue to use avast, and encouraged by reading the success of other users. When I see a product I like, I stay loyal to it until it lets me down or I find something else better to try. It seems as though this situation has come up often enough (not just in this forum, but in searching on the web) that the good folks at avast could come up with a solution.

This is why I decided to take the advice found by others here about using advanced rules.

So...Technical? Do you have any tricks in your magic bag that might make this problem go away?