Avast Setup seems to have modified itself

[Colin]

My firewall - Zonelabs Prof has notified me that Avast setup programme is attempting to access the internet and that the programme has been modified since the last time it ran.
I am running NT4 and Avast ver 4.0-235. The notification indicated the setup to be ver 1.0.0 as I remember. I blocked access until I get response here.
Is the setup programme able to auto-modify and if so why? Should the setup programme be trying to access the internet anyway? Surely it only runs the first time when you install Avast?

[techie101]

This is a normal function for Avast.  Avast is set to update the DB by default and that is what it is trying to do.
In addition, version 4.1 was just released and AVAST is checking to see if a new program update is available.  It will not INSTALL it automatically unless you change the default, but it will always look for an update.
That is why Avast is super!  Set the defaults to download any new update to both DB and Program, and it runs itself.
You get complete protection automatically without doing any work.  No searching for updates, no manual installations, no broken downloads.

The Setup file will automatically adjust itself to work with the new update.
Without access, the automatic update will not function and Avast will not do its job.
I suggest you allow access for Avast functions only!

 

[Colin]

I am not sure that you read my mail correctly? I am well aware that Avast auto-updates the DB and the actual programme as well. I am referring specifically to the SETUP programme which has been modified since it last ran! This is usually a very dangerous sign as it usually indicates some form of corruption.
On a second point, I run NT4 and I need to know whether it is vital for Avast to access the internet through a programme called "Services and Controller App". I find if I block the automatic routing of this programme -  I feel the programme constitutes a security hazard as it allows all sorts of programmes to access the internet through it and probably also the other way -  then Avast does not appear to update itself when I log on.

[Pavel Baudis]

Avast Setup indeed modifies itself. In the previous version (4.0) it downloaded the new version of setup first. In the new version  (4.1) it uses our genius secure incremental way to update itself (in order to minimize traffic). Of course this is done during the program update only (not during the database update).

You can say to ZA that this program changes frequently and it will not check its integrity next time. If you are paranoid enough you can still let the ZA ask you if the setup is allowed to access the net so you will have the control if it does it only during real update).

Hope this helps

Pavel

[Lisandro]

Avast Setup indeed modifies itself. In the previous version (4.0) it downloaded the new version of setup first. In the new version  (4.1) it uses our genius secure incremental way to update itself (in order to minimize traffic). Of course this is done during the program update only (not during the database update).

You can say to ZA that this program changes frequently and it will not check its integrity next time. If you are paranoid enough you can still let the ZA ask you if the setup is allowed to access the net so you will have the control if it does it only during real update).

Hope this helps

Pavel

Hey Pavel...
Now we have a lot of avast! modules and parts trying to access the Internet...
The panel of ZA are "filled" with them...
Is it possible to "join" this parts (avast! antivirus service, avast! e-Mail Scanner Service, avast! Setup (two different programs, one temporary!), setup.ovr)  :'(

[Pavel Baudis]

Hi Technical,

Now we have a lot of avast! modules and parts trying to access the Internet...

Yes, and? I still can't see the problem - just say to your firewall what to do - it is set and forget task.

It's is crystal clear, isn't it? I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great  

[Lisandro]

Yes, and? I still can't see the problem - just say to your firewall what to do - it is set and forget task.
It's is crystal clear, isn't it? I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great  

Hey Pavel. Let me disagree with you. See what says Colin (I agree with him):
"I am referring specifically to the SETUP programme which has been modified since it last ran! This is usually a very dangerous sign as it usually indicates some form of corruption.
"I feel the programme constitutes a security hazard as it allows all sorts of programmes to access the internet through it and probably also the other way -  then Avast does not appear to update itself when I log on."

Btw, see what says the "negative" opinion at CNET from Don 29-Jul-2003 05:20:09 PM:
"Scans your systems and creates a database"
This application scans your system in the name of crating backups for restoring after a virus corruption....Baloney...it communicates via RPC and opens a listening service on port on 6100 see C:\programFile\Alwil\Avast\Data\avavast4.ini for information. This could be aserious trojan software from Czec republic.

Of course, I do not agree with Don (http://download.com.com/3302-2239_4-10212719.html?pn=2&fb=2) but, Pavel, felling of security is as important as security... Panic brings heartattachs...  

 

[Lisandro]

I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great  

Sorry, Pavel, but in FAQ are written:

Q: What should I know about using avast! 4 in combination with firewall?
A: You will keep warnings by your firewall once you install avast! 4, because avast! tries to connect to our servers - it looks for virus definition file updates and for program updates. You should allow avast! to connect, otherwise the update feature will not work.

The components of avast! 4 that should be allowed to connect:
avast.setup
avastXX.setup (where "XX" are some numbers)
aswUpdSv.exe

What is the "new one": setup.ovr  

[Pavel Baudis]

Hi Technical,

I still did not get the point... When you decide to update the program (by default there is only info about the new version, YOU initiate the update!), first the setup is updated in order to manage all possible new situations, then the rest of avast! program is updated. In my advice I recommend to let the firewall to ask whether setup is allowed to access the net and so to have full control over it.

Where do you see any security hazard? I can't see none. It is quite normal that any application comes with new setup, isn't it?

[Waldo]

I have a similar problem

I have 9 (yes nine) ! modules for the Avast program sitting in the "program option" in ZA Pro 4.

A normal amount (for ANY program) should only be 1 or 2 modules maximum.

With every avast program update the list in ZA seems to get longer and longer.

I have no clue, on wich modules i can delete out of ZA, as i don't want to take the risk of Avast not working properly


Waldo

[Pavel Baudis]

I have 9 (yes nine) ! modules for the Avast program sitting in the "program option" in ZA Pro 4.

Actually, you can delete ALL of them   Next time you will use any avast! module, ZA will ask if it is ok, so you can approve (and configure) them from the scratch - but just those you actually need!

Pavel

[kubecj]

The components of avast! 4 that should be allowed to connect:
avast.setup
avastXX.setup (where "XX" are some numbers)
aswUpdSv.exe

What is the "new one": setup.ovr  

Please, how could you get setup.ovr to contact to the internet? Is that repeatable?

[Lisandro]

Please, how could you get setup.ovr to contact to the internet? Is that repeatable?

The file resides on Avast\Setup folder and the name is setup.ovr (13-9-03).
It´s not repeated. It´s a new component (I think)...  
I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up). Is anything wrong?

[igor]

kubecj seems to be rather surprised that this file is trying to connect to the Internet... it's probably not supposed to.

[kubecj]

The file resides on Avast\Setup folder and the name is setup.ovr (13-9-03).

That's fine.

I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up).

I would like to know _when_ does it ask to connect to Internet. Can you perform some tests for me? (Removing from ZA and waiting for that popup and writing down when did that happen).