Author Topic: Emergency Update Annoyance  (Read 9638 times)

0 Members and 1 Guest are viewing this topic.

cooby

  • Guest
Re: Emergency Update Annoyance
« Reply #15 on: January 29, 2014, 06:11:40 PM »
@cooby ... So I can expect more of this nonsense on the next update unless they issue a fix.
No, you can't get a fix neither here nor in the firewalls as I mentioned earlier when I took a bag off my head.
As for the random file name change, I would think that most firewalls would alert users of this?
Firewalls with HIPS or behavior will alert so long as they're setup to alert on new executables, new components etc. So the settings do play a role. For instance in Kerio if you didn't want any behavior alerts, you'd need to turn off MD5 monitoring. Bad idea, unsafe, but you can do that. Likewise in Outpost's antileak settings.

Yeah, I got a emergency update yesterday as well.
I feel those things are cleverly written when they can make a change without the need for reinstallation of Avast.

hake

  • Guest
Re: Emergency Update Annoyance
« Reply #16 on: January 29, 2014, 10:08:35 PM »
Are 'emergency updates' dependent on streaming updates being enabled?  If so, I'll disable the thing.

This is a flippin' nuisance.  An occasional emergency update is one thing but it's routine.  I put up with it because Avast is such good protection but it's a bad do really.

How about an option to be able to set Avast to request randomly or fixed name emergency update executables?  Obviously random naming should be default but the user ought to have the option of electing to download fixed named executables.  These things are digitally signed after all.  I would like the choice.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Emergency Update Annoyance
« Reply #17 on: January 29, 2014, 10:29:48 PM »
Are 'emergency updates' dependent on streaming updates being enabled?  If so, I'll disable the thing.

This is a flippin' nuisance.  An occasional emergency update is one thing but it's routine.  I put up with it because Avast is such good protection but it's a bad do really.

How about an option to be able to set Avast to request randomly or fixed name emergency update executables?  Obviously random naming should be default but the user ought to have the option of electing to download fixed named executables.  These things are digitally signed after all.  I would like the choice.
I don't understand why you aren't simply allowing avast! access through your firewall ???
You either trust your AV or, find a different one IMHO.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline MrMaxaMan

  • Full Member
  • ***
  • Posts: 195
Re: Emergency Update Annoyance
« Reply #18 on: January 30, 2014, 12:38:04 AM »

I don't understand why you aren't simply allowing avast! access through your firewall ???
You either trust your AV or, find a different one IMHO.

I allow Avast through my firewall but the emergency updates are separate alerts.
Avast Free 20.3.2405 - Comodo 12.2.2.7036 Firewall with D+ - Winpatrol Free.
On demand - MBAM - Super Antispyware.
Windows 10 64bit - 16GB Ram.

cooby

  • Guest
Re: Emergency Update Annoyance
« Reply #19 on: January 30, 2014, 02:17:01 AM »
@hake, we have to live with it. I finally came to the conclusion that's how it has to be, unless you want a convenient, but much weaker, protection. Emergency update is not routine. Yes, it runs often checking. Just connects out to check and stops when there's nothing to do. But the download and a new .exe file is infrequent and a pest of sorts.

@bob3160, The issue is not "access through the firewall".
Avast setup and emergency update need outbound connection to avast servers and get it.
The random named executables never want any outbound.

The debate is about what avast emergency runs. It loads and runs a child process of a random named .exe file.
Just like a trojan would from an infected website or an obfuscated link in email.

A good firewall watches that sort of thing. It sees it as a new executable file and alerts. Even if the filename were the same, it will be seen as a change. See the Outpost discussion in a link I showed in post#4 as well as more of my ramblings in post#12 in this thread.

Edit:
In post#14 ,  dolphins shows the behavior logged new executables, and here's mine from yesterday - see pic.
Not a TCP to http port connection at all, just a new .exe file to deal with when emergency launches the new file just loaded into \setup.
« Last Edit: January 30, 2014, 02:32:48 AM by cooby »

hake

  • Guest
Re: Emergency Update Annoyance
« Reply #20 on: January 30, 2014, 03:43:35 AM »
These random named executables run in a folder which is self-defence protected by Avast.  It doesn't suggest confidence in that self-defence if digitally signed executables from a known location initiated by Avast cannot be given fixed names.

Isn't it a sign of something wrong if you are always running emergency updates?  They were mercifully rare with Avast 8 but have turned into an absolute flood with Avast 9.  This is presumably why so many now feel compelled to protest.

hake

  • Guest
Re: Emergency Update Annoyance
« Reply #21 on: January 30, 2014, 12:48:03 PM »
If Avast downloaded its emergency update files from sources using actual IP addresses and secure connections, used digitally signed files and took advantage of its own self-defence protection, why are randomly named files necessary?

guestja

  • Guest
Re: Emergency Update Annoyance
« Reply #22 on: January 30, 2014, 03:04:28 PM »
Winpatrol Plus is holding these emergency  updates pending permission to to allow also.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Emergency Update Annoyance
« Reply #23 on: January 30, 2014, 03:22:10 PM »
Winpatrol Plus is holding these emergency  updates pending permission to to allow also.
+1
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

GreggH

  • Guest
Re: Emergency Update Annoyance
« Reply #24 on: January 30, 2014, 08:27:31 PM »
I have 4 of these files in the emupdate folder. I have no idea which if any have been run, except for the last one, dated today. And the only reason it was run? I saw it, and the RunOnce entry in Autoruns, and restarted my machine. The reason I don't know about the others... I do not restart my box unless it is required by something, like Microsoft updates. It is not unusual for my desktop "uptime" to be 14 days, 21 days, or longer. It runs 24/7. What good is an "emergency update" to Avast, if it is required to restart the machine to install it, but I am not told that.

Am I the only person who leaves their machine on 24/7? And how is someone who does, supposed to get these so-called "emergency update" files?

Gregg

Offline chris..

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2918
Re: Emergency Update Annoyance
« Reply #25 on: February 01, 2014, 12:12:48 PM »
hello,

what curious it is there were (for me):
- 2 Em.Up in december - 1 at the beginning and 1 at the end of the christmas offer on the avast UI
- 2 Em.Up in january - 1 at the beginning and 1 at the end of the "more secure Avast program" offer on the avast UI

probably just a coincidence  ::)

GreggH

  • Guest
Re: Emergency Update Annoyance
« Reply #26 on: February 01, 2014, 01:26:24 PM »
My 4 files are the 28th and 30th of December, and 29th and 30th of January. They all read exactly the same version (8.0.0.0) and exactly the same size (181,136 bytes). There are no Run or RunOnce entries in my registry, so I would ask 1) what is the purpose of keeping these files hanging around if they are not in use for anything, and 2) is it safe to delete them?

Gregg

guestja

  • Guest
Re: Emergency Update Annoyance
« Reply #27 on: February 01, 2014, 02:21:00 PM »
I contacted Bill at Winpatrol about emergency updates. He is looking into it . If necessary he will change code . Meanwhile if you have the Plus edition there is a workaround:

"if you are a PLUS member, there is a workaround on our options page. Click the button that says "Hide Alert Messages" and you'll see we have a checkbox allowing users to ignore any RunOnce entries since their typically used for updates. Any malware attacks will show up in more than that one location".