Author Topic: Uninstall avast  (Read 11662 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Uninstall avast
« Reply #15 on: August 20, 2005, 01:42:04 PM »
Google Alerts are email updates of the latest relevant Google results (web, news, etc.) This notification is sent to you via your email account and it has a subject introduction header page which must be opened to read the complete story. The message does not include attachments. http://www.googlealert.com/features.php
So, it seems that you changed (or have to change) the Heuristic email settings of avast! addind this URL address to the permited ones.
Does an avast! pop-up message appear when you receive that email or not?
How can you be sure it's avast! who is blocking the normal behavior? If you disable avast, can you receive that email?
The best things in life are free.

Iso-G

  • Guest
Re: Uninstall avast
« Reply #16 on: August 20, 2005, 03:47:54 PM »
Hello CTE,
Welcome to avast! forum
I think you joined the BEST forum of avast!

By the way, could you do me a favor ?
I think you may have better advices if you would write your software list using with avast like as me on your signature.  ;)

Thank you for your kindness
Iso-G
« Last Edit: August 20, 2005, 03:49:35 PM by Iso-G »

CTE

  • Guest
Re: Uninstall avast
« Reply #17 on: August 21, 2005, 04:21:45 AM »
No Avast pop ups show. I did this "Right-click on "a" ball next to the clock,move mouse to Pause Providers and then select Standard Shield. Also don't forget to resume it when you finish you task." This should have temporary disable avast I think. Google alerts still remain incomplete opening.

Keith B

  • Guest
Re: Uninstall avast
« Reply #18 on: August 21, 2005, 10:36:31 PM »
I also need to uninstall Avast4 for similar reasons, so I hope a post here is close enough to the topic that it's not a breach of etiquette. 

Re. earlier posts, is aswClear.exe the current uninstaller, i.e. the successor to AvClear4.exe?  Also, the advice to shut down the mail provider did not restore my email.

I'm running Win 2000 Pro, Outpost firewall, Firefox browser and Thunderbird mail program with 2 accounts on the same server via SMTP and POP3S.   Finding that email was gone (mailer attempts to reach the server timed out), I switched off the Avast4 mail provider - no effect.  I then looked at traffic logs on the firewall and my router.  The firewall had switched to learning mode and was blocking Thunderbird, and ASHWEBSV.EXE, running in the Avast folder, seemed to be merrily chatting with numerous advertisers and data miners - without objection from the firewall which should have blocked those addresses.  Accordingly, I used the Program Manager to shut down Avast4 as an application.  Interestingly, not only did I not get email back. but ASHWEBSV.EXE continued to run...  Further check of the firewall showed that both ASHWEBSV and AVAST.setup had become registered as partially allowed applications, which I don't remember doing.

I'd like to persist with Avast4, but a complete uninstall seems the best move, pending advice as to what's happening and what might be done about it.  Or, prompt advice that Avast4 and my system are incompatible would save me wasting time and effort...

kb

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Uninstall avast
« Reply #19 on: August 22, 2005, 01:33:00 AM »
Re. earlier posts, is aswClear.exe the current uninstaller, i.e. the successor to AvClear4.exe?
aswClear.exe is the uninstaller.

Also, the advice to shut down the mail provider did not restore my email.
Do you mean the email account? It should not be deleted...
If you mean your inbox or infected messages, oh, that is an antivirus work: getting rid of them...

I'm running Win 2000 Pro, Outpost firewall, Firefox browser and Thunderbird mail program with 2 accounts on the same server via SMTP and POP3S.   Finding that email was gone (mailer attempts to reach the server timed out), I switched off the Avast4 mail provider - no effect.  I then looked at traffic logs on the firewall and my router.  The firewall had switched to learning mode and was blocking Thunderbird, and ASHWEBSV.EXE, running in the Avast folder, seemed to be merrily chatting with numerous advertisers and data miners - without objection from the firewall which should have blocked those addresses.  Accordingly, I used the Program Manager to shut down Avast4 as an application.  Interestingly, not only did I not get email back. but ASHWEBSV.EXE continued to run...  Further check of the firewall showed that both ASHWEBSV and AVAST.setup had become registered as partially allowed applications, which I don't remember doing.
Did you uninstall through Control Panel > Add/Remove programs BEFORE using the uninstall tool as it's posted in the site and in the forums?

I'd like to persist with Avast4, but a complete uninstall seems the best move, pending advice as to what's happening and what might be done about it.  Or, prompt advice that Avast4 and my system are incompatible would save me wasting time and effort...
Your system should not be incompatible with avast!, unless you have another antivirus installed in your sytem at the same time...
The best things in life are free.

Keith B

  • Guest
Re: Uninstall avast
« Reply #20 on: August 22, 2005, 04:09:30 AM »
Thanks for the input on uninstall procedure - when one searches on Google, it's hard to know what pages or links are stale, and I don't remember any explicit instruction on the website to only use the uninstaller in tandem behind the Program Add/Remove...

My immediate problem was access to mail, so I continued to work that while waiting for advice.  From posts in the beta Forum and 30 or so pages back in this one, the problem seemed to be my SSL (POP3S/Port 995) mail setup.  That left the failure to cleanly cancel when I turned off the Avast mail provider.  That problem responded to rebooting and turning it off before Thunderbird was invoked, but it took more than one cold reboot and repeat before it would stay off.

My other concern was ASHWEBSV and AVAST.SETUP opening access into my machine, the former notably by observed responses to websites I would be safer being invisible to.  Shifting both into "Blocked Application" status in my Outpost firewall caused Avast to panic on reboot and disabled Firefox, but do you see any downside to my setting them to "Partially Allowed" status with AVAST.SETUP limited to the Alwil domain and ASHWEBSV to the same limitations I have set for Firefox?  I guess that ASHWEBSV shouldn't panic or get frustrated, because it would never see what is blocked incoming, and I don't care if it does so on blocked outgoing traffic, because if there is anything in my machine originating traffic to the sites I block, I want to know about it.

Thanks again for earlier input, and have you any comment on the above?

kb

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Uninstall avast
« Reply #21 on: August 22, 2005, 04:27:51 AM »
My immediate problem was access to mail, so I continued to work that while waiting for advice.  From posts in the beta Forum and 30 or so pages back in this one, the problem seemed to be my SSL (POP3S/Port 995) mail setup.  That left the failure to cleanly cancel when I turned off the Avast mail provider.  That problem responded to rebooting and turning it off before Thunderbird was invoked, but it took more than one cold reboot and repeat before it would stay off.
Avast mail scanner doesn't support SSL (Secure Socket Layer) connections. But take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.

Since SSL/TLS e-mail is encrypted and decrypted in the client, external virus scanners (including avast!) can't read or scan it.
The solution is to pass e-mail in and out un-encrypted from your client (Outlook Express, Thunderbird, ...) to a proxy program (Stunnel) that does the actual ssl or tls encryption/decryption of the pop3/smtp e-mail and communicates directly with the ISP server on the appropriate ports. Another drivers (OpenSSL) are need as a library of encryption/decryption routines.

My other concern was ASHWEBSV and AVAST.SETUP opening access into my machine, the former notably by observed responses to websites I would be safer being invisible to.  Shifting both into "Blocked Application" status in my Outpost firewall caused Avast to panic on reboot and disabled Firefox, but do you see any downside to my setting them to "Partially Allowed" status with AVAST.SETUP limited to the Alwil domain and ASHWEBSV to the same limitations I have set for Firefox?  I guess that ASHWEBSV shouldn't panic or get frustrated, because it would never see what is blocked incoming, and I don't care if it does so on blocked outgoing traffic, because if there is anything in my machine originating traffic to the sites I block, I want to know about it.
Do I understand you correctly? avast.setup needs access to update avast. ashwebsv.exe is the WebShield provider. It scans the outbound traffic... why do you concern with opening access into your machine? Of course, if you mess the firewall settings, avast! will panic  :o
You should disable the provider if you don't want it, not blocking it  ::)
The best things in life are free.

Keith B

  • Guest
Re: Uninstall avast
« Reply #22 on: August 22, 2005, 08:26:58 PM »
Re. SSL: Thanks for the clear explanation and the link - that looks like a complete blueprint for what I need to do.   ;D

Re. machine access and "Do I understand you correctly?":  Any process permitted access to ports is a hole through the firewall, the seriousness then depending on whatever discipline the firewall imposes.  AVAST.SETUP and ASHWEBSV.EXE are two holes I didn't have before, both possible weaknesses to masquerade or cooption attacks.  Tandem use of the firewall adds a second layer of protection to that given by Avast!, greatly increasing security, and it's still there if Avast! is brought down...

AVAST.SETUP seems little problem; limiting ports, protocol(s) and scope to the Alwil domain should give good security without blocking intended function.  ASHWEBSV.EXE is another matter and set of issues.  It is subject to incoming traffic from both hostile and undesired sources, possible outgoing from virus, trojan or spyware, and also outgoing of all kinds from websites visited by the browser.  There's no kind way to put this.  Security may be acceptable, but from the privacy perspective, what little I saw of unrestricted outgoing traffic looked like a disaster and Avast! close to malware.  That's harsh and grossly unfair if taken out of context.  In my case, the context is a firewall configurable to block traffic to specific domains and addresses, limit available protocols, and block traffic to and from particular ports.  Further, an available module can reference a large database of blacklisted sites.  Using that allows me to (mostly) prevent response to traffic where the existence of a response is significant, and exclude traffic, mostly web page generated, to advertisers, hit counters and other data miners.  Using Avast!, as is, opens me up to all that, somewhat reducing security and greatly reducing privacy.

I don't lose anything if I can interpose my firewall to sieve outgoing traffic from ASHWEBSV.EXE, which gets me back to my original question.  Will ASHWEBSV.EXE gracefully accept blocking, and if not, is there a known workaround for this situation?

Thanks

kb


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Uninstall avast
« Reply #23 on: August 23, 2005, 01:02:40 AM »
Re. SSL: Thanks for the clear explanation and the link - that looks like a complete blueprint for what I need to do.   ;D
My pleasure to be helpful  8)

Any process permitted access to ports is a hole through the firewall, the seriousness then depending on whatever discipline the firewall imposes.
No, don't be paranoid. If you don't want to communicate, open ports, just do not connect the Internet.
Close all your home doors and windows, stay there without talking to anybody  ;D
Now, seriously, there are only holes where you cannot trust the traffic through it.
AVAST.SETUP is the update process.
ASHWEBSV.EXE is the scanner of HTTP traffic.
If you don't believe in your security company, there is no reason to use an antivirus, or even the firewall.
You'll become paranoid  ;)

Both possible weaknesses to masquerade or cooption attacks.
No, they're not. Things does not work this way... A lot of process (more than the bad ones) are good, legit, perfect, do what they have to do.

Tandem use of the firewall adds a second layer of protection to that given by Avast!, greatly increasing security, and it's still there if Avast! is brought down...
Ok, we agree... but how is this related to two legit processes?

ASHWEBSV.EXE is another matter and set of issues.  It is subject to incoming traffic from both hostile and undesired sources, possible outgoing from virus, trojan or spyware, and also outgoing of all kinds from websites visited by the browser.
Outgoing? No, ashwebsv.exe does not 'send' traffic and cannot be abused this way.
It just scan the incoming traffic. You should read about it in forum and help files.
The communication is: Internet > WebShield > Browser. It should generated LOCAL COMMUNICATION outbound to the browser, not for the Internet.

There's no kind way to put this.  Security may be acceptable, but from the privacy perspective, what little I saw of unrestricted outgoing traffic looked like a disaster and Avast! close to malware.
Just not truth.

In my case, the context is a firewall configurable to block traffic to specific domains and addresses, limit available protocols, and block traffic to and from particular ports.  Further, an available module can reference a large database of blacklisted sites.  Using that allows me to (mostly) prevent response to traffic where the existence of a response is significant, and exclude traffic, mostly web page generated, to advertisers, hit counters and other data miners.  Using Avast!, as is, opens me up to all that, somewhat reducing security and greatly reducing privacy.
You can do this... this iis not related to WebShield behavior... just do it. The 'outbound traffic' (server rights) could be blocked. You should allow it to pass (transmit) the traffic FROM the Internet TO your browser. This is a local proxy...  :)

I don't lose anything if I can interpose my firewall to sieve outgoing traffic from ASHWEBSV.EXE, which gets me back to my original question.  Will ASHWEBSV.EXE gracefully accept blocking, and if not, is there a known workaround for this situation?
Local communication should be allowed.
The best things in life are free.

Keith B

  • Guest
Re: Uninstall avast
« Reply #24 on: August 23, 2005, 09:04:27 PM »
OK - I think I understand this now.  If we are both right, you in what you understand of the way Avast! works, and myself in the effect on observed traffic when Avast! was installed, then the problem lies in the firewall or is intrinsic to necessary internal communications.  If the latter, it's a significant security/privacy problem with a simple solution that could be addressed with a FAQ pointed at all Avast! users who install behind firewalls with configurable blocking capability.

Your words:  "The communication is: Internet > WebShield > Browser. It should generated LOCAL COMMUNICATION outbound to the browser, not for the Internet."  I hope this is inaccurate, because it lacks the firewall, implying that Webshield connects directly to Internet, i.e. bypassing the firewall.  Please confirm that your schematic should look:  Internet > Firewall > WebShield > Browser.

That's just for incoming traffic though, and one must consider both directions (bidirectional = A <> B or A > B >A) and multiple logical paths embedded in single logical channels, e.g. A > B >> A or A <<> B (where A and B are connected with a single channel but B makes multiple logical paths in the direction towards A).

In terms of channels, we presumably have one of two cases:  Internet > Firewall > WebShield > Browser > Firewall > Internet if WebShield only touches inbound traffic, or Internet > Firewall > WebShield > Browser > WebShield > Firewall > Internet if WebShield acts as a bidirectional pipe though it samples/monitors only in the inbound direction. If the latter, then the firewall sees only WebShield (as ashwebsv.exe), will not apply security configured for Browser, and ashwebsv.exe may panic if its traffic is blocked outbound (but generally should not if the Firewall blocks by shipping to NIL, probably the case).  If the former, nothing operating on the outbound path will affect ashwebsv.exe, but why, as in my case, is ashwebsv.exe registered in the firewall as the outbound sending application?  Presumably the answer is either that the firewall is improperly set, or it cannot distinguish the source of traffic to a port (nasty thought that), or that a channel is bound to the opener's name by the operating system and remains that way regardless of the user(s).

The ideal operation would be:  Internet >>> Firewall >> WebShield > Browser >> Firewall > Internet, where the Firewall blocks some incoming hostile traffic and Webshield strips more, passing clean(er) traffic to the Browser, which inevitably generates some undesirable traffic (as a consequence of web page input) which is removed by the Firewall, clean(er) traffic then being returned to the Internet. 

I'll try to set up for that later this week.  If it works, a FAQ might usefully warn firewall users that ashwebsv.exe will show up as a proxy for browsers and to tell the firewall to treat it as a browser.   That might be followed by a caution to those who custom configure their browser/firewalls that they must similarly configure for ashwebsv.exe to continue the same level of protection.  A similar note might be given regarding avast.setup, with the addition for custom configurers that limiting to <addresslist> would give maximum security, where <addresslist> is the sites tried for updates.

Thanks again for your time,

kb

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Uninstall avast
« Reply #25 on: August 23, 2005, 10:40:00 PM »
Please confirm that your schematic should look:  Internet > Firewall > WebShield > Browser
You're right, I just forget the firewall.

a FAQ might usefully warn firewall users that ashwebsv.exe will show up as a proxy for browsers and to tell the firewall to treat it as a browser.
Well, it's on the help files, it was discussed a lot in the forums... Advanced information could 'mess' the FAQs as normal users won't understand them.

A similar note might be given regarding avast.setup, with the addition for custom configurers that limiting to <addresslist> would give maximum security, where <addresslist> is the sites tried for updates.
I think this is realy not necessary. avast.setup won't connect any other addresses and can't be used by another program to bypass the firewall settings and allow reaching other addresses.

Keith, I think the Alwil programmers should give you the answers about bidirectional comunication.
I'm a single user like the others, not a programmer like you  8)
The best things in life are free.

fififi

  • Guest
Re: outgoing emails with attachments blocked
« Reply #26 on: April 13, 2006, 03:49:34 AM »
All of a sudden, any email I try to send with an attachment (at this stage, a jpg or 2, around 500KB-1 GB) is being stopped. My server says it's an Avast anti-virus scanning issue. I use Windows XP Professional (2001?) and Outlook Express 6. I want to know what to do. Server says "turn off the scanner while I send the email...(dangerous)". What do I do to make Avast and emails with attachments compatible again?
Please use person-on-the-street language in reply as I have no computer expertise.
Thanx.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: outgoing emails with attachments blocked
« Reply #27 on: April 13, 2006, 04:07:33 AM »
Server says "turn off the scanner while I send the email...(dangerous)".
avast has a possibility to do it safe.
Go to the smtp tab of settings (Internet Mail provider settings) and disable only it. You won't scan the outbound email.
But you'll be safe if into the pop3 tab of settings you configure avast to scan your email.

Which email program do you use?
The best things in life are free.

fififi

  • Guest
Re: Uninstall avast
« Reply #28 on: April 13, 2006, 04:36:40 AM »
Sorry, I don't know where to locate "Internet Mail Provider" in order to change the settings you suggested. Do I look in controlpanel or what? (It has just taken me 20 mins of trying to reply, to work that I need to log in each time I reply to you! Not savvy...)

PS Outlook Express 6 is my email, if that is what you were asking
« Last Edit: April 13, 2006, 04:41:43 AM by fififi »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Uninstall avast
« Reply #29 on: April 13, 2006, 04:39:40 AM »
Sorry, I don't know where to locate "Internet Mail Provider" in order to change the settings you suggested. Do I look in controlpanel or what? (It has just taken me 20 mins of trying to reply, to work that I need to log in each time I reply to you! Not savvy...)
Left click the 'a' blue icon.
Click on buttom 'Details' to expand the configuration.
On left column, choose Internet Mail provider icon.
Click on Customize (at right).
Go to the tabs I've posted before and uncheck the smtp scanning.
The best things in life are free.