backup.exe

[Tomaso]

In v2016, why is this file trying to connect to the internet?:
C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
It identifies itself as "Avast Settings Backup".
What information is it trying to send, and how do I disable it?

[avaster78]

My 'Windows 10 Firewall Control' just just popped up saying this backup.exe is wanting  connect to the net. I disabled it for time being. Should it be allowed?

[REDACTED]

Same here. I've blocked it on my host based firewall. Only started this morning. I can't see an option to disable the 'backup' feature.

[petr_matrix]

Hi guys,
this file (with upgrade.exe in the same directory) is the recommended way by Microsoft how to get better user experience during upgrade to windows 10.
It does two things:
1) backup avast license and settings to the file which are transferred to the windows 10 and then automatically used during avast installation
2) send us statistics about active users and their operating system and little more info but nothing personal, see code below:

This is statistics sending code cut&paste from backup.exe sources with added explaining comments:

Code: [Select]

map_vals["guid"] = g_globals->guid();          // installation guid (old way to compute users)
map_vals["midex"] = g_globals->midex();        // new installation guid (new way how to distinguish that statistics are from different user)
map_vals["edition"] = edition;                 // edition of avast
map_vals["build"] = GetAvastBuildNo();         // version of avast
map_vals["os"] = GetOsBuildNo();               // version of windows
map_vals["statsSendTime"] = std::to_string(_time32(nullptr)); // time when statistic was generated
map_vals["statver"] = "2.30";                  // version of statistics
map_vals["backupver"] = GetBackupBuildNo();    // version of this backup.exe file
map_vals["event"] = "upgradeW10";              // type of statistic

AddWscReport(map_vals);                        // adds other antiviruses registered in windows security center

You can verify this by capturing http comunication from backup.exe.

Thanks,
pm

[REDACTED]

This thing popped up on my firewall last night.  Blocked it as it was unknown.  Don't plan to upgrade to Windows 10 anytime soon ... so , there is definitely something fishy here...

I think that this sort of data extraction from a user's PC should be fully disclosed in the license and terms of service.  This is something I would only expect from Microsoft!!!

[Eddy]

As petr explained, there is nothing fishy about it.

It is covered in the privacy statement/EULA from avast.

[Tomaso]

This is something I would only expect from Microsoft!!!

I agree.
avast! has already got the nasty telemetry/tracking module in 'AvastUI.exe', and the suspicious behaviour of 'avastemupdate.exe'.
..and now this!?
Please give us more checkboxes under 'Settings' > 'General' > 'Privacy', allowing us to opt-out, without the use of workarounds such as firewalls and the Windows Task Scheduler!

[Eddy]

When installing avast you agreed to the EULA/Terms.
If you don't like them, don't use avast but something else.

But guess what...
All other av vendors have simular things in their EULA/Terms.

[Tomaso]

All other av vendors have simular things in their EULA/Terms.

Yeah, yeah..
I've heard that silly argument before.
These kind of privacy violations can't be justified simply by pointing a finger at the misdeeds of others!

[petr_matrix]

Guys, there isn't anything private and it doesn't send files to our servers. We just need to compute our losses of users during upgrade to windows 10. How would you do it?
I am developer and I disagree with many things in avast but not with this one.

If you want more information about this just keep asking here I will try to answer everything.

Thanks,
pm

[bob3160]

Guys, there isn't anything private and it doesn't send files to our servers. We just need to compute our losses of users during upgrade to windows 10. How would you do it?
I am developer and I disagree with many things in avast but not with this one.

If you want more information about this just keep asking here I will try to answer everything.

Thanks,
pm

Is Microsoft not upgrading or are they deleting Avast during the upgrade procedure ?
I've never upgraded a system to Windows 10 that had Avast removed after the upgrade

[petr_matrix]

Yes, if Microsoft detects AV during upgrade to win10 it does one of the following:
1) [installed version compatible with win10] upgrade transfer this version to the windows 10 and it should run (sometimes we detect a troubles with these versions like firewall not running etc.)
2) [installed version isn't compatible with win10] upgrade deletes AV but transfers backup.exe and upgrade.exe and their data files (settings and licence) and start it after some time on windows 10 to offer user his original AV, but user can have another AV installed by this time or whatever else and we would like to detect if that user is lost for us or not

pm

[Eddy]

These kind of privacy violations can't be justified simply by pointing a finger at the misdeeds of others

There are no privacy violations at all. If there where avast and others would have had a conviction by one (or multiple) court(s) a long time ago already. Same goes for others. There are no misdeeds. If you don't like things it doesn't mean they are violations or misdeeds.

[bob3160]

Yes, if Microsoft detects AV during upgrade to win10 it does one of the following:
1) [installed version compatible with win10] upgrade transfer this version to the windows 10 and it should run (sometimes we detect a troubles with these versions like firewall not running etc.)
2) [installed version isn't compatible with win10] upgrade deletes AV but transfers backup.exe and upgrade.exe and their data files (settings and licence) and start it after some time on windows 10 to offer user his original AV, but user can have another AV installed by this time or whatever else and we would like to detect if that user is lost for us or not

pm

I have had problems with the firewall not starting which has always been cured by doing a repair. I've never had a problem with the free version of Avast but, they were always the latest version of Avast.

[REDACTED]

As petr explained, there is nothing fishy about it.

It is covered in the privacy statement/EULA from avast.

Well I have opted-out of everything I can regarding data collection. Reading the Avast privacy statement here, https://www.avast.com/en-us/privacy-policy I can find no reference to the backup.exe function. Also, just to be clear, I do not use the Avast Backup Service.

Firewalled it ...

I understand that some telemetry is needed, so I guess the real gripe here is that this is new application behavior which consisted of contacting a remote server. No advance notice was provided to end users. Any decent system administrator who cares about data security would naturally be concerned by a sudden change such as this.

I do not understand many developers assumptions today that it is just ok to grab anything they feel is necessary off the user's PC, that a vague blanket EULA gives carte blanche access to anything at any time. 

Hiding behind a EULA does not make it right.