Author Topic: Disabling AvastUI on Terminal 2008R2  (Read 7023 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Disabling AvastUI on Terminal 2008R2
« on: January 25, 2016, 09:30:16 AM »
Hello there, Avast team and community!

I'd like to know if there currently is a way of disabling launch of the ...\avastui.exe /nogui in each user's terminal session. I cannot disable the autorun item due to antivirus' self protection.

I use current Avast for Business Free, and running Windows Server 2008 R2.
I can set "Disable self-protection" in antivirus options, but it won't save - options are overridden online. And there is no option to disable self-protection in online settings template form.

I'd appreciate any assistance on the topic.

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #1 on: January 25, 2016, 10:04:59 AM »
I don't have an answer at this point sorry, but I'm curious to know why you need to disable it for each user session?  Does it cause problems of some kind? 

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #2 on: January 25, 2016, 01:48:27 PM »
Well, to be honest, I like to keep it as simple as possible for my users - they do not need this application running, only the service. And if I ever need the UI, I'll run it directly from Start. It is like need-to-know basis - they do not need to know. There is some resource saving concerns, as well. Over 15 Mb extra per session is noticeable for me.

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #3 on: January 26, 2016, 02:47:42 AM »
Well I've had a poke around and maybe can give you some ideas on how to proceed.  But please note I take no responsibility for any consequences of my suggestions, use at your own risk  :) 

The startup for AvastUI.exe on my 64-bit host lives in the Registry branch HKEY_LOCAL_MACHINE, so this means the one entry runs for all users on that machine.  So I am not sure if Terminal Server would spawn a new process for every user?  My memory is a bit fuzzy on that, been a long time since I managed one ;)

By opening the GUI and disabling the Self-Defence module, it is then possible to delete the registry startup key from under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run (note this path will differ for 32-bit but if I remember Server 2008 R2 comes in 64-bit only anyway).  Naturally you will want to back up the registry first and export the branch too  8)

Problem is too, that when you update the program version, it is likely to re-write this key and you'll have to remove it again.

You can then probably kill the AvastUI.exe process, or with the GUI still open, you can then re-enable the Self-Defence but you would not be able to kill process until reboot.  It would be your choice if you kept it enabled or not, personally I'd keep it on but I can't tell you if the self-defence is affected by having no AvastUI.exe running.

I don't think Avast really had Terminal Server in mind when developing the Business Cloud app, I'd guess they have other products more suited and maybe you should discuss this with their support team.  I read somewhere you can ask support for an .msi version of the installer which I guess you could then transform for appropriate Terminal Server install.

Do the Cloud settings for "Protected areas" otherwise satisfy your needs?

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #4 on: January 26, 2016, 11:00:45 AM »
I appreciate your response, GFM.

There is one point I should stress, though - the anti-virus is not letting me to disable its self-defence mode. If it did, there wouldn't be a problem - I am quite aware of that registry entry you mentioned.

As far as i understand, this Business Antivirus relies on configuration via Cloud web interface, and I am unable to find an option to disable self-protection there.

And since self-protection is always up - I can neither kill the process nor delete the registry entry.

At the topic of being not targeted at terminal services installation - well, since the product is said to support Windows Server environment, it sort of implies any general server use, either file server or a terminal server. This is my opinion of course.

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #5 on: January 27, 2016, 04:53:42 AM »
There is one point I should stress, though - the anti-virus is not letting me to disable its self-defence mode. If it did, there wouldn't be a problem - I am quite aware of that registry entry you mentioned.

As far as i understand, this Business Antivirus relies on configuration via Cloud web interface, and I am unable to find an option to disable self-protection there.

The cloud interface just applies some settings to the clients periodically.  Meaning if a client setting is changed and that setting is managed under cloud, then every so often (I think every 10 minutes) the setting from the cloud is reapplied and always rules.  As far as I know, there is no setting for Self-Defense Module on the cloud, so the client setting always rules.  The available cloud settings grows as the client application develops over time.

The Password Protect option in the cloud would be your strongest defense against having the client have any changes allowed.

So it is therefore interesting you can't disable Self-Defense Module, as an admin should be able to if you have no cloud password settings applied.  I admit I've never tired to disable it on server.  Are you logging onto the console as administrator ? (ie mstsc /console) Maybe you can't do it as a regular user session on TS, since it attempts to display an "are you sure" timed dialog box, presumably only on the console session.

At the topic of being not targeted at terminal services installation - well, since the product is said to support Windows Server environment, it sort of implies any general server use, either file server or a terminal server. This is my opinion of course.

Absolutely, don't get me wrong I'm not saying it won't work  :)  I'm just pretty sure Terminal Server isn't specifically in mind when developing this multi-platform product as Avast might for other products designed for Server.  If they did, they'd make it easier to hide the system tray icon ;)  It's possible you found an uncommon bug that you can't disable self-defense when there are multiple AvastGUI.exe running like on a TS.  Touch base with Avast support if you can on this matter.

Anyway if I can find a moment I'll spin up a VM and see if I can replicate your experience.  I wonder if Group Policy could delete the registry key somehow...

Offline Michael P.

  • Avast team
  • Newbie
  • *
  • Posts: 17
    • Avast for Business
Re: Disabling AvastUI on Terminal 2008R2
« Reply #6 on: January 27, 2016, 08:20:28 PM »
As far as i understand, this Business Antivirus relies on configuration via Cloud web interface, and I am unable to find an option to disable self-protection there.
The cloud interface just applies some settings to the clients periodically.

If a setting can not be changed in the cloud console it will revert to it's default setting (in the case of self-defense, it will continuously turn itself back on because it can't be toggled off from the portal).  There is not a way to stop the autostart of the AvastUI on terminal servers.  We apologize for the inconvenience.

Best regards,
Michael P.
AVAST Business Support Team
https://support.business.avast.com/

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #7 on: January 28, 2016, 12:11:45 AM »
I did some testing last night.  You must be using a local administrator account to disable Self-Defense.  If you are not, the "are you sure" dialogue box does not show, effectively stopping the change.  If you are NOT a local administrator logged in via RDP, and there IS a local administrator logged on the console at the same time, the dialogue box appears there on the console and times-out after 60 seconds and disappears defaulting to "no". 

If you are not getting the dialogue anywhere ever, you need to check your security settings and figure out why you aren't getting the dialogue.  This is key to affirming you want to disable Self-Protection temporarily.  For obvious reasons you would only want a local administrator to be able to do this.

Once you have it disabled you can do what you like with the registry key, but remember you probably won't get any future Avast pop-up messages of any kind which could interfere with the operation of other applications depending on your cloud's default action settings etc.  Remove at your own risk. :)

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #8 on: January 28, 2016, 08:52:58 AM »
If a setting can not be changed in the cloud console it will revert to it's default setting (in the case of self-defense, it will continuously turn itself back on because it can't be toggled off from the portal).  There is not a way to stop the autostart of the AvastUI on terminal servers.

I appreciate you taking time to post a reply here, as well as answering my ticket. I've reached the same conclusion before posting here, but needed confirmation, since there is not much about Cloud Antivirus on the Web.

I did some testing last night.  You must be using a local administrator account to disable Self-Defense.

For some reason I lean more to what Avast support confirmed to be true. It does let me disable self-protect in the GUI, and I can see the "Self protect is disabled" immediately after hitting OK in the dialogue. But if I click anything inside the Avast window after that - "Self protect is disabled" piece disappears and I am back to square one.

And one last thing. There is never any pop-up security dialogues on any of my machines, when running Cloud Atlas Avast. All the settings are managed from Web portal.

REDACTED

  • Guest
Re: Disabling AvastUI on Terminal 2008R2
« Reply #9 on: January 29, 2016, 07:24:36 AM »
For some reason I lean more to what Avast support confirmed to be true. It does let me disable self-protect in the GUI, and I can see the "Self protect is disabled" immediately after hitting OK in the dialogue. But if I click anything inside the Avast window after that - "Self protect is disabled" piece disappears and I am back to square one.

And one last thing. There is never any pop-up security dialogues on any of my machines, when running Cloud Atlas Avast. All the settings are managed from Web portal.

This is your problem here.  There is a second dialog box that pops up after you untick the Self-Defense module and click OK.  It looks similar to the attached screenshot (sorry I couldnt find an actual screen shot).

I have tested it and get the same symptoms if you are NOT a local administrator and don't get the dialog prompting for a yes/no input.  The "Self protect is disabled" status WILL show as you say, but only momentarily, giving the appearance the defense was off and being turned back on by cloud.  It actually never got turned off, its a cosmetic bug.  Self defense is not managed by cloud, so ignore this part of the issue. 

If you arent getting the extra prompt on ANY machines you don't have the right permission in your local environment.  I'd suggest setting up a clean desktop with local admin rights, not joined to a domain, and test the Business Cloud as a fresh install on the default policy template, just so so you can see for yourself how it is meant to work.  Once you are happy it does, add to the domain etc to see what breaks it. 

If you can figure out what stops it on a desktop level, you might fix it for your terminal server too.  Otherwise it might not have been installed it correctly (ie it terminal services install mode).

Good luck :)