New Version seems to break BFE and Win Firewall, circumstances not clear

[REDACTED]

We have encountered a problem with Base Filtering Engine, which result in Windows Firewall  Servicenot starting, which results in lost Domain-Connnectivity, which brings our domain-based network to a grinding halt because no domain authentification is possible anymore.

I could verify this on at least two sites. OS is WIN7 64.

this is Bad  Details will follow.

[REDACTED]

I did try a complete reinstall. This doesn't resolve the issue but it persists.

The Base Filtering Engine-service is a dependency for the Win Firewall service. Without a properly starting BFE and Firewall the PC is not pingable and reachable as seen from the DC and this basically breaks the network.

BFE doesn't start then with "Error 6. Invalid Handle".

Patch-Level of the PCs is up to date. One thing that maybe is unusual is the subnet configuration as we don't use a 24 subnet but a 21.

Will have to do some further testing but very short on time today...

regards

[REDACTED]

I am also having numerous issues with this.  Windows 7 machines are no longer to browse the network on the domain. Printers no longer working. 

[REDACTED]

After Opening a support ticket I thougth I could repair it with Uninstall-Utility but this was not the case.
The point is: directly after installation it works fine but once the product gets activated there goes domain-connectivity. I also tried adding workstations to a different Account/Dashboard which showed a different Error-message in the services-mmc but that's it.

so....

Can I somehow do a rollback without a offline-installer from the previous version? This one really is a show-stopper.

Regards

[REDACTED]

Further investigation shows that that there are some Workstations that got the update and keep working fine until now. Can't tell what's the difference even though tried numerous things. Only thing so far seems to be uninstallation and then not activating a new version for now.

[REDACTED]

Can you turn off Automatic program updates in the cloud console, and use Windows' system restore on the affected PCs to go back to before the install rolled out? 

I really hate that there is no ability to rollback within the cloud and the automatic updates runs on all the machines instead of in a staged manner.  At least let us download an old offline installer!  I'd love a hands-off update approach, but seems every update has major flaws and breaks whole sites; I just don't trust it and have it switched off.

I have the same environment as you guys.  I have pushed out to 2 machines for testing and OK so far, but if I have the same problem I will contribute further.  I'm so glad I checked the forum and found your post before I did more.

Since the problem seems to begin after activation, does disabling any Avast features workaround the problem (eg Web Shield)?  You could create a group of affected machines temporarily and disable affected feature until such time it's sorted out. 

[REDACTED]

I have no luck with system restore as we use quite small SSDs and haven't turned it on but i will reconsider this seriuosly. Maybe i will look for some older offline-installer and will try to use them for Rollback.

As it seems not every site is affected and i spent half nigth trying to find what makes the difference with no luck yet. PCs and GPOs are identical 99%. At the affected sites it always returns, also if I try a different Dashboard.

I did try uninstaller and switching off single components, no luck.

I did turn off atomatic Updates now but i guess the update will already be in place at 70% of all PCs (even though not every updated PC is affected, as already stated).

So far 

[REDACTED]

I have no luck with system restore as we use quite small SSDs and haven't turned it on but i will reconsider this seriuosly. Maybe i will look for some older offline-installer and will try to use them for Rollback.

Your decision to use System restore depends on your other restore practices.  You might have a standard SOE image you can just redeploy, or desktop backups in place etc.  Without any of these, System restore (even set at 5% space) can save a lot of heartache sometimes.  Certainly consider it for those machines you depend on a little more than others if you have no other solutions. 

You should be able to ask Support for a previous version of the offline installer.  I've read posts where people have done this before.

As it seems not every site is affected and i spent half nigth trying to find what makes the difference with no luck yet. PCs and GPOs are identical 99%. At the affected sites it always returns, also if I try a different Dashboard.

I did try uninstaller and switching off single components, no luck.

I deployed to 90% of my site last night and couldn't replicate the problem, sorry.

I don't think it has anything to do with your Domain, dashboard, settings etc.  It sounds much more localised to the PCs themselves.  Have a look at my posting https://forum.avast.com/index.php?topic=171539.msg1228667#msg1228667.  I had very similar symptoms in the past with a version which I isolated to affecting only certain model PCs on my site.  I resolved it with an updated network driver.  Since you are having difficulty with the Firewall which is bound with the network stack this might be a good start.  Even taking one of these PCs, doing a full backup and fresh windows install to test might help you understand if its the hardware or other software conflict. 

What does bug me about your symptoms is that I thought you should still be able to access the network without a running firewall (or maybe I'm wrong).  Can you ping out from the PC instead of in, but using an IP instead of DNS name?  By default you can't ping PCs on the network, so I'm assuming you have group policies turning this off which wouldn't be working at the moment  

Feel free to PM me if you want more info or help.

[jbaldwin]

I am having this issue as well.  It is only blocking access to one of my four domain controllers.  Internet access is unaffected.  Completely reinstalling the client fixes it as far as I can tell.

[REDACTED]

I can also confirm that this is definitely an issue. Out of 25 systems at least 5 would not load the users desktop from the domain controller. Repairing does not work it needs to be fully reinstalled. I just had one system that needed a second reinstall as it was exhibiting the same symptoms.

I can ping the domain controller and access the network without problems as others have reported.

[REDACTED]

@aaronjstpierre and @jbaldwin

When you say "reinstall" are you saying wipe and reinstall Windows solves it, or just reinstall of Avast? 

If just Avast, sounds like you had different issues to @IT-House who said Avast reinstall did not resolve.

[jbaldwin]

Strangest fix I've ever encountered.

Avast crashed the Windows Firewall which (even though it is off for Domain Networks) prevented access to Domain Controllers, Policy, Network Shares, Network Printers, and the like.  Internet access was unaffected.

We did not uninstall and reinstall Windows on any computers.

Uninstalling and reinstalling Avast fixed the problem... temporarily.  After about a day the problem returned.

We updated the Intel Matrix Storage Driver and the problem is completely resolved.  Yes, the harddrive driver.  I'm not entirely sure why it works, but it works.

[REDACTED]

Great pickup!  And yes, a really weird sounding issue.  Intel RAID drivers are well-known to cause funky software problems though, so it doesn't completely surprise me.  Like I said, keeping all drivers reasonably current I think is pretty important for preventing Avast update problems.

What motherboard and version Intel Matrix driver was it, for future reference? 

You referred to it as Intel Matrix storage, but it's been replaced by Intel Rapid Storage since version 9.5, so I hope you have a newer version than this now

[Jim Potter]

Seeing the same issue on a couple of W7 PCs. A Repair of Avast! fixed the issue on one PC. On the other the fix lasts only overnight  - next day it's back again. I've done the Repair twice now. I can find no record of an intervening update. Tried updating the Intel Storage Driver - no difference.

[REDACTED]

Must confess I didn't do a checkup on this thread after my last post so thanks for your feedback. Am also in contact with support and they confirmed my issue.

We also encountered another issue with the newest version on our Exchange-Server which maybe is related but maybe not. A reinstall on the Exchange fixed the issue there so far so... back to the Workstation-AD problem.

Like already stated thanks for the Heads-Up on system restore, will definitely reconsider this, even all our workstation are quickly deployed via images if needed for whatever reason.

However I think the most interesting claim here is about the iastore and/or network drivers because yes: all of our workstation are on intel based boards including the network chipset. And yes from the past I also have seen weird things going on with Intel-Driver-Related issues. So I will give it a go and report back. Also the Support could be interested in this information if they are not ware yet.

Will report,

Matthias