Avast CloudCare (Formerly AVG CouldCare) Issues

[TruLife Optics Ltd]

Hi,

I'm not sure if this is the correct board for this, but I'm sure one of the mods will move it to the correct one if not.

We've been evaluating AVG CloudCare as a low footprint alternative to Kaspersky's Endpoint Security (10) "bloatware" after numerous technical issues which Kaspersky, frankly, couldn't give a stuff about fixing (WOL not working properly, updates to the far end of Watchguard BOVPNs broken etc, etc). So, when our Kaspersky licenses came up for renewal Kaspersky was thrown out - dreadful support.

Anyway, while being "basic" compared to KES, AVG CloudCare seemed to do pretty much what was required on our small (26 endpoint) estate. We're just coming up to the end of our trial period and were happy to convert to paid monthly subscriptions. Then the "rebranding" from AVG to Avast happend last week.

"OK" I thought, may as well get the upgrade to client 4.0.0 (from 3.x.x) overwith. Wish I hadn't!

First off, the new client IS NOT A BUSINESS PRODUCT!!!!! You take one look at the client and the first thing you see is this (see Pic1). Dross "PC Tune" garbage has NO PLACE in a business product. This is HOME USER feature!

Second, click on "Protection" and you get another bunch of "Home User" features that absolutely have NO PLACE in a business product! I mean "Home Network Scan"!?!?!?!?.

Third, after clearing out my browser data to get the new policy options to work in the CloudCare management portal, what do I find - NONE of these "noddy home user" features can be disabled or controlled in anyway by policies. Firewall is mentioned in the policy yet nothing to indicate if installed or not (unlike AVG which was clear), and DNS Protection? ON A BUSINESS NETWORK!!!! Password protection for "on line banking and shopping"?

We had been just about to start paying money for this, but if this is the new "CloudCare" client then not chance in hell will we take this. We'll use it for a month while finding yet another anti-virus product, and you can be 100% certain it will NOT be anything from either Kaspersky or Avast, especially if Avast can screw up an initial roll-out of the wrong client (I'm hoping it is the wrong client) so, so badly.

[Eddy]

Go talk to the admin of the company and tell him that he should have done a custom installation.

[TruLife Optics Ltd]

I am the Admin.

This was a straight upgrade from the AVG branded client I'd already rolled out, using the custom install package I'd created, to the Avast branded one via "Component Scheduled Update" in the custom master policy I'd created.

I'm not some "numpty" that hasn't managed PC estates (biggest was 10K+ endpoints). I've also managed antivirus protection ranging from Sophos Sweep under NT4, through McAfee, and Kaspersky from v6 to 10 and ESET.

UPDATE:

Ok, just to be certain I picked one endpoint, manually uninstalled Avast Business 4.0.0 client, created new custom install package in the CloudCare portal (still no options to disable ANY of the noddy "home user" features), and re-installed using that (what should be a correct Avast_CloudCare_Setup.exe).

Result - EXACTLY THE SAME! (see attached pics), apart from the stupid DNS Protection had gone (that has absolutely NO place in a business product).

The "Loading" bit in the background of pic5 is it trying (for ages) to load up the totally unwanted home user "Password Protection" password manager. Still present is the dire "PC CheckUp" (these usually do far more damage than good).

Nope this is NOT a business product.

[Pete from Avast]

Hi there -- I spoke with our business team about the issues you raised and wanted to let you know about a few things! (Of course, I also encourage you to contact business support so they can work with you directly.)

Currently, the Password Manager and Software Updater cannot be remotely configured with CloudCare policies. As a workaround for now, you can password protect the user interface so that users cannot access the UI.

Our business team is working on this right now:

- Adding those components to the "add a device" section of CloudCare, so that partners can select which components get installed
- Real Site component has been removed from the CloudCare installation file, so if you do a re-install, Real Site will not be present (I believe you discovered this already)

Again, I encourage you to contact business support directly so they can work with you, but wanted to let you know this in the meantime!

[TruLife Optics Ltd]

Hi Pete,

Many thanks for you reply.

I have already raised the issue with our reseller. However, due to other priority issues they were dealing with for us (they also provide our telecoms which have been down) they were only able to raise it with Avast directly yesterday, and received a reply today.

I really do think that version 4.0.0 should NOT have been released. There are so many things wrong with it, as a so-called "business" product, that is totally unfit for purpose. The inability to control the "add-on" features via policies is just the start. Features like "Real Site" aka DNS Protection, Password Manager, "PC Checkup" aka "SmartScan" should never have even been in. "Home Network Security", giving all users the ability to port scan everything on your business network is just bonkers!

"Software Updater" is another "feature" that should never have been in, or at the very least disabled by default. If I want a WSUS server, I'll build and configure a PROPER WSUS server. Giving users the ability to potentially break systems by installing untested/unauthorised updates (even if they are recommended by the software vendors) is just not on.

There are also numerous functionality issues such as:

- auto upgrade via "Component Scheduled Update" to v4.0.0 is totally broken. Old policy settings don't get carried across and new policy settings just plain don't work. The installer also installs components NOT in the original AVG install. The only fix is to rip it out and re-install from scratch using a NEW install package.
- you can't monitor the progress of currently in progress scans
- linked to the above, if a USB device is being scanned, because you can't monitor the progress, you have no ability to stop it (a killer if it is a 1TB external driver which has already BEEN scanned), and no policy setting to permit/prohibit users from terminating it just grant or deny access to ALL settings (far too "blunderbuss"). Even that, assigning a password, doesn't work on upgraded machines.

I will be putting these issues directly to Avast Business Support in a conference call (hopefully) later this week with our reseller.

I'm not expecting the functionality of Kaspersky Endpoint Security (bug ridden bloatware with dire support which we threw out  for AVG CouldCare), but the issues I've listed above are fundamental basics..

George

[REDACTED]

Phew Colour Holographic Ltd I thought it was just me that thought they have introduced a home product into a business environment!

It needs to change pronto.

[TruLife Optics Ltd]

Nope, you've not been seeing things! They really pushed out a noddy (botched) home product and labelled it as "business" -
 and it gets worse!

If you had been using the AVG 3.6.4 client, and upgraded to Avast 4.0.0 client (via the Scheduled Component Update policy setting) rather then install 4.0.0 from a new Avast install package, you are (to put it bluntly) buggered!

In that scenario you'll find, in addition to those I've already listed :

1. Old policy settings are NOT carried across/migrated.
2. The "new" policy settings are never applied and DO NOT WORK, leaving all your endpoint totally out of control.
3. Remote control, while functional if not great before, is knackered. Utterly unusable. "Premium Remote Control"? What a joke.

For me the best, the ONLY option, was to rip out Avast 4.0.0 and re-install AVG 3.6.4. That is when it really hit the fan!

First before doing anything, assuming you have created a custom policy (you can't modify the Master), go into your policy and DISABLE Scheduled Component Update. If you do not, as soon as you've finished rolling back to 3.6.4 (which you have to do largely manually) it will upgrade it straight back to 4.0.0.

Also, PREY that you still have an install package for AVG 3.6.4. If you DO NOT you are really stuffed - you can't create it. You only have the option of creating the garbage Avast 4.0.0.

If you DO still have your AVG 3.6.4 install package, PREY that when you created it you selected your custom policy as the the default for it. If not, yet more pain because you can't disable Scheduled Component Updates in the default master policy, and that will be the one applied!

Now comes the real pain in the backside.

In the portal you can look at the status and properties of each "device" (endpoint) and click on "Uninstall". This is utter crap.

Yes it will uninstall it from the selected endpoint BUT, 15 mins after you've finished re-installing AVG 3.6.4 it UNINSTALLS IT again!!!

I'd used the "uninstall" button in the portal on the first 5 endpoints then wondered why, after re-installing, they suddenly disappeared from the portal device list. That's when I found they had all uninstalled again. For some reason, and I don't know why, doing it from the portal seem to work fine (at first) but doesn't clear the Uninstall Request. So as soon as you've re-installed it and it completes any database updates, it sees the uninstalled request and euthanizes itself!

Very helpful NOT.

The main thing I've noticed is that no restart is done at the end of the uninstall, if done via the portal. However, even doing a manual restart afterwards doesn't clear the Uninstall Request. It still waits patiently until you've re-installed it, then rips it back out.

So you have to go round and uninstall Avast 4.0.0 from every single endpoint manually, one by one.

Here's the final, real pain in the backside.

If you have an AVG 3.6.4 install package to re-install, but it doesn't apply your custom policy by default (as mine didn't as I hadn't yet played around with policies when I created it), you have to do the following:

This has to be done on each and every machine, one by one! (I at least could do it via Microsoft's own Remote Desktop client MSTSC.EXE rather than physically have to go each one)

1. Manually uninstall Avast 4.0.0 and restart the machine.
2. When restarted, manually start the install of AVG 3.6.4.
3. As soon as you've started it, keep refreshing the Device List in the portal until it appears, usually quite quickly
4. As soon it appears click on it to view it's status and properties. Note: It will still be greyed at this point and say "Installing"
5. In the properties change the policy from the default master policy to your custom policy which has Scheduled Component Update disabled. Even though it says it has been applied, I click on Save anyway. If you don't do this BEFORE restarting the machine it will almost certainly upgrade itself back to Avast 4.0.0. I know 3 of mine did!!!
6. Once the install has completed on the machine, restart it

Now continue on to the next machine, and the next, and the next, and the next.......

George

To think, we switched to this because I was utterly fed up to the back teeth with the sheer amount being taken up keeping damned Kaspersky Endpoint Protection 10 working because of all the bugs in it (and it has become bloatware). The AVG version was lightweight but ok. Compared to Avast 4.0.0 and the trashed portal, Kaspersky was a dream!!!!

[TruLife Optics Ltd]

I've noticed one other thing with Avast 4.0.0 compared to AVG 3.6.4.

I'd configured the alerts so that I would get email notifications for a whole raft of events. One of them being if protection was disabled. If a user decided to disable it I wanted to know. Yes I know you can prevent them, but it is a requirement to have the option with our very particular user base.

AVG 3.6.4 was fine. Avast, however, seems utterly incapable of differentiating between it being disabled/turned off and a normal PC shutdown/restart. Consequently when everyone goes home you get a deluge of stupid  "Protection Disabled" event notifications, and every damned time someone restarts their PC!!!

[TruLife Optics Ltd]

In rolling back a number of endpoints to AVG 3.6.4 from the apalling Avast 4.0.0, I've found that the AVG client is also utterly unmanageable from the portal.

Virus scans are not reported or logged (one is still showing the last as 8th September when it did yesterday), alerts are not notified or logged several false positived from Dell Support Assistant than no alerts were generated for).

So it's a choice of the dire, botched 4.0.0 or the workable, but totally unmanageable 3.6.4....

Well done Avast you've taken a working product and utterly and totally broken it....