OK, how dya do it? (Avast folders, files, protected even with full permissions)

[dewild1]

Hi, I was wondering how you set all the folders and files in the avast folder to be unchangeable and non deletable, etc??
Even when I set the permissions to full on the folder and replaced all the permissions on the files-folders, I killed ashdisp.exe using http://noeld.com/programs.asp?cat=misc#closeapp and I stopped all avast services, I still can not add, change or delete anything in it..
 
I make www.CPULOCK.com and this is very strange..
I even killed just about every other service-process incase you had something else..

Only way is to uninstall avast..

How did you do that? I am impressed-confused...

[dewild1]

If I share out the folder with permissions and access it via \\127.0.0.1\avast I can edit, change, delete stuff.. And I know you did this for security reasons, but how..

[dewild1]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP
"avast! Self Protection" is how, (guessing), but how do I turn it off? I need to edit avast4.ini on a bunch of clients..
Its set up as a driver, right?? So net stop will not work..

[Marc57]

To turn off self-defense, Right click on the "A" ball in the system tray, choose program settings, click troubleshooting, put a check in disable Avast self-defense module.

[Lisandro]

I suggest an installation from the scratch:

1. Uninstall avast from Control Panel first.
2. Boot.
3. Download the latest version of Avast Uninstall and use it for complete uninstallation.
4. Boot.
5. Install again the latest avast! version.
6. Boot.
7. Check and post the results.

[dewild1]

To turn off self-defense, Right click on the "A" ball in the system tray, choose program settings, click troubleshooting, put a check in disable Avast self-defense module.

thanks, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswSP]
"Type"=dword:00000003
and then reboot works too. (I have to do it via an update to my program so....  )

[igor]

To edit avast4.ini on multiple clients on network, it would be better to use managed clients and ADNM, instead of modifying each one manually...

That (allowed) access through \\127.0.0.1 seems to be an omission, it's already fixed in the internal builds and will be released soon.

[dewild1]

To edit avast4.ini on multiple clients on network, it would be better to use managed clients and ADNM, instead of modifying each one manually...

That (allowed) access through \\127.0.0.1 seems to be an omission, it's already fixed in the internal builds and will be released soon.

If you are going for total security, don't forget the registry...

So, how dya do it?

My program, (the locking portion of it), uses permissions to lock out the bad stuff...

Your driver aswSP.sys works at a level above permissions.. Does it even work on FAT?

My CPULOCK was limited by needing NTFS for the file locking portions of it so I made it check to make sure each client had NTFS and if they did not, it would convert any FAT to NTFS..
This has only affected one or two clients I know of, where they had to wait 30 or 40 min for it to convert, but when I release CPULOCK for individual sale, not just part of my package, and if it were to be a hit, this could be a major complaint.. :'(
Most have NTFS now but still, I am fascinated by this module..

Seriously, if you could do this type of voodoo with the Registry as well, you would blow my work out of the water and kill me!

[Vlk]

The avast registry keys are also protected (or are supposed to be).

It's no magic, really. Just a filter driver (in kernel mode).


Thanks
Vlk