selfdef.log update 1201

[ady4um]

To the Avast! Home 4.8 Support Team,

I used Avast! Home 4.8 (build 1195, I think), Vista Home Basic x86 (32) SP1.

I received a notice about an updated version of Avast! Home 4.8 program. I went to the Avast Icon (Notification Area) -> Updating -> Program Update , and installed the update. Just before the message about restarting the system (Yes/No options), I saw a message over the Avast Icon, just for a second, that something in the registry could not be accomplished. I can't remember the exact message, though. I clicked on the "Yes" option to restart anyway.

After reboot, I searched for some log or text files, so I could know what was that earlier message about the registry. I found a file which name was "selfdef.log".

The following entries were in it:


2008-05-19 08:07:43   Write access to file \Device\HarddiskVolume1\Program Files\Alwil Software\Avast4\Setup\avast.setup denied. [PID 4]

2008-05-19 08:07:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\system32\services.exe]

2008-05-19 08:07:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [PID 1308]

2008-05-19 08:07:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances denied. [PID 1308]

2008-05-19 08:07:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances\aswMonFlt Instance denied. [PID 1308]

2008-05-19 08:08:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswFsBlk denied. [PID 4]

2008-05-19 08:08:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswFsBlk\Enum denied. [PID 4]

2008-05-19 08:08:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [PID 4]

2008-05-19 08:08:58   Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Enum denied. [PID 4]



I inserted blank lines here so the log's lines could be more readable. Could anyone of the support team could take a look at this? Is there anything I should be worried about? I mean, I understand this is not a virus or malware, but if these registry entries and the first write access were denied, Is there anything of the Avast Update that did not work as it should? Is Avast going to work as it should? Do I have to perform any "repair" installation or maybe add entries to the registry manually?

If you need more info from me, don't hesitate to request it.

Thank you in advance.

[onlysomeone]

that already was discussed some times... (I'll post the link to the postings if i can find them again)

its just a message from the avast! self-defense-module...

if you don't report problems everything should be fine

yours
onlysomeone

[Lisandro]

Please update to the latest 4.8.1201 version and some of these messages will be corrected.

[Rick F]

I think he's already on 1201. 

The title of his post is 'selfdef.log update 1201'.

[Lisandro]

I think he's already on 1201. 
The title of his post is 'selfdef.log update 1201'.

I used Avast! Home 4.8 (build 1195, I think)

[ady4um]

Ok, I want to be clear. I was using the previous build of Avast Home edition 4.8, when I received a message about a new build being available. When installing the program's update (Avast Notification Area Icon -> Updating -> Program), I saw those messages just for a second. I followed all the update proccess, including the "restart -> yes" message. Then, I searched for any kind of log so I could know what was that 1-second-message I saw over the Avast Icon. After finding those messages in the selfdef.log file, I pasted them in my first post.

So, actually, updating/upgrading to the last 1201 build was what triggered those messages. I just wanted to know if this behaviour was the one I should have expected, and if there is / could be any kind of problem. It seems like the Avast Update proccess was not successful in merging those registry keys and writing / accessing that first file.

Maybe the Support Team has an idea of what is going on and what to do?

Thanks.

[Lisandro]

I just wanted to know if this behaviour was the one I should have expected, and if there is / could be any kind of problem.

It's a normal behavior and the 4.8.1201 update really corrected some messages of the old versions.

[ady4um]

Sorry, this is not so clear to me. You said build 1201 should improve this behaviour, but in my case I previously updated the program several times since I registered the first time, and I don't recall any messages like these. On the contrary, THIS build 1201 upate was the one with problems merging keys in the registry.

Anyway, if build 1201 should have avoid these problems, it was clearly not my case, updating from build 1195. So please, can anyone tell me what this "errors" are, and if I should try to correct them in any way? Is there any functionality or something else depending on these registry entries?, If not, then I can't understand why the Avast Update wanted these keys to be merged in the registry (so, they must have some kind of function or aim, don't they? ).

[alanrf]

These are informational messages only and there is no action you can take on them.  There is no "merging" involved.

These messages are recording the fact those a process attempted to open registry keys belonging to avast with permission to write to them (this generally indicates poor code writing).  The avast protection module has prevented the function from having write access to the avast registry keys.  However, these messages could provide evidence of a piece of malicious code trying to interfere with the functions of avast.     

[ady4um]

In this thread:

 http://forum.avast.com/index.php?topic=35544.15

started after mine, they are saying the same thing I am. I am using vista home sp1 x86. The thing we, the users, want the support team to understand, is that the program that is in fact generating these messages in Avast is in fact the Avast Update program! Please people, read carefully the logs we are sending or posting. While using build 1195 and updating to build 1201 these messages are shown by Avast, but the reason is not a virus or any other software, other than the Avast Update itself!!! So please stop pointing to any other software or anything else. We, the users, are pleased that Avast could catch these kind of events in case a malware, or anything without the rights (permissions), should try to right to the registry or access a file. But this is not any malware, is Avast Update itself!!!

While some posts mentioned some problems between Avast and xpSP3, and between Avast and vistaSP1, nobody is giving any concrete real answer to the users. Can anybody get in touch with The Support Team and the devs to get this right? Please note that if the Avast Update program was trying to write something to the registry and to access some file (according to my log in the first post of my thread), IT WAS NOT SUCCESSFUL. So it makes no sense that we shouldn't expect something wrong to happen. In time, somthing wrong will happen if the devs don't know about this behaviour caused by the Avast Update. According to the Avast Update program, those registry keys should be there now. Maybe the restart it requested just took care of that, but I just want the devs to look at it and the support team to come up with something like "What happened was... ", instead of "Probably it was nothing to be worried about".

Thanks in advance for Avast, the answers and the permanent improvement.