Author Topic: avast 4.8 trying to access a printer?  (Read 7939 times)

0 Members and 1 Guest are viewing this topic.

Offline numskully

  • Newbie
  • *
  • Posts: 10
avast 4.8 trying to access a printer?
« on: January 14, 2009, 08:07:29 AM »
Why would avast try to send info to my printer? I wasn't trying to print at the time my firewall stopped it.



Anyone have any ideas?

Offline lukor

  • Avast team
  • Super Poster
  • *
  • Posts: 1879
    • AVAST Software
Re: avast 4.8 trying to access a printer?
« Reply #1 on: January 14, 2009, 12:48:43 PM »
Hi,

All I can see here is that Sygate thinks that aswserv.exe ("Avast! Antivirus" service) was started by Spooler (which is probably a mistake from the firewall). Since it does not say where the packet is going to we can hardly guess if it is sending something to the printer ( i doubt that ) or just downloading new virus definition file.

Lukas.

Offline Avaster

  • Jr. Member
  • **
  • Posts: 81
Re: avast 4.8 trying to access a printer?
« Reply #2 on: January 14, 2009, 01:05:57 PM »
I have Sygate too, and it does do these "mistakes" every now and then. It's just better to click "no".

Offline numskully

  • Newbie
  • *
  • Posts: 10
Re: avast 4.8 trying to access a printer?
« Reply #3 on: January 14, 2009, 09:20:35 PM »
Ah, thanks for the info all. If I get more info I'll post it.

Offline numskully

  • Newbie
  • *
  • Posts: 10
Re: avast 4.8 trying to access a printer?
« Reply #4 on: January 25, 2009, 09:29:30 PM »
It happened again so I clicked on the details and took a screen shot. The picture looks a little odd since I had to copy/paste a few screen shots together.

Anyone know why Avast is doing this?


Offline AlexFeren

  • Newbie
  • *
  • Posts: 12
Re: avast 4.8 trying to access a printer?
« Reply #5 on: January 25, 2009, 10:05:30 PM »
Before the experts jump in...
This is a broadcast ARP packet (sent to every node in your LAN) - requesting the owner of IP=192.168.100.1 to respond with its own MAC address so that the more datagrams can be sent to it.
Normally, neighbouring router is configured as 192.168.100.254 not 192.168.100.1, so, perhaps the latter really is a printer or a machine hosting a printer?  Any chance you accidentally set up Avast!Settings->Alerts->Printers?

Simple commands for you to play with:
to see your current ARP Table content: arp -a
to see your routng table: netstat -rn 
« Last Edit: January 28, 2009, 12:01:31 AM by AlexFeren »

Offline numskully

  • Newbie
  • *
  • Posts: 10
Re: avast 4.8 trying to access a printer?
« Reply #6 on: January 25, 2009, 11:00:06 PM »
Thanks for the info AlexFeren!

Under "Settings->Alerts->Printers" there is an entry for printers. I never put in any info for alerts. Should I just get rid of all the entries? What are these alerts doing?

When I ran arp -a it reported "No ARP Entries Found".

Offline AlexFeren

  • Newbie
  • *
  • Posts: 12
Re: avast 4.8 trying to access a printer?
« Reply #7 on: January 26, 2009, 04:58:45 AM »
> When I ran arp -a it reported "No ARP Entries Found".
ARP Table is a fundamental resource in IP networking, so, something must be there. ARP Table isn't updated until you start communicating with adjacent nodes in the network (ie. router, other PCs on same switch, etc). So, if you're reading this web-page, you must have at least the entry of the nearest router or gateway in the ARP Table.


> Under "Settings->Alerts->Printers" there is an entry for printers. I never put in any info for alerts. Should I just get rid of all the entries? What are these alerts doing?
Well, what are the enties in there? Avast can configured to send alert when a virus is detected, so, perhaps at startup it's ping-ing the node hosting the printer. Provide us screen-shot so we don't need to guess.
« Last Edit: January 26, 2009, 05:00:32 AM by AlexFeren »

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84922
  • No support PMs thanks
Re: avast 4.8 trying to access a printer?
« Reply #8 on: January 26, 2009, 03:24:21 PM »
@ numskully
I don't believe there are any Printer alerts, just the empty shell they would go in ?

Is this what you see or are there any additional entries under the Printer alert section, see image ?

I don't get any of the firewall notifications that you are But I'm using Agnitum's Outpost Firewall Pro 2009, I have no printer alert setup.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline lukor

  • Avast team
  • Super Poster
  • *
  • Posts: 1879
    • AVAST Software
Re: avast 4.8 trying to access a printer?
« Reply #9 on: January 26, 2009, 05:49:47 PM »
I still find the parent - child relationship between spooler.exe and ashserv.exe strange. ashserv.exe if this is really our process is a service. It is running since the computer was started and it's parent process should be "services.exe".

You can verify this with for example "Process Explorer" - downloadable from Microsoft.

I can not imagine any situation where spooler.exe should start ashserv.exe process. It is either not our process or the firewall is confused.

Offline numskully

  • Newbie
  • *
  • Posts: 10
Re: avast 4.8 trying to access a printer?
« Reply #10 on: January 27, 2009, 12:51:39 AM »
Provide us screen-shot so we don't need to guess.

Sorry about that. Thanks for your help AlexFeren.


Offline numskully

  • Newbie
  • *
  • Posts: 10
Re: avast 4.8 trying to access a printer?
« Reply #11 on: January 27, 2009, 12:55:37 AM »
@ numskully
I don't believe there are any Printer alerts, just the empty shell they would go in ?

Is this what you see or are there any additional entries under the Printer alert section, see image ?

I don't get any of the firewall notifications that you are But I'm using Agnitum's Outpost Firewall Pro 2009, I have no printer alert setup.

My alert is empty also. I could not edit it. My alerts look the same as yours. There is a screen shot in the post before this.

Does Agnitum's Outpost Firewall Pro 2009 protect your printer (odd question maybe)?

Offline numskully

  • Newbie
  • *
  • Posts: 10
Re: avast 4.8 trying to access a printer?
« Reply #12 on: January 27, 2009, 01:00:52 AM »
I still find the parent - child relationship between spooler.exe and ashserv.exe strange. ashserv.exe if this is really our process is a service. It is running since the computer was started and it's parent process should be "services.exe".

You can verify this with for example "Process Explorer" - downloadable from Microsoft.

I can not imagine any situation where spooler.exe should start ashserv.exe process. It is either not our process or the firewall is confused.

Under "msconfig" I am starting ashServ.exe, found in c:\Program Files\Avast4\ashServ.exe.

I did a search for ashServ.exe, finding only 1 entry. It was digital signed by ALWIL software.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84922
  • No support PMs thanks
Re: avast 4.8 trying to access a printer?
« Reply #13 on: January 27, 2009, 01:37:46 AM »
Well I don't have file and printer sharing enabled, but as has been said Sygate does from time to time make these mistakes.

The only real relationship ashServ.exe (the main scanning engine of avast) might have with spool32.exe is to scan that file when it starts as a resident scanner should. There should however as lukor said no way spool32.exe would be starting ashServ.exe, so I too believe this is a firewall error.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline AlexFeren

  • Newbie
  • *
  • Posts: 12
Re: avast 4.8 trying to access a printer?
« Reply #14 on: January 28, 2009, 12:11:37 AM »
Provide us screen-shot so we don't need to guess.

Sorry about that. Thanks for your help AlexFeren.


Well, obviously it's not seen in Avast Alerts setup.
Even if Sygate is incorrect about the parent of AshServ.exe, it still don't fix your problem, which is - knowing why AshServ.exe trying to reach 192.168.1.1.
The way I'd approach it is to figure out who is 192.168.1.1 and what services it's hosting; then, work backwards to guestimate the reason.
(BTW, you checked there's nothing in Avast's .ini that includes 192.168.1.1?)