Author Topic: Can Avast be disabled from command line (but still with safety prompt)?  (Read 3888 times)

Offline VanguardLH

  • Jr. Member
  • **
  • Posts: 90
    • Personal Message (Offline)
Windows XP Pro SP-3
Avast Free 6.0

Does Avast (free version) provide a utility or command-line switch that will initiate a disable of all its shields?  I'd still want the popup window to appear alerting me about the intended shields disable.

I'm looking at using Returnil (free version).  Trialed it in the past, like to trial it again.  I would use this of on-demand protection, much like app sandboxes are on-demand when an app loads.  Returnil does disk virtualizing and everything gets wiped (because the virtual disk for file I/O gets discard) on shutdown.  AV protection is only of use in this scenario if you want to be alerted about keyloggers, viruses, malware, PUPs, etc. but had little value when using Returnil since anything detected will be gone on a reboot and whatever actions committed by the AV program will be discarded (undone) on a reboot.

Before enabling RSS safe mode (disk virtualizing), I'd like to run a batch file that alters the state of my host, like unloading some processes (MS Office components, magicjack, WinPatrol, Unlocker, Stickies, etc) and move some files (e.g., .job files so some scheduled events can't be found by Task Scheduler since disk defrag, disk cleanup, AV scans, etc. are pointless while in RSS safe mode).  I'd like to disable Avast before starting RSS safe mode.  Is there a command-line switch or utility that will initiate the disable of Avast's shields yet still present the prompt window asking for my permission to disable them?

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69198
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: Can Avast be disabled from command line (but still with safety prompt)?
« Reply #1 on: December 12, 2011, 12:42:59 PM »
There has pretty much been the same question asked very recently.

The avast free program has no command line interface.

The avast Pro has, but I don't believe that it would have such a command as it drives a coach and horses through the avast self-defence module. As the same command could be used maliciously.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2016/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Asyn

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 24887
    • >>>  avast! Forum - Deutschsprachiger Bereich  <<<
    • Personal Message (Offline)
Re: Can Avast be disabled from command line (but still with safety prompt)?
« Reply #2 on: December 12, 2011, 12:43:52 PM »
Is there a command-line switch or utility that will initiate the disable of Avast's shields yet still present the prompt window asking for my permission to disable them?

No.
XP SP3 - avast! 9.0.2017 - CIS 3.14 [FW/D+] - MBAM 1.75 [On Demand] - Firefox ESR 24.4 [NS/ABP/EHH/BP] - Thunderbird 24.4 [EM/CH]
Deutschsprachiger Bereich -> avast! Wissenswertes (Downloads, Anleitungen und Infos): http://forum.avast.com/index.php?topic=60523.0

Offline VanguardLH

  • Jr. Member
  • **
  • Posts: 90
    • Personal Message (Offline)
Re: Can Avast be disabled from command line (but still with safety prompt)?
« Reply #3 on: December 12, 2011, 01:22:27 PM »
There has pretty much been the same question asked very recently.

The avast free program has no command line interface.

The avast Pro has, but I don't believe that it would have such a command as it drives a coach and horses through the avast self-defence module. As the same command could be used maliciously.
Not true at all.  Anything I can do using the mouse and keyboard can be performed using AutoHotkey or similar utilities, and that includes malware.  What makes you think there is anything special or secure about you right-clicking on a tray icon, moving the mouse or keyboard to select a context menu item, clicking on an item, and then in a window using its handle or just relative positioning clicking on a button within it?  I don't want to bother installing Autohotkey-type software just to do the same that I can do using mouse & keyboard.

That type of counter argument always falls flat because no forethought is expended in understanding that any user interface to disable a problem presents the same interface for anyone or anything to do the same.  I've use WinRunner, AutoHotkey, and many other screen scraper or window management software to fully understand that any GUI presented to the user can be also used by software.

Rather than argue about they why's and what for's regarding a command-line utility's vulnerability, notice that I did say that I still wanted the prompt window asking if I wanted the product to get disabled.  This is the only security the product has against accidental or malicious tampering but this doesn't prevent it.  For the same reason you mention, then there should be absolutely no means to disable the product which means no tray icon and no GUI options to disable the product.  I was asking for another means to do what the product already allows.
« Last Edit: December 12, 2011, 01:24:58 PM by VanguardLH »

Offline igor

  • avast! team
  • Serious Graphoman
  • *
  • Posts: 11326
  • Gender: Male
    • AVAST Software
    • Personal Message (Offline)
Re: Can Avast be disabled from command line (but still with safety prompt)?
« Reply #4 on: December 12, 2011, 01:34:59 PM »
If you mean disabling the shields from the tray icon, then that's one of the reasons the password protection is there - if you set up a password, you can't automate it with similar tools (not knowing the password; actually, not even if you know it).
If you're talking about the self-defense prompt, then AutoHotkey or similar tools won't work (just like they wouldn't work e.g. for the UAC prompt) - you can try ;)

Generally, you can try to stop avast! service via Service Manager (from the command-line) - you should get the mentioned prompt. For avast! UI process, there's no normal channel, you'd have to use some of the hacks you mentioned.
« Last Edit: December 12, 2011, 01:45:11 PM by igor »

Offline VanguardLH

  • Jr. Member
  • **
  • Posts: 90
    • Personal Message (Offline)
Re: Can Avast be disabled from command line (but still with safety prompt)?
« Reply #5 on: December 12, 2011, 02:19:23 PM »
If you mean disabling the shields from the tray icon, then that's one of the reasons the password protection is there - if you set up a password, you can't automate it with similar tools (not knowing the password; actually, not even if you know it).
If you're talking about the self-defense prompt, then AutoHotkey or similar tools won't work (just like they wouldn't work e.g. for the UAC prompt) - you can try ;)

Generally, you can try to stop avast! service via Service Manager (from the command-line) - you should get the mentioned prompt. For avast! UI process, there's no normal channel, you'd have to use some of the hacks you mentioned.

Okay, thanks.  So I could use either 'net stop' or 'sc stop' (SC = service controller utility) to disable the shields but first get the user prompt to allow the disable.  Apparently the popup alert is part of the shutdown method for the service (which is good and acceptable).

I ran "sc query" to see if there was a shorter service name than the display name but, nope, have to use "avast! Antivirus".  So either of the following might work:

net stop "avast! Antivirus"
sc stop "avast! Antivirus"

Alas, they didn't work.  Instead the return status was:

[SC] ControlService FAILED 101:
The service cannot accept control messages at this time.

This was because I already used the Services Manager (services.msc) and tried to stop it there.  When Avast showed its popup prompt, I opted for “No” (do not disable shields).  The problem is that Windows doesn't get an updated status from the service which results in Windows thinking the service is still in "stopping" state (STOP_PENDING).  During that state, you cannot start or stop a service so a subsequent test would fail.  This means if I elect to keep the service running that Windows continues to see it in a pending state.  You have to restart the computer to get Windows unstuck from this service state.  Can't use "taskkill /f /im "avastsvc.exe"" (get "access denied" status) since Avast protects itself from termination.

So after rebooting to get the service out of STOP_PENDING state,  I stopped the service by running “sc stop “avast! Antivirus”” and selected “Yes” in the popup prompt.  When I right-click on the Avast tray icon, yep, all shields are disabled.  Since this was just stopping the service which is set to Automatic for startup on Windows load, it’ll be back and all shields up when I reboot (which is how to get out of Returnil’s safe mode with its disk virtualization).

So that’ll work as long as I don’t pick “No” in the popup prompt (which puts the service in pending state which means no further start or stop requests will be acknowledged).  Since I’ll be manually instigating Returnil’s safe mode, I’ll see that popup prompt.  If it were something scheduled or run without user intervention, Avast counts down on the “No” selection which means the service refuses to unload and it’ll get stuck in the STOP_PENDING state. 

Thanks for that info.  I didn’t look there because I had figured Avast’s self-protection would’ve prevented stopping its service.  I didn’t even try because I presumed it wouldn’t work, but it does.
« Last Edit: December 12, 2011, 02:22:41 PM by VanguardLH »

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now