Aargh - AIS firewall (or my PC) is doing my head in!
I had problems with the firewall stopping spontaneously without any warning with 5.0.507 (so did others it seems).
I uninstalled 5.0.507, ran ASW Clear, installed 5.0.533, and had no more problems. Same with update to the next beta release.
Then I updated to 5.0.545 - back to the same firewall service stop problem.
I’ve uploaded the file onto the ftp server as MAGAFW.tmp.mdmp.
I’ve gone back to 5.0.533 for the time being.
Could someone from the Avast team please have a look at the file and see if this problem is something in Avast, or if it is something in my system?
Thanks
MAG
I’m running windows XP SP3. The only other security software I have is SAS Pro 4.36.1006
I have looked at your dump and I must admit it looked like a problem in avast. So far I was not able to identify it, but seems like a memory corruption. What might surprise you is that nothing have changed in the Firewall service between versions 533 and 545. The fact that the pre-release works better for you must be just a coincidence.
I’ll update you with more info as soon as we have some.
Thanks for your help and the very prompt response Lukas.
A couple of other things occur to me that may be of use.
I never had this problem before 507 (and I’ve been running the AIS firewall since 25/01/2010).
If nothing in the firewall changed at the release of 507 that would suggest that something that changed on my system is involved.
The only things I can remember installing around that time are:
an iternet speed tester called instanthelp.exe downloaded from CNET (now uninstalled because it sometimes locked up)
a browser security plug-in called Trusteer Rapport
I have returned to 545 (since the firewall is unchanged from 533), and so far have had no problems - if I do I’ll post the dump in case there is any fresh info in it.
Thanks! Please post the dump, it might be similar, but memory corruption is always hard to track, so the more hints the better. I’ll be hunting this bug in the meantime of course.
What I really like with Avast is their honesty and how fast they react to fix problems when they arise, not like some other AV I know. Thank you for that Alwil.
The firewall stopping problem has happened a few more times today (I’m running 545 - which has been OK since May 08).
Lukas
I have uploaded the dumps (and also the setup log) to the ftp server as requested (as magafw1, 2, 3 and magsetup).
As previously, before the firewall showed “service stopped” the activity log showed repetitions of “configured avastUI.exe to access the network” (as if it has forgotten it just configured that a few minutes ago).
I have windows XP firewall running (having read your post that it shouldn’t conflict with AIS firewall), so I guess I’m no worse off than I used to be with the free version (except slightly financially worse off!).
I hope you guys at Avast can figure out what is going on.
Thanks for your help.
mag
PS am I the only person having this firewall problem - I’ve seen no other recent posts about the firewall stopping? (I recall qqwerty had the same issue with 507).
I’ve had numerous issues with the firewall compent with Windows 7 & Vista 64bit but none with 32bit Vista or 7. My solution is to uninstall and reinstall Avast! as this solves the problem. The only issue I have is that when the program engine is upgraded the issue tends to resurface.
@michael711
Do you also have the problem that when the firewall stops the avast icon in the sytem tray doen’t alert you to this?
Whatever, it may help the avast team to sort out this issue if next time your firewall stops you let them know and upload the dump (a .tmp.mdmp file in C\Documents and Settings\All users\Application Data\Alwil Software\Avast5\Log\ folder) to the ftp server at avast.
You are correct the icon does not alert me to the fact the firewall has stopped working unlike if I manually stop it there is an icon
What’s even more odd is that when this does occur sometimes you can resolve it by rebooting and the firewall will start. I don’t recall if Windows gives me the white flag alert or not because it’s always there already since I don’t have backup set.
I’m not sure why it starts sometimes and not other but your fact that it doesn’t notify you is problematic
michael711,
Do you have a browser security plug-in called “Trusteer Rapport” on your system (it’s often provided by banks)?
I’m begining to have suspicions that it may be implicated on my system (it was the last program configured, coincident with the firewall crash, and the firewall crash was also coincident with it reporting that it had just checked for for updates).
(Of course the firewall may have been ready to fall over and it just happended to come along at the wrong moment).
Lukas,
I have posted the latest dump files to the ftp server (magafw5,6).
I noticed that one of the firewall dump files was created at excatly the same time (to the second) that Rapport checked for updates.
Lukas,
I’ve posted three more dump files following AIS firewall stopping (magafw7,8,9).
That makes ten in total. I’ll stop at that unless you tell me it would be useful to see any more (of course I’m always hopeful that there might not be any more!)
Since I done a fresh install of Windows 7 Pro, I too have been having issues. My issues run along the lines of having to go back into avast and manually turn it back on at least once a day, utilizing the fix it now button. the past week I have been having more sever issues to where the fix it now button no longer works and I cannot got get avast active again. I tried reinstalling with no luck. Any advice on this matter would be greatly appreciated.
Hi Mag,
still hunting this bug. Thanks for the dumps, they look more or less the same at seem like a memory corruption somewhere inside Firewall Service. Still not able to find the cause. I am trying now with Trusteer Rapport but so far no problems here :-[
I’m running my own test with rapport - so far inconclusive. A problem with tests is that the firewall stops are infrequent and irregular - sometimes it runs fine for a few days (when I say a few days - I should point out that my machine is only turned on for a few hours each day).
I uninstalled rapport, rebooted, and everything with the firewall seemed fine. Then I re-installed rapport, and after a few hours the firewall stopped.
I uninstalled rapport again and rebooted, and fairly soon ater the firewall stopped again!
I rebooted again and everything has been fine since (for over 2 days now).
So I don’t know if the reappearance of the firewall problem after rapport was uninstalled (+1 reboot) proves that rapport is not the culprit?
Alternatively, can a second reboot after rapport uninstall achieve something that the first one didn’t, meaning that rapport may have been responsible after all? (but not that it definitely was)?
Beyond me!
In another couple of days if everything is still OK I will reinstall rapport.
there is something more you may try, if you are willing to do some test for me
You can run the Firewall Service with more strict settings for allocating memory. This way, when a memory corruption occurs we might know about it sooner - and hopefully it will be easier to debug it.
Please download it and run with the following commandline: pageheap /enable afwserv.exe
It case the Firewall Service crashes again, the memory dump created in the “logs” folder will point closely to the location where the corruption might have occured.
You can then disable the extra heap by: pageheap /disable afwserv.exe
With this extra setup, afwserv would probably consume more memory that needed, so it should be used just during testing.
Even more advanced command line is this: pageheap /enable afwserv.exe /debug
Now, when the crash occurs, there should appear a window for command line debugger. (see picture). The command I would like you to type here is: .dump /ma c:\afwserv.dmp
This will create even more detailed dump for me to analyze You can then exit the debugger windows by the q command.
Thanks a lot.
Lukas
EDIT: As I am looking at the screenshot I realize that for the /debug switch to work, you would probably need to have “Debugging Tools for Windows” installed. Which I don’t want to trouble you with right now. If you would like to try just the pageheap /enable afwServ.exe test, it would help as well.
It seems you have done most of the steps correctly. Runnng cmd and pageheap /enable afwserv.exe – with spaces. It does not display much, but if you run pageheap without any parameters it will display what is remembered, for example:
C:\Documents and Settings\lukas>pageheap
afwserv.exe: page heap enabled with flags (full traces )
C:\Documents and Settings\lukas>
And that’s all. Now, all what remains is wait for the problem to occur. When it occurs, due to different setting for memory allocation for this process it will crash sooner and more info will be stored in the memory dump.
Oh! One thing I forgot: You have to restart firewall for the pageheap config to take place. Just stop it from the GUI and restart again, please!
Hi Lukas,
I got pageheap running as requested, with the same command screen result as in your screendump.
Eventful!
At first everything was OK, then after a restart the firewall crashed, then for the first time, avast real time shields crashed completely.
I have posted four dump files, but the last three (from the avast crash) seem to be empty. The firewall crash dump is called MAGAFWPH (it looks to me to be the same file size as every other dump file I’ve posted though).
Hope it helps.
I’ll leave pageheap running for a while longer to capture any more crashes.
PS - I notice that on my system pageheap just says …flags (traces), not …flags (full traces) as in your example. Is there something I need to do to configure it for full traces?
mag
PPS - Operator error - it seems I have had pageheap enabled for afwserve.exe, not afwserv.exe. I have now corrected, but there may be a delay in getting a useful firewall crash dump file.
If you are into it, there is one more setting that sets the guards pages in front and not after the overrun buffer, this might be worth a try as well - so far we don’t know if buffers get overwritten at the front or at the end.