ashServ.exe need internet access?

Does ashServ.exe NEED to connect to the internet to perform its functions? Why is it trying to connect to the internet on my computer?

I am only running 2 modules for my Avast: Standard and Network Shield. Does ashServ.exe need internet access for these modules to work correctly?

No it doesn’t require internet access and I can’t see how it can as it doesn’t have that function.

What is your firewall and what exactly is the alert message ?

The network shield acts a bit like a firewall but only covers a very limited number of ports, usually those which are exploited by worms/viruses.

I would recommend you ad the Web Shield (ashWebSv.exe) to your defences and also the Internet Mail provider (ashMaiSv.exe).

Ashserv.exe doesn’t need access. It will however send out pings to see if there is an internet connection for the purpose of updates. This can be stopped by checking the box on the update (connections) page “always connected”. This can be found in the program settings. Right click the “a” icon. select program settings.

One called avast.setup will probably ask for permission now. This has to be allowed in order for the updates to happen.

Agree with DavidR on the additional providers.

Into the firewall settings, the following programs should be allowed to connect:

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.

Don’t need rights to connect:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service). Although, ashServ.exe sends ping packets to find out if the Internet connection is alive. You can turn this off by checking the “My computer is permanently connected to the Internet” box in the avast Program Settings > Update (Connections) page.

What I can’t understand is why are you using only 2 avast providers ???

I agree the Web Shield is a nice feature, but I dislike using proxy connections. This is the reason I have it disabled.
I only email through web email services. I don’t have any client thing like Outlook, this is why I don’t use the mail provider (I don’t need the mail modules if I only use web based email provider right?

I’m using Online Armor firewall (with HIPS features uninstalled). The specific message I believe is that ashServ.exe wants a UDP outbound on port 53 (I have the DNS Client disabled).

It’s an internal proxy, loop in your computer, not an external proxy server.
I works transparently, automatically, in Windows 2k to Vista.

If any trojan is trying to send spam from your computer, or your hijacked and sending spam, the Internet Mail heuristics will caught it. Just an ‘extra’ precaution.

Oh. thank you. This answers it then. It’s connecting for the ping thing when you don’t have always connected checked. Yes, I recognized the avast.setup needing connection for updates–this was why I didn’t understand ashServ.exe. But now I do, it’s trying to connect for update related purposes.

Can I select “Always Connected” even if I’m not always connected (ie, using laptop), and Avast will still auto update just fine? Or does ashServ.exe NEED to do its ping thing for auto update to work on a system that is not ALWAYS connected to internet?

Why do you dislike using a local proxy, I see no impact on my system.

The Internet Mail provider may give you your first indication that your system has an undetected/hidden trojan spambot sending out spam from your system. You need to set the sensitivity to High though so it detects multiple identical emails in a period of time. There is minimal overhead in leaving enabled as it would only be in use for scanning in the circumstance I described.

The ping to check for updates would be resolved by what oldman said.

Thx for the info, very helpful :slight_smile:

Why not using:

Web Shield: dislike proxy connections (personal pet peeve)
Outlook Shield: I have never used Outlook
Internet Mail Shield: I have never used Outlook like email things (not applicable for web email right)?
Instant Messaging Shield: I never instant message. Have nothing of the such installed.
P2P Shield: I never P2P. have nothing installed.

Yes, the Web Shield works great, no impact. But I used it for a year, and never saw it alert–I am a careful browser. Coupled with dislike for Proxy, I leave it off. I agree though, it works good.

The Internet Mail–I only get my mail from like Yahoo.com etc. I never have used one of those things like Outlook (I don’t even know what they are called). So the Internet Mail only applies to when you like download the emails to your computer right? Would it protect me from this spam thing you describe even for email stuff where I log into YahooMail.com and just read my email that way?

The protection the mail scanner can give you is like this. If you get infected with an undetected spambot, it will send mail out on the port that the mail scanner monitors. The mail scanner icon will appear on the task bar. Now you will know that something is sending mail.

So I can pick up a spam bot in ways not related to using the email client things like Outlook?

To get this protection, just activate the Internet Mail module or do I need to activate the outlook module too?

Yes, it doesn’t nessecarily have to come frome an email or “shady” site. There is alot of crud floating around out there just looking for a place to land.

The Internet mail provider is the one you want. The outlook/exchange is for programs like Outlook.

You only have to look at the forums to find many occurrences of people whose computer is sending out spam.

So not only should you enable the Internet Mail provider you should set its sensitivity to High. As oldman said you don’t need to enable outlook/exchange.

What port does the mail scanner monitor?

The default ones are 110 (pop3, inbound), 25 (stmp, outbound), 143 (imap).

Port 25 (and port 110 for incoming). Port 25 is the port that spambots use for sending outbound mail and they normally include their own SMTP component so it has nothing to do at all with whatever mail client you use (or whether you use a mail client at all).

Should I set Standard shield, network shield, and web shield to HIGH also? I’ve been keeping them at Standard setting because i read somewhere that High can impact system performance or something of that nature.

now wouldn’t a firewall with Outbound protection alert me to if things are occurring on these ports? (I’m just trying to learn all I can about this stuff). Or does the Internet Mail module do something the firewall can’t do for me?

A good firewall well configurated with outbound monitoring (not Windows one).