Avast Business & Windows SBS 2011 problems

I have recently installed Avast Business onto 5 servers all running SBS2011 in different locations, I have had several problems at different time on all of them

SBS Pop connector - not collecting mail, remedy disable avast protection, collect pop then re enable - should not happen!!!

Since updating avast all systems are all experiencing a logmein problem again at different times

On my logmein control panel – server appears offline, log into it via teamviewer, system running fine, but logmein offline, try to restart it, no joy, disable avast then restart logmein all works fine, re enable avast (pain in the … and waste of time)

These servers have all been running fine without problems for months/years, the problems have only started since installing avast business onto them

Any help would be appreciated

Thanks

Andrew

Just a theory without more detail, but it kinda sounds to me like Avast’s hardened mode is enabled or something which is preventing the Windows services from running. Are there any Windows event logs that can shed some light on what’s happening?

Are you using the default settings template or have you modified one? Try the unaltered default template if you’ve changed some settings. Maybe you’ll need to set some exclusions.

I might suggest creating a new settings template with all of the shields turned off and applying it to one of the problem servers. Assuming the problem goes away after the template gets applied down to the client, enable one shield at a time (waiting for the settings to apply before turning on the next one). It might help to isolate the problem shield, but it does kinda sound like Avast is blocking some Windows processes.

Hi

Thanks for the reply

Will have a look through the logs, have been using the default template, unaltered, however avast recommended that i change the default template and disable HTTPS scanning, so have now done this and will see what happens

Update

Upon clients returning to work after the public holiday, I have received numerous problems, from Outlook not connecting to exchange, slow network access, web pages not appearing, logmein showing servers offline etc, I have now disabled the 12 servers with avast on until Avast come up with a fix, all seems to be working fine now (at least no calls yet) :slight_smile:

All these problems started after updating avast

Hi Andrew

Last night I used the application’s local program update feature to upgrade two of my Windows 7 desktops from 2015.10.0.2504 to 2015.10.0.2505. Previously both were working fine, but afterwards started silently failing to open web pages, getting issues browsing the LAN etc.

At first I thought it was my internet connection, then a server DNS issue, but then I remembered your post. I tried turning off a few of the shields and turning off WebShield fixed the problems. This makes sense because WebShield filters port traffic (not just web), and so could also be the cause of your POP mail and logmein issues to name a few.

I’ve since downgraded back to 2015.10.0.2504 and working normally again with WebShield on. I’d suggest you pick a server, disable WebShield and if the problem resolves try downgrade if you can (your installer probably has the old build and you got upgraded during autoupdate process). I always disable automatic program updates until I can test for this very reason… BUGS!

I have only noticed this issue on these two Windows 7 machines. I expect SBS2011 is the same codebase so could be isolated to these OSs. Having said that, other users of Windows 7 in my domain have no problems, but they are local admins and I pushed the update to them via the cloud console, so maybe that has something to do with it. Are all your affected machines SBS2011?

I’ll certainly be trying to get some tech support. I dumped Symantec because I found it unreliable and consuming too much administrative time with components that didn’t work properly. I hope Avast isn’t going to give me the same headache.

Hi Guys,

I responded to GFM on a ticket that was submitted but wanted to post the reply here as well to see if we can get to the botom of this.

After the update, was the device(s) rebooted? The update, as most do, requires a reboot and the webshield typically will disable or cause an issue until the restart is done.
If the device(s) have been restarted and the issue persist, try uninstalling and run this remover utility https://www.avast.com/en-us/uninstall-utility (will prompt to run in safe mode) let the machine restart in safemode and complete the process. Restart normally and reinstall. I know this is a pain, but need to see if it’s caused by some left over files from the previous version that’s causing the issue.

Let us know how it goes.

Thanks!
Jeff

Hi GFM,

I installed the software on a mix of SBS 2011 & Windows 2012 R2 only, there were different problems some the same as you, have now disabled them all, I have had a quiet couple of days without any problems :-), will try your suggestion of turning off webshield on 1 etc

My users all use Avast Pro - no problems there

I am surprised that Avast support has not responded quicker after submitting a ticket… Wakey Wakey boys

Thanks for the suggestions

Andrew, can you let us know the exact version number of Avast Business that is installed? Like Sigmon is suggesting, it could be a application autoupdate has run to upgrade the software and broken it.

My full installer includes 2015.10.0.2504 (I dislike stub installers for site deployments). If you have anything newer, I think the suggestion to uninstall with the remover utility might be your only solution (however I just did a normal uninstall of 2015.10.0.2505, reboot, and reinstall of 2015.10.0.2504 with another reboot to complete after being prompted, not before).

At least you have functional systems with the shields off, takes off some of the pressure :slight_smile: .

I’m not sure I agree with Avast’s default of program autoupdates for servers. Stability in servers comes with control, and letting the application do an autoupdate is risky. My advice is to disable program autoupdate in the template for servers, and push out a controlled update when you get notifications of updates in the cloud console.

Hi GFM,

The installer version is 2015.10.2.2505 which I believe is the latest and is on all of the systems

Don’t really want to do a uninstall in safe mode just in case there are further problems and have to do a site visit, will wait to a later installer version appears and test it on a system near me, hopefully it will work as did the first version I installed

Agreed on the safe mode issue. I wouldn’t do that remotely without a lights out console.

Shame you haven’t got an earlier installer. I bet it would have fixed your issue. Maybe you can ask support to provide one for your cloud. Did you figure out if it was the web shield component to blame like mine?

Any chance your hardware is all the same? My issue only occurs in two desktops that are the same hardware. Maybe its a conflicting driver issue. I’m going to reopen my support ticket.

Will have a look and see if I have an earlier installer (may well do) - will setup a Virtual Server and have a play around in my office

Did not really test the shields, just disabled the software completely - hence no problems since :slight_smile:

All the hardware is different and a mix of SBS 2011 and Server 2012 R2 software

Am away for 10 days so will resume this when back and will reopen my support ticket as well - (maybe when i am back there will be a new version)

The latest response to my support ticket was to download the full installer for 2505 and install it fresh (instead of upgrading from 2504). Since it sound like you have already done that, I suspect I won’t get any joy from this plan. But I will try next week.

I think it would be worth trying the find the Shield that breaks your system. If it is still installed you might as well have it protecting the host to some degree with one shield disabled until problem is solved.

I’m now getting “The virus database is more than 21 days out of date” on some other machines. Really beginning to regret the 2505 update, but willing to hold out for the next update before considering dumping the app for another vendor’s.

Hey Andrew,

Wondering how you got on with your issue if you are still reading this thread? My curiosity has got the better of me, I’d be happy to help further if you have any more info.

I finally got around to this (other priorities got in the way). I’m not entirely sure if the issue is fixed, but I suspect I am on the right track and wanted to share my story for others.

Please note I sometimes referred to 2015.10.0.2505. This is wrong. It should have read 2015.10.2.2505. Apologies if I mislead readers (my 3:00am brain).

When I installed the full installer fresh for 2015.10.2.2505 and before rebooting, I noticed the network status indicator in the system tray got an exclamation mark, indicating no internet connectivity. At this time the browser broke as expected, and so were nslookups through my local DNS forwarder. When I rebooted, the indicator returned to normal, but I still had no ability to browse. Uninstall, and browsing returned, even before reboot. So it’s not the upgrade from 2015.10.0.2504 breaking.

The exclamation made me think that there’s something going on in the network stack, which makes sense since Avast does some low level driver stuff. I found the version of Atheros AR8151 PCI-E Gigabit Ethernet Controller was about 2 years older than most recent, so I downloaded the driver from the motherboard manufacturer, rebooted and tried again.

Installing 2015.10.2.2505 fresh again this time did not cause an exclamation, and after reboot I was definitely able to browse, but it was very flaky. I suspect I was having other browsing factors during this test, but if gave me some confidence there was a network driver conflict earlier. Being 2:00am I didn’t want to diagnose further so I rolled back to 2015.10.0.2504 and have set aside some daylight hours to test again with less network congestion.

If you hear nothing more from me on this test, it means it was successful, and the lesson will be to check your network driver is current!

This issue affected both of the PCs with this onboard network card. So Andrew, if you are still having issues, have a look and see if all your affected sites also share the a common network interface manufacturer (eg, Intel and Broadcomm are quite common even for different motherboard manufacturers).

This was corrected by Avast https://forum.avast.com/index.php?topic=171939.0

Hi GFM

Good post, some interesting bits, will start playing around again next week on a few clients, (as they have had a calm spell for a while :))will download a new installer and choose clients with different network cards, most on them are on board Nic’s, will post OS’s & NIC’s for the greater good and hope is goes well,

Thanks again

Andrew

Update:

Uninstalled avast, rebooted, downloaded new version 2505 installed it on a mix of 7 servers running SBS 2011 & Server 2012 R2 all different hardware and Nics

First problem, on logging into workstation via logmein, and then opening Outlook (was not connected to exchange need password etc), click on explorer to browse network click on server and error message saying no ADC found, so logged into server via logmein - would not let me connect timed out, so teamviewered into server, disabled avast, then connect to server via logmein and connected, then connected into workstation via logmein and browsed network all working, opened outlook and was connected to exchange.

So have disabled web shield completely and all is working for the moment, surely this is not how the program should work or not work…

I would have thought avast would have fixed this and this happened in the previous version

Getting my network drivers updated resolved this for me. I’ve sent you a PM with more detail.