I have taken “Avast!” and “ashmaiserve” out of Startup programs, and yes, it seems as though it is Avast that is using RPCSS.exe.
I am concerned about this, as it (RPCSS.exe) has been trying to access the internet, on a number of occasions (it has just made another attempt) Even though I block it with Kerio PF, it gets through and I find it in the Kerio’s filter rules and Application MD5’s ( I delete these entries, and they appear again each time).
Please would one of the moderators (Vlk or Pavel?) please respond to this in order to put my mind at rest:
is this normal activity?
why is RPCSS.exe trying to access the internet?
why does Avast use RPCSS.exe?
I am running Windows 98se and Avast4.0.235 Home edition.
Many thanks.
PcB
PS. I have seen this report:http://cexx.org/rpcss.htm
but I’m afraid it doesn’t help me regarding Avast and RPCSS.exe.
I am sure one of the moderators will get back to you shortly, but please keep all postings on the same subject under the same string.
Just sign back into the forum, go back to your question and “reply”.
It keeps things all together for us to review instead of opening half a dozen strings.
Anyway, AVAST does need to access the internet so that it can check for updates to the database and program. I am almost sure that it uses the RPC to get things going and access the internet.
If you block the RPC access with Kerio, AVAST will not update the database and you have created another problem. If Kerio “alert window” tells you that AVAST is using the RPC, then it should be ok to allow it. To make you feel more comfortable, only allow it for that one time. This way you will know when the RPC is activated and by what program.
One of the moderators should be able to provide a more detailed explanation.
The Windows RPC endpoint mapper service, Rpcss.exe, may not correctly handle reentrancy (more than one pending request). If the RPC endpoint mapper is concurrently accessed by two processes, or twice within one process, an invalid page fault (exception 0E) may occur in Rpcss.exe.
This behavior is somewhat timing-dependent, and may not occur consistently on all computers.
There are no known issues with Windows 98 systems, and that is probably why it randomly occurs.
Try removing non-essential programs from the startup list to isolate which one conflicts with Avast when it trys to access the rpcss.exe
Many thanks for your replies. I hadn’t thought of RPCSS.exe being used for updating Avast (I would appreciate it if one of the moderators would verify this).
I actually don’t have the auto-update feature enabled, but ask for notification.
Whatever, when Kerio notifies me that RPCSS.exe is trying to access the net, nowhere is AVAST mentioned-if it were, I would naturally grant it access!
I presume your second reply, techie101, is really for Joel, who is getting RPC errors, which I am not.
Once again my thanks for your knowledge.
I would still very much like to have official confirmation that RPCSS.exe is used by Avast purely to seek Avast updates.
Well, I have found out via the program TaskInfo, that RPCSS.exe is indeed called up by Ashserv.exe, the main Avast module.
I have sent VLK a PM but he hasn’t replied-probably gone on holiday.
I feel sure that RPCSS.exe is only used by Avast to get updates.
Nobody seems interested in
Indeed it does! Avast uses the Avserv.exe to establish a connection on the internet to the Avast server to check for updates. Depending on how you have your defaults set, Avast will either download them, or alert you to the new update/s.
I am not sure of when the moderators are scheduled online. You can tell by the green screen under the username. I have also sent them IM messages and have not received answers either.
Enlightment is found by those that refuse to stand in the shade!
Seek knowledge from others, and give it freely to them!
Sorry people, but those who could enlighten you, such as the mighty Vlk, have really left for holiday for some time, so you should be patient… I hope you’ll get your light soon 8)
Thankyou Techie101 for pointing me in the right direction.
I never venture far from reading or posting on forums…I still don’t know lot’s of things I’m sure I should.
I must say, given the choice I’d rather be a turtle, lugubriously paddling round the tropical oceans.
Mind you, things often make me want to spit, so maybe a llama’s more appropriate!
Now I have discovered that even if you set the update for both Virus Database and Program to manual (ie. not auto, or notify), Avast still loads RPCSS.exe.
Now, if the program is set to not look for updates, then why is RPCSS.exe loaded at all?
I’m going to leave both settings to manual, and see if RPCSS.exe is still accessing the net, (or trying to).
Count me as ANOTHER worried user.
There is no doubt that Avast does initialise the RPCSS command, which is basically a local server which kicks in PRIOR to my firewall. (hence no point blocking it)
The question we gotta ask peeps, is W H Y ? ? ? ?
This aint no conflict with another program or anything to do with the updating (which still works after I shut RPCSS.EXE down, which I gotta use a utility to do as it doesn’t appear under the active tasks menu…shady underhand process)
So c’mon MODS, where’s the answers to these questions???
Why does your program NEED TO start the RPCSS.EXE process?
Can we stop your program from executing this process?
How do you think your users would respond if they were informed that the security product they are using actually invites a hacker to target a specific port.
Hang on a minute…
Maybe that IS the point!
Make the PC vunerable to hackers so that when the antivirus software kicks to protect us from the scummy no life low life, we all think, ‘Hey, I’m glad I had this software!’
I’m assuming the mod’s that were away when this thread started are now back from sunning themselves, SO LETS HAVE SOME ANSWERS before I delete this brilliant software.
Yes, I know I’ve had a good whinge, but I really DO love the software, resources are sweet compared to other memory hogging alternatives, but I just can’t cope with this daft, and seemingly pointless server it starts.
I’m surprised to find another person concerned about this issue-only Techie101, and now you, have voiced any concern.
You say that RPCSS.exe is not used in updating the virus signatures. If you did the updating manually, then I am not too surprised, as I presume that the RPC is only used to LOOK for updates. I have just tried updating manually after killing RPCSS.exe, and it worked fine, as you say.
However, I have been permitting the RPC service to access the net, and I received an update about an hour ago ( before trying the manual update).
( I have set the update service to advise me when an update is found).
I reckon that we will discover, when the moderators get back from their R&R, that there is nothing to worry about…at least I certainly hope so-I am beginning to like this program.
I wish you had posted this earlier-I would have had my answers then, and saved a lot of bother, lol.
I actually did a search before I posted originally, looking for “RPCSS.exe”, and your link did not come up.
If I had known, I would not have posted.
I still think, however, that someone more knowledgable than me should query this further:
Most importantly: is RPCSS.exe , in fact, seeking access to the internet in order to look for updates, or not? ( is it OK to NOT allow it permission to access the net with a firewall?)
Does Avast really need RPC ? Can it not use some other service: what do other AV programs use to look for updates, or to communicate with themselves internally, as VLK seems to be asserting?
Is the RPC communicating with itself continuously, or only when it is looking for updates?
[b][i]Microsoft has released a patch for a critical flaw in Windows Exchange Server 2003, Windows XP, 2000 and NT 4.
The flaw involves the Remote Procedure Call (RPC) protocol, which deals with inter-computer communications. Microsoft warned that, under certain circumstances, the RPC might not check messages sent to the PC properly.
If a malformed message is sent to the target PC it can be routed through port 135 and used to run code on the infected PC.
A patch is now available.
"Microsoft has rightly classified this vulnerability as ‘critical’, said Pete Philips, penetration tester with security vendor Integralis.
“Any host with port 135 open to a hostile environment, such as the internet, is very vulnerable. We’d recommend patching as a matter of urgency.”[/i][/b]
Note the last line particularly.
Note also that the patch is not valid for Win 98.
I too am very concerned that RPCSS is called into action by Avast and have blocked it with my firewall. I am finding a steady stream of inbound UDP messages heading for port 135 getting stopped by the wall. Activating RPCSS allows remote control and configuration of your computer by a remote operator as far as I am aware. I would rather have a virus!!!
I have not yet found out how to disable RPCSS in Win 98 since the DCOM config commands from Win 2000 etc do not seem to be available.