Avast Setup seems to have modified itself

My firewall - Zonelabs Prof has notified me that Avast setup programme is attempting to access the internet and that the programme has been modified since the last time it ran.
I am running NT4 and Avast ver 4.0-235. The notification indicated the setup to be ver 1.0.0 as I remember. I blocked access until I get response here.
Is the setup programme able to auto-modify and if so why? Should the setup programme be trying to access the internet anyway? Surely it only runs the first time when you install Avast?

This is a normal function for Avast. Avast is set to update the DB by default and that is what it is trying to do.
In addition, version 4.1 was just released and AVAST is checking to see if a new program update is available. It will not INSTALL it automatically unless you change the default, but it will always look for an update.
That is why Avast is super! Set the defaults to download any new update to both DB and Program, and it runs itself.
You get complete protection automatically without doing any work. No searching for updates, no manual installations, no broken downloads.

The Setup file will automatically adjust itself to work with the new update.
Without access, the automatic update will not function and Avast will not do its job.
I suggest you allow access for Avast functions only!

;D

I am not sure that you read my mail correctly? I am well aware that Avast auto-updates the DB and the actual programme as well. I am referring specifically to the SETUP programme which has been modified since it last ran! This is usually a very dangerous sign as it usually indicates some form of corruption.
On a second point, I run NT4 and I need to know whether it is vital for Avast to access the internet through a programme called “Services and Controller App”. I find if I block the automatic routing of this programme - I feel the programme constitutes a security hazard as it allows all sorts of programmes to access the internet through it and probably also the other way - then Avast does not appear to update itself when I log on.

Avast Setup indeed modifies itself. In the previous version (4.0) it downloaded the new version of setup first. In the new version (4.1) it uses our genius secure incremental way to update itself (in order to minimize traffic). Of course this is done during the program update only (not during the database update).

You can say to ZA that this program changes frequently and it will not check its integrity next time. If you are paranoid enough :slight_smile: you can still let the ZA ask you if the setup is allowed to access the net so you will have the control if it does it only during real update).

Hope this helps

Pavel

Hey Pavel…
Now we have a lot of avast! modules and parts trying to access the Internet…
The panel of ZA are “filled” with them…
Is it possible to “join” this parts (avast! antivirus service, avast! e-Mail Scanner Service, avast! Setup (two different programs, one temporary!), setup.ovr) :cry:

Hi Technical,

Now we have a lot of avast! modules and parts trying to access the Internet...

Yes, and? I still can’t see the problem - just say to your firewall what to do - it is set and forget task.

It’s is crystal clear, isn’t it? I do not see any advantage to join these programs under one - just the opposite - you can either see or control all these tasks (checking of updates, checking for e-mail and program update) separately which is great :smiley:

Hey Pavel. Let me disagree with you. See what says Colin (I agree with him):
"I am referring specifically to the SETUP programme which has been modified since it last ran! This is usually a very dangerous sign as it usually indicates some form of corruption.
I feel the programme constitutes a security hazard as it allows all sorts of programmes to access the internet through it and probably also the other way - then Avast does not appear to update itself when I log on.”

Btw, see what says the “negative” opinion at CNET from Don 29-Jul-2003 05:20:09 PM:
“Scans your systems and creates a database”
This application scans your system in the name of crating backups for restoring after a virus corruption…Baloney…it communicates via RPC and opens a listening service on port on 6100 see C:\programFile\Alwil\Avast\Data\avavast4.ini for information. This could be aserious trojan software from Czec republic.

Of course, I do not agree with Don (http://download.com.com/3302-2239_4-10212719.html?pn=2&fb=2) but, Pavel, felling of security is as important as security… Panic brings heartattachs… :stuck_out_tongue:

Sorry, Pavel, but in FAQ are written:

Q: What should I know about using avast! 4 in combination with firewall?
A: You will keep warnings by your firewall once you install avast! 4, because avast! tries to connect to our servers - it looks for virus definition file updates and for program updates. You should allow avast! to connect, otherwise the update feature will not work.

The components of avast! 4 that should be allowed to connect:
avast.setup
avastXX.setup (where “XX” are some numbers)
aswUpdSv.exe

What is the “new one”: setup.ovr ???

Hi Technical,

I still did not get the point… When you decide to update the program (by default there is only info about the new version, YOU initiate the update!), first the setup is updated in order to manage all possible new situations, then the rest of avast! program is updated. In my advice I recommend to let the firewall to ask whether setup is allowed to access the net and so to have full control over it.

Where do you see any security hazard? I can’t see none. It is quite normal that any application comes with new setup, isn’t it?

I have a similar problem :frowning:

I have 9 (yes nine) ! modules for the Avast program sitting in the “program option” in ZA Pro 4.

A normal amount (for ANY program) should only be 1 or 2 modules maximum.

With every avast program update the list in ZA seems to get longer and longer.

I have no clue, on wich modules i can delete out of ZA, as i don’t want to take the risk of Avast not working properly

Waldo

I have 9 (yes nine) ! modules for the Avast program sitting in the "program option" in ZA Pro 4.

Actually, you can delete ALL of them :wink: Next time you will use any avast! module, ZA will ask if it is ok, so you can approve (and configure) them from the scratch - but just those you actually need!

Pavel

Please, how could you get setup.ovr to contact to the internet? Is that repeatable?

The file resides on Avast\Setup folder and the name is setup.ovr (13-9-03).
It´s not repeated. It´s a new component (I think)… ::slight_smile:
I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up). Is anything wrong?

kubecj seems to be rather surprised that this file is trying to connect to the Internet… it’s probably not supposed to.

That’s fine.

I permit that setup.ovr contact the Internet during an update of avast! (ZA pop-up).

I would like to know when does it ask to connect to Internet. Can you perform some tests for me? (Removing from ZA and waiting for that popup and writing down when did that happen).

kubecj, I have removed it - I´m not sure when - probably when Pavel was insisting that this behavior is perfect (see this forum)…
Now, this file does not ask for Internet access anymore but I´m absolutely sure it asked sometime, probably when updating to 4.1.260. :cry:

Okay, may I ask you to remember the request when next release will be out?

I performed your requested test: I updated avast! yesterday (17-9), delete all entries for avast! in ZA and then I roll back my XP system before… (using Roxio GoBack). I boot and update avast! again and then, suddenly, the file setup.ovr asked for permition again. I´ll try to send you the images of the messages… Can you send me your e-mail?

Do you have any idea? ???

So you just updated the program? Do you remember all the parts which were asked by ZA? My email is kubecj FUNNY_@_CHARACTER asw DOT cz

Thanks,

This problem isn’t really a problem but is due to the fact that Zone-Alarm counts it up to the list.
I use Outpost firewall and Outpost also detects the modification of the Avast-setup, also asks if I want to allow it but leaves the list of trusted programs to 3, because it replaces the former avast-setup by the new one as soon as I say “allow it”.
The “problem” is a way of handling by ZA, not a nag of Avast.