Avast Web Security Settings Deployment

My company has subscribed to Avast for Endpoint Protection (PC) and we’ve purchased licenses for Avast for Mac as well. My issue is that several users have reported issues with browsing while the web shield is enabled.

The Macs in our environment have all had Avast deployed to them remotely via Apple Remote Desktop (Install / Unix Command options). I’ve installed successfully the license via the Copy Items option in Apple Remote Desktop.

Is there a way to turn off Web Security via OS X Terminal? Or is there a way to copy over the settings (via a plist or config file) to all the Macs in our environment much like i was able to copy over the license to each one? I’d prefer not to have to touch each Mac or instruct the users to make this change themselves as I believe it will require administrative privileges.

Note: for those who are trying to figure out how to push an updated license…the license file is located here…
/Library/Application Support/Avast/config/license.avastlic
If you encounter a license error before and after you apply it, you can run this unix command from ARD…
killall com.avast.helper which should reset the helper applet in the menu to prevent those popups, but the program won’t fully recognize the license until the Mac is rebooted.

The problem is most likely related to the ‘the scan secure connections’ option in Web Shield, turn that off an it will work.
How to turn that off via terminal? I have no idea, at worst you might try making a script that changes the .plist.
As Sysadmin, you probably won’t like the way it works anyway, avast is able to scan secure connections because it installs a root certificate (you might want to check if the cert is being correctly installed and trusted, this would explain why the web isn’t working) and then the web shield is a proxy that acts as a MITM decrypting the contents, scanning, and then encrypting again using the installed cert.

Changing the Web/mail shield settings using the command line can be done by modifying the appropriate configuration file
(/Library/Application Support/Avast/config/com.avast.proxy.conf) and sending the com.avast.proxy process a HUP signal.

The same applies to changing the license via the command line. After changing the license file, send a HUP signal to the com.avast.daemon process.

To reflect the changes in the GUI, a restart (TERM signal) of com.avast.service is required.

Hello all,

Is there command-line documentation for Avast for Mac somewhere?
I know I can manually edit .conf files and sudo killall com.avast.service but I’d rather use a documented way of configuring it (and start/stopping).

Thanks

The only “command line documentation” is for the command line scanner that comes with Avast. See “man scan” for details. The configuration
files for the shield/engine also come with some basic comments when installed (the comments go away after the first configuration change).
But generally, we do not support any other configuration than from the program GUI.

Thanks for replying. I hope you change your mind. It’s not fun to try to configure multiple machines via Screen Sharing/Remote Desktop. Especially when the settings don’t stick (see my upcoming post).

I have looked at the latest business console and it contains all the options that are available in the Mac GUI.

The latest version of Avast also contains all the SSL-related changes that have been previously tested in
the Beta version which should have solve the waste majority of HTTPS/IMAPS issues. If you still encounter some
web pages not loading, please report it here on the forum.