In v2016, why is this file trying to connect to the internet?:
C:\Program Files\Common Files\AV\avast! Antivirus[b]backup.exe[/b]
It identifies itself as “Avast Settings Backup”.
What information is it trying to send, and how do I disable it?
My ‘Windows 10 Firewall Control’ just just popped up saying this backup.exe is wanting connect to the net. I disabled it for time being. Should it be allowed?
Same here. I’ve blocked it on my host based firewall. Only started this morning. I can’t see an option to disable the ‘backup’ feature.
Hi guys,
this file (with upgrade.exe in the same directory) is the recommended way by Microsoft how to get better user experience during upgrade to windows 10.
It does two things:
- backup avast license and settings to the file which are transferred to the windows 10 and then automatically used during avast installation
- send us statistics about active users and their operating system and little more info but nothing personal, see code below:
This is statistics sending code cut&paste from backup.exe sources with added explaining comments:
map_vals["guid"] = g_globals->guid(); // installation guid (old way to compute users)
map_vals["midex"] = g_globals->midex(); // new installation guid (new way how to distinguish that statistics are from different user)
map_vals["edition"] = edition; // edition of avast
map_vals["build"] = GetAvastBuildNo(); // version of avast
map_vals["os"] = GetOsBuildNo(); // version of windows
map_vals["statsSendTime"] = std::to_string(_time32(nullptr)); // time when statistic was generated
map_vals["statver"] = "2.30"; // version of statistics
map_vals["backupver"] = GetBackupBuildNo(); // version of this backup.exe file
map_vals["event"] = "upgradeW10"; // type of statistic
AddWscReport(map_vals); // adds other antiviruses registered in windows security center
You can verify this by capturing http comunication from backup.exe.
Thanks,
pm
This thing popped up on my firewall last night. Blocked it as it was unknown. Don’t plan to upgrade to Windows 10 anytime soon … so , there is definitely something fishy here…
I think that this sort of data extraction from a user’s PC should be fully disclosed in the license and terms of service. This is something I would only expect from Microsoft!!!
As petr explained, there is nothing fishy about it.
It is covered in the privacy statement/EULA from avast.
I agree.
avast! has already got the nasty telemetry/tracking module in ‘AvastUI.exe’, and the suspicious behaviour of ‘avastemupdate.exe’.
…and now this!?
Please give us more checkboxes under ‘Settings’ > ‘General’ > 'Privacy’, allowing us to opt-out, without the use of workarounds such as firewalls and the Windows Task Scheduler!
When installing avast you agreed to the EULA/Terms.
If you don’t like them, don’t use avast but something else.
But guess what…
All other av vendors have simular things in their EULA/Terms.
Yeah, yeah…
I’ve heard that silly argument before.
These kind of privacy violations can’t be justified simply by pointing a finger at the misdeeds of others!
Guys, there isn’t anything private and it doesn’t send files to our servers. We just need to compute our losses of users during upgrade to windows 10. How would you do it?
I am developer and I disagree with many things in avast but not with this one.
If you want more information about this just keep asking here I will try to answer everything.
Thanks,
pm
Is Microsoft not upgrading or are they deleting Avast during the upgrade procedure ?
I’ve never upgraded a system to Windows 10 that had Avast removed after the upgrade ???
Yes, if Microsoft detects AV during upgrade to win10 it does one of the following:
- [installed version compatible with win10] upgrade transfer this version to the windows 10 and it should run (sometimes we detect a troubles with these versions like firewall not running etc.)
- [installed version isn’t compatible with win10] upgrade deletes AV but transfers backup.exe and upgrade.exe and their data files (settings and licence) and start it after some time on windows 10 to offer user his original AV, but user can have another AV installed by this time or whatever else and we would like to detect if that user is lost for us or not
pm
These kind of privacy violations can't be justified simply by pointing a finger at the misdeeds of othersThere are no privacy violations at all. If there where avast and others would have had a conviction by one (or multiple) court(s) a long time ago already. Same goes for others. There are no misdeeds. If you don't like things it doesn't mean they are violations or misdeeds.
I have had problems with the firewall not starting which has always been cured by doing a repair. I’ve never had a problem with the free version of Avast but, they were always the latest version of Avast.
Well I have opted-out of everything I can regarding data collection. Reading the Avast privacy statement here, https://www.avast.com/en-us/privacy-policy I can find no reference to the backup.exe function. Also, just to be clear, I do not use the Avast Backup Service.
Firewalled it …
I understand that some telemetry is needed, so I guess the real gripe here is that this is new application behavior which consisted of contacting a remote server. No advance notice was provided to end users. Any decent system administrator who cares about data security would naturally be concerned by a sudden change such as this.
I do not understand many developers assumptions today that it is just ok to grab anything they feel is necessary off the user’s PC, that a vague blanket EULA gives carte blanche access to anything at any time.
Hiding behind a EULA does not make it right.
Just noticed that Avast has created sheduled task for this backup.exe. So you can turn it off it by opening Task Scheduler and disabling this scheduled task for Avast backup.exe. It’s scheduled to run at Windows start-up and also at specific time.
I don’t see a backup.exe as a scheduled task, only the AvastEmUpdate.exe on either system as neither have updates to win10
I suggest that you read Reply #11 as it appears Microsoft creates this if upgrading to win10 and it considers your AV incompatible.
So considering you haven’t got win10 it is a bit strange. I just wonder if this might have anything to do with the Avast Passwords function (synchronisation).
Avast backup settings is task created by backup.exe and if you delete it, you will disable backup.exe functionality (I am sorry to see you disabling it but if you must… it do nothing bad).
pm
Thanks for the clarification Petr, exactly what function/feature is responsible for the backup.exe ?
Which presumably is only in the paid version/s as I don’t see it in either of my avast free systems.
One reason for this question is your previous post Reply #11
Backup.exe is distributed by emergency update to all avast versions which are running or newly installed on Windows 7, 8 and 8.1. You may also notice it on Windows 10 only if you upgraded from previous windows version.
pm