Avast Endpoint Protection 8.0.1603, with SOA 1.3.3.35.
This is just a long shot, but in recent days Network Discovery has gone haywire on my network. About half the machines on the network no longer show up in the “Network” applet in Windows Explorer on Windows 7.
I have read the standard “how to fix it” articles. I’m NOT looking for information on how to fix it. I know how to fix it.
But this didn’t used to happen, so something has changed to cause it to happen. I’m looking for information on what is causing the problem.
Endpoint Protection has known issues with interfering with orderly Windows startup processes. The most typical one is that a computer running Endpoint Protection will display an empty desktop (no icons) on bootup for up to ten or 15 minutes or longer. Sometimes the desktop won’t fill in until the computer is rebooted. This seems to be an issue with Avast’s on-boot update process. I am getting increasing reports of this problem happening.
So I am wondering if Avast also interferes with network discovery processes.
There is a service called Function Discovery Provider Host on Win 7 boxes. Although some machines will show up on the network without this service running, if a machine is not showing up, turning the service on will cause it to appear in the list. The standard setting for this service is manual start up. Although I haven’t been able to find official information on what causes this service to start, it is found to be running without my intervention on some of the machines that do show up on the network. I am thinking that maybe starting the “Network” applet or clicking the Network node in the Windows Explorer tree starts the service.
I hypothesize that sometimes Endpoint Protection prevents this service from starting when it is needed.
Has anyone else seen this? Any insights at all on the relationship of Avast to functioning of Explorer.exe and network discovery services?
nope you have way bigger problems, but if you want to test, turn off everything but real time and browser shields in your policy on your server, push update out to the group(s) and see if it makes a difference, there are many thing could be seriously wrong, also check you don’t have a machine called “wpad” on your network, it’s the biggest built in security issue in the whole of microsoft networking.
you should check your DC health using whatever procedure is relevant to your domain level.
If you suspect AVAST just turn off the shields in the policy
I probably should have added that we do not use an Active Directory domain, or a “genuine Windows” domain of any kind. We use SAMBA 3 NT-style domain emulation on a PDC running linux. Nonetheless, network discovery has worked reliably under that configuration until very recently.
Since my original post I have continued to research the issue. There are several situations in which various MS updates have partially broken the features necessary to enable network discovery on the workstation side, beginning in Windows 7 and continuing in 8, 8.1, and 10. It appears that MS has abandoned any effort to preserve backwards compatibility for this feature. I’ve talked to a lot of people about it; apparently not many people really care about specifically being able to open a window, double-click a machine in the Network list, and do something to a share on that machine. They don’t have over 100 machines on which they need to frequently drop updated software files. Yes, there are other ways to do this, but they aren’t nearly as fast or as easy.
I don’t think there’s anything wrong with my PDC. There may be additional tweaks that I can make to that system to improve the situation. For one thing, there is no specifically-designated “master browser” in the domain, and there never has been. Until now, network discovery has worked just fine without it. I could tweak the PDC SAMBA installation to establish one. I might also be able to safely designate one of the actual Windows servers on the domain to perform that function.
I was just trying to rule out Avast as a cause for the problem.
I have seen a conflict between the Windows firewall and the Avast Firewall that keeps switching the network from PRIVATE to PUBLIC. It is a pita to have to mess around trying to get this reverted back to private.
It seems to revolve around a couple of ‘features’
Windows instance that each PC be part of a HomeGroup.
Windows losing track of the network interface and re-registering said interface, causing Avast to question its validity.
Windows updates un-installing the LAN drivers to install what it thinks are newer better drivers only to fail - all silently of course.
It gets a whole lot worse on Win10 - to the extent that I have butchered the scheduled Update task to run only on Friday evenings.
Now if I can identify the service/task that decides if a network is public or private I work inhibit, delete or destroy that useless interfering piece of crap. - Any ideas anyone ?
On firewalls–very interesting. However, on my network, no firewalls are running. The Windows firewall is completely turned off, and we don’t use any third-party firewalls, including Avast’s.
Okay. Someone else suggested that if I’m running Avast, then I have a firewall in effect. Is that true for Endpoint Protection Suite Plus? All of the stuff I can find on the web about an “Avast Firewall” only applies to the Premier or Internet Security versions of individual-installation Avast. I can’t find anything that specifically refers to “firewall” in the ordinary configuration options for Endpoint Protection in either the client software or the SOA.
I have the “Network Shield” turned off in the SOA, and I can verify that the shield is not running on the clients. Is that the “firewall”?
There ARE firewall configuration options in the SOA “Expert Settings” dialog–a lot of them. I can’t find anything on the web that indicates what any of them mean or what they should be set to in order for the firewall to be turned off.