As the previous thread became too long, I though it best to start this. After several weeks and various suggestions, I’ve finally gotten Avast to work for a limited user account. But a few questions still remain.
By loading the local hive, HKCU, while running as the administrator, and navigating to the Avast\4.0 key, I was able to add the limited user account to permissions and grant it FULL CONTROL. (The limited user hive previously had only permissions for Admin, Restricted, System and S-1-5-21…, so that’s why it could not run as a local user.) Then when I logged on as the limited user, Avast opened as it should and the CPU was no longer running at 100%. I ran a full scan and it completed. How the limited user key was written to the registry without limited user permission remains a mystery.
→ However, I’d still like to have the Avast team confirm that the limited user should have FULL CONTROL of that 4.0 Key under HKCU. I don’t want to make an error and compromise the machine’s security. Is there some further testing that should be done to be sure that it is working correctly/safely?
On this limited user hive, the branch goes Software\ALWIL Sofware\Avast\4.0\ and then there are sub-branches for ashSimp and ashUint. However, on the adminstrator hive, the branch ends at 4.0 WITHOUT these two sub-branches. What it also odd is that when I ran in safe mode, I seem to remember the Avast\4.0 branch under the HKCU key having THREE sub-branches (ahsLogV, ashSimp2 and ashUInt,
→ So, should there be 0, 2 or 3 sub-branches under the 4.0 key for admin and limited users? I’m not sure that logging of scan results is working.
On the administrator hive, in Software I saw Symantec\ with branches to Common and Systemworks, and also Software\Symantec\Norton Utilities. Both of these branches have permissions to all users, but will not let me delete them. I don’t think these had any effect on the issue, but it’s odd that they are still there since I had used Add\Remove, the Norton Removal Tool and swept the registry for Norton\Symantec\NAV.
– > Is there some other procedure to delete these keys that won’t permit deletion? I tried creating a NEW admin account, granting it permission to the original admin account, loading the original hive under this NEW admin acct to delete these original admin’s keys, but it still would not work.
Thanks.