firewall settings

Hi all.
First let me say avast has worked great and is a good program.
I have ZonealarmPro 4.5 and i need to know what avast components need access.
I have Rpcss.exe, Ashwebsv.exe, ashServ.exe and avast.setup. Could you please tell me what the internet and server access to give them ?
Thanks in advance :wink:

Into the firewall settings, the following programs should be allowed to connect (no nne needs server rights):

ashServ.exe (avast! antivirus service)
ashWebSv.exe (avast! Web Scanner)
ashMaiSv.exe (avast! e-Mail Scanner Service)
ashUpdSv.exe (avast! Update Service)
avast.setup (avast! Update executable)

Welcome to avast… :wink:

Thanks !
Avast.setup wants sever and internet access
Also Distributed COM Services(rpcss) sometimes wants server access too…
I need to know what the settings are for these, please the setup says it wants server rights. It’s kinda weird they didnt demand access like other things like yahoo or the update for avast.

Are you sure?
I do not use ZA anymore but I thought it never asked for server rights… ::slight_smile:

ok sorry i see that its “internet” and “trusted” access. Should I do both ?
What about RPCSS ?

RPCSS is not an avast process but a windows process.

http://www.liutilities.com/products/wintaskspro/processlibrary/rpcss/

You have to identify what is using RPCSS and decide if it is valid use.

i’ve allways forbidden access in ZA for distributed com service (microsoft spy ?) and never had any problem !

:wink:

Hi,

ashWebSv.exe (avast! Web Scanner)
ashMaiSv.exe (avast! e-Mail Scanner Service)

both need server rights. If you are asked or not depends on the setup of your firewall. These executables do not provide any service for the internet and they don’t listen on external network interface, so internet server rights are not needed. They however listen and accept connection on the localhost interface, so the server rights are needed for either the trusted zone or localhost. How exactly this is represented in your firewall, whether the firewall asks you to permit server rights on localhost or not depends on your firewall vendor and configuration.

What I wanted to say is that it is perfectly correct that both Web Scanner and Mail Scanner open ports on localhost and accept connections there.

This is the ‘common’ language for server rights here in Brazil.
Server rights means ‘Internet server rights’, outbound connections as a server.
This was my thinking when I wrote they don’t need this kind of rights. 8)

Hmmm, I don’t know a lot about computers, but I thought basically no one needs server rights.
Could you please explain in simpler words why I should give these two server rights.
Is this why the internet mail and webshield say they are not running and need a subsystem to start?

Lukas was talking that some avast! components behave like a ‘server’ for the own computer. I mean, they ‘act’ as a server if you look for the user. But they never connect the Internet as being a server (sending information, etc.). Don’t worry, Lukas just confirm what you’ve already know: ‘server rights’ are not needed by any part of avast.

No, it’s not… this is not the standard behavior… Did you disable avast! services?

I didn’t think I did. I set up Avast and ZA on the same day as I removed NAV and firewall. They whole experience left me a little foggy.
Did I disable those two functions?? ??? If I did, was it so as not to interfer with my firewalll ???

And, I also can never remember how to get that display panel that comes up when you right click on Avast and click on “start Avast! antivirus”, then the memory scan starts and a taupe rectangle display comes up for scanning.
I have an automatic scan set up for every two weeks, but that display says I have never scanned my system.

Is this TMI, should I post this elsewhere?

Thanks for whatever sense you can make out of all this :wink:

Hey Technical,

I think you meant "aswUpdSv.exe not ashUpdSv.exe

At least that’s the way it is on my system. (and IIRC; for some time)

I just didn’t want someone doing a search for the wrong filename. :wink:

It seems you have some misunderstandings left over from Norton. Avast settings dont facilitate auto sheduling of scans unless you have the pro version i think Check out this linkhttp://forum.avast.com/index.php?board=2;action=display;threadid=3796as it shows how it can be done with windows sheduling.
I seem to think Lucas was actually saying server rights are needed for update and web shield to work .
I couldnt see them doing any harm by allowing it for them and they just might work.
I personally swapped ZA for Kerio recently and lots of others have also.
Good luck :slight_smile:

Clouseau, no I knew that I’d have to schedulte the task in my windows scheduler, and I did that. And I know it doesn’t run a fullscan.
I just wondered why the display panel said I had never done a scan…is that refering to full scans only? Not the scans set to run automatically?

Thanks.

I’ll look into giving Avast! server rights for those two proceeses…

I just wondered why the display panel said I had never done a scan...is that refering to full scans only? Not the scans set to run automatically?
This only registers Full HDD (Local disks) scans initiated from within the Simple User Interface.
I'll look into giving Avast! server rights for those two proceeses......
You shouldn't need to, the explanation was that these processes act like servers, but since they are working from the LocalHost area, they don't need Internet Server access.

Hi all,
I still haven’t come to a solid conclusion on what setting to use.
Today Distributed COM Services demanded server rights
Please look here and tell me if there is a problem.

Process PID CPU Description Command Line Version Window Status
Idle 0x0 88.13 System Idle Process
DDHELP.EXE 0xFFFC0E1D Microsoft DirectX Helper ddhelp.exe 4.09.0000.0900
RUNDLL32.EXE 0xFFFBDAD5 Run a DLL as an App rundll32 4.10.0000.1998
KERNEL32.DLL 0xFFEFF659 1.30 Win32 Kernel core component 4.10.0000.2222
MSGSRV32.EXE 0xFFFF82E5 Windows 32-bit VxD Message Server 4.10.0000.2222
MPREXE.EXE 0xFFFFBF71 WIN32 Network Interface Service Process C:\WINDOWS\SYSTEM\MPREXE.EXE 4.10.0000.1998
VSMON.EXE 0xFFFEFEC9 1.11 TrueVector Service C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service 4.05.0594.0000
ASHSERV.EXE 0xFFFE5029 0.19 avast! antivirus service “C:\Program Files\Alwil Software\Avast4\ashServ.exe” 4.06.0622.0000
RPCSS.EXE 0xFFFC6BC5 Distributed COM Services RPCSS 4.71.2900.0000
mmtask.tsk 0xFFFFAA55 Multimedia background task support module 4.03.0000.1998
EXPLORER.EXE 0xFFFEF901 0.37 Windows Explorer C:\WINDOWS\Explorer.exe 4.72.3612.1700 Running
TASKMON.EXE 0xFFFDAE29 Task Monitor “C:\WINDOWS\taskmon.exe” 4.10.0000.1998
ZLCLIENT.EXE 0xFFFCBDE9 0.74 Zone Labs Client “C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe” 4.05.0594.0000 Running
SYSTRAY.EXE 0xFFFC5E4D System Tray Applet “C:\WINDOWS\SYSTEM\SysTray.Exe” 4.10.0000.2224
ASHWEBSV.EXE 0xFFFC14A9 avast! Web Scanner “C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE” 4.06.0652.0000
IEXPLORE.EXE 0xFFFA74A5 Internet Explorer “C:\Program Files\Internet Explorer\IEXPLORE.EXE” 6.00.2800.1106 Running
PROCEXP.EXE 0xFFF731B1 8.16 Sysinternals Process Explorer “C:\Utilities\Sysinternals\process\procexp.exe” 8.06.0001.0000 Running

Process: RPCSS.EXE Pid: FFFC6BC5

Type Name Handle Access
Device WSOCK2 0x60 0x00000000
Event 0x10 0x001F0003
Event 0x18 0x001F0003
Event 0xA0 0x001F0003
Event 0xA8 0x001F0003
Event 0xB0 0x001F0003
Event 0xB8 0x001F0003
Event 0xC4 0x001F0003
Event RPCSS_Initialized_Successfully 0xD0 0x001F0003
Event 0xD8 0x001F0003
Event 0xE4 0x001F0003
Event 0xEC 0x001F0003
File C:\WINDOWS\TEMPOR~1\CONTENT.IE5\INDEX.DAT 0x7C 0x00000133
File C:\WINDOWS\COOKIES\INDEX.DAT 0x88 0x00000133
File C:\WINDOWS\HISTORY\HISTORY.IE5\INDEX.DAT 0x94 0x00000133
MappedFile rpcrt4sharedmem 0x14 0x00000000
MappedFile fileAllocatorMutex 0x40 0x00000000
MappedFile DCOMSharedGlobals12321 0x48 0x00000000
MappedFile fileAllocatorMutex 0x50 0x00000000
MappedFile C:_WINDOWS_Temporary Internet Files_Content.IE5_index.dat_606208 0x80 0x00000000
MappedFile C:_WINDOWS_Cookies_index.dat_32768 0x8C 0x00000000
MappedFile C:_WINDOWS_History_History.IE5_index.dat_81920 0x98 0x00000000
MappedFile nView Shared Memory 0xF8 0x00000000
Mutex nView Shared Desk Mutex 0x100 0x001F0001
Mutex nView Shared Trans Mutex 0x104 0x001F0001
Mutex MsnSspcPrivatePwdMutex 0x1C 0x001F0001
Mutex 0x20 0x001F0001
Mutex OleCoSharedStateMtx 0x24 0x001F0001
Mutex OLESCMSRVREGLISTMUTEX 0x28 0x001F0001
Mutex OLESCMGETHANDLEMUTEX 0x2C 0x001F0001
Mutex OLESCMROTMUTEX 0x30 0x001F0001
Mutex OleDfSharedMemoryMutex 0x34 0x001F0001
Mutex ScmWIPMutex 0x38 0x001F0001
Mutex ObjectResolverGlobalMutex 0x44 0x001F0001
Mutex Winsock2ProtocolCatalogMutex 0x54 0x001F0001
Mutex Winsock2ProtocolCatalogMutex 0x58 0x001F0001
Mutex WininetConnectionMutex 0x68 0x001F0001
Mutex 0x6C 0x001F0001
Mutex WininetProxyRegistryMutex 0x70 0x001F0001
Mutex !MSFTHISTORY! 0x74 0x001F0001
Mutex c:!windows!temporary internet files!content.ie5! 0x78 0x001F0001
Mutex RPCSS_RUNNING 0x8 0x001F0001
Mutex c:!windows!cookies! 0x84 0x001F0001
Mutex c:!windows!history!history.ie5! 0x90 0x001F0001
Mutex WininetStartupMutex 0x9C 0x001F0001
Mutex OLESCMLOCKMUTEX 0xC 0x001F0001
Mutex MPRMutex 0xD4 0x001F0001
Mutex 0xDC 0x001F0001
Mutex 0xE8 0x001F0001
Mutex 0xF0 0x001F0001
Mutex nView Shared Memory Mutex 0xFC 0x001F0001
Process RPCSS.EXE(FFFC6BC5) 0x4 0x001F0FFF
Semaphore DocfileAllocatorMutex 0x3C 0x001F0003
Semaphore DocfileAllocatorMutex 0x4C 0x001F0003
Semaphore 0xB4 0x001F0003
Semaphore PowerProfileRegistrySemaphore 0xF4 0x001F0003
Socket 0x64 0x00001130
Socket 0xA4 0x00001130
Thread RPCSS.EXE(FFFC6BC5): FFFC6919 0x5C 0x001F03FF
Thread RPCSS.EXE(FFFC6BC5): FFFA4CE1 0xAC 0x00000000
Thread RPCSS.EXE(FFFC6BC5): FFFA4579 0xBC 0x00000000
Thread RPCSS.EXE(FFFC6BC5): FFFA7789 0xC0 0x00000000
Thread RPCSS.EXE(FFFC6BC5): FFFA4A59 0xC8 0x00000000
Thread RPCSS.EXE(FFFC6BC5): FFFA4CE1 0xCC 0x001F03FF

rpcss - rpcss.exe
This program is important for the stable and secure running of your computer and should not be terminated.
???