Managed Client don't detect virus

Hi, All.

Managed Client does not detect the virus AutoIt: Balero-A / AutoIt: Balero-A2.
I run scan all drives with a maximum sensitivity. It gave no results. Next, I uninstall Managed Client and install avast Home. Virus was detected Standard Shield, Heuristic analysis :o ??? (not in logs) and Simple User Interface (after first reboot).

Warning.log:
24.09.2009 17:39:12 1253795952 SYSTEM 1700 Sign of “AutoIt:Balero-A2 [Wrm]” has been found in “C:\WINDOWS\system32\csrcs.exe>>>AUTOIT SCRIPT<<<” file.
24.09.2009 17:39:12 1253795952 SYSTEM 1700 Sign of “AutoIt:Balero-A [Wrm]” has been found in “C:\WINDOWS\system32\csrcs.exe\AutoIt.script” file.
24.09.2009 17:39:12 1253795952 SYSTEM 1700 Sign of “AutoIt:Balero-A2 [Wrm]” has been found in “C:\WINDOWS\system32\csrcs.exe>>>AUTOIT SCRIPT<<<” file.
24.09.2009 17:39:12 1253795952 SYSTEM 1700 Sign of “AutoIt:Balero-A [Wrm]” has been found in “C:\WINDOWS\system32\csrcs.exe\AutoIt.script” file.
25.09.2009 9:36:36 1253853396 User 2960 Sign of “AutoIt:Balero-A2 [Wrm]” has been found in “c:\windows\system32\csrcs.exe>>>AUTOIT SCRIPT<<<” file.
25.09.2009 9:36:45 1253853405 User 2960 Sign of “AutoIt:Balero-A [Wrm]” has been found in “c:\windows\system32\csrcs.exe\AutoIt.script” file.

configuration: 130 computers WinXPproSP3+Managed Client4.8.1038+latest virus database.

did you report this directly to the support desk already??

if not, do it directly, since they dont always read the forum i assume…

though it is strange since the managed client and the non-managed clients use the same engine i believe (would be strange to not have the same detection engine)…
you are very confident that the client that had the managed client installed on it was really up to date? that one machine in the network is up to date doesnt mean that all are (checked in ADNM or manually on the client itself?)

support.avast.com ?

:frowning: :o

it is very strange

all computers are updated, these machines are some (infected).

not support.avast.com but the option in ADNM to make a supportticket

dont pull what i say out of context hey :slight_smile:
i said: they dont always read the forum i assume (big difference cuz its my assumption, maybe they do read it)

They do read it, they’re just really busy on the new version, and the conference that was just held.

support@avast.com ?

And where are they? I think that the support service is not here! While they’re busy, I’ll have to remove net-version and install pro on the 130 computers!

do you think, buy avast next year? ::slight_smile:

Failed to deliver to ‘support@avast.com’
SMTP module(domain avast.com) reports:
lion.asw.cz: DNS server failure

;D :-X ;D :o ??? ::slight_smile: :cry:

you mailserver apparently refuses to send mail to a server that has no reverse DNS. Therefor i did the following check:

smtp:91.213.143.55 smtp 220 ****************************************************************************

Not an open relay.
0 seconds - Good on Connection time
0.640 seconds - Good on Transaction time
Reverse DNS FAILED! This is a problem.
OK - Reverse DNS matches SMTP Banner

Session Transcript:
HELO please-read-policy.mxtoolbox.com
250 lion.avast.com Hello recover.mxtoolbox.com [64.20.227.133] (may be forged), pleased to meet you [156 ms]
MAIL FROM: supertool@mxtoolbox.com
250 2.1.0 supertool@mxtoolbox.com… Sender ok [172 ms]
RCPT TO: test@example.com
550 5.7.1 test@example.com… Relaying denied. IP name possibly forged [64.20.227.133] [156 ms]
QUIT
221 2.0.0 lion.avast.com closing connection [156 ms]

This is a problem that the administrators from avast need to solve to get reverse dns working, probably a result of the recent move of building and thus internet connection?

That’s no good…

Well. I have the same problem. I can detect this virus (AutoIt:Balero-A2) only with the Prof. version of avast (program version - 4.8.1356) and my net client edition (program version - 4.8.1038) does not detect it. And I can not update my netclient edition to newer version because it says that I have the final one and I do not need to update it. So, what should I do??? I do not want to reinstall avast on all my client computers. Please help!!! Where is support stuff???

do nothing! and support will not come!
Here is my correspondence with them (note the date):

Ticket Details
Ticket ID: RJS-487609 Department: QA
Status: Follow up Priority: High
Created On: 28.09.2009 14:13 Last Update: 01.10.2009 12:22

USER
Posted On: 28.09.2009 14:13
Managed Client does not detect the virus AutoIt: Balero-A / AutoIt: Balero-A2.
I run scan all drives with a maximum sensitivity. It gave no results. Next, I uninstall Managed Client and install avast Home. Virus was detected Standard Shield, Heuristic analysis Shocked Huh (not in logs) and Simple User Interface (after first reboot).

Warning.log:
24.09.2009 17:39:12 1253795952 SYSTEM 1700 Sign of “AutoIt:Balero-A2 [Wrm]” has been found in “C:\WINDOWS\system32\csrcs.exe>>>AUTOIT SCRIPT<<>>AUTOIT SCRIPT<<>>AUTOIT SCRIPT<<<” file.
25.09.2009 9:36:45 1253853405 User 2960 Sign of “AutoIt:Balero-A [Wrm]” has been found in “c:\windows\system32\csrcs.exe\AutoIt.script” file.

configuration: 130 computers WinXPproSP3+Managed Client4.8.1038+latest virus database.

http://forum.avast.com/index.php?topic=49006.0

STAFF
Posted On: 01.10.2009 09:18
Hello

There is only one VPS (virus database update file)for avast! products. So the only reason why Netclient didn’t detect the virus infection is old VPS.

Make sure, that avast! netclient is fully updated. Fully updated AMS Mirror is not enough.

Martin Kvid
2nd Level Technical Support & Quality Assurance
ALWIL Software a.s.

USER
Posted On: 01.10.2009 12:22
earlier:
Avast Home with VPS on 18/09/2009 (get from site) and 24/09/2009 - found
Avast NetClient with VPS on 24/09/2009 - not found

today:
check file A0004552.exe (attached; password - 1)
Avast Home with VPS on 30/09/2009 - found
Avast NetClient with VPS on 30/09/2009 - not found

Attachments A0004552.rar (391.13 KB)
home.JPG (48.71 KB)
netclient.JPG (43.43 KB)

That’s all!
But I still wrote the e-mail 30.09.2009. And that’s what they answered 12.10.2009:

Hello

Detection for Netclient version will be added in the next update.

Martin Kvid
2nd Level Technical Support & Quality Assurance
ALWIL Software a.s.

Ticket Details

Ticket ID: OKR-982050
Department: QA
Priority: Default
Status: On Hold

Today is 21.10.2009. They are silent a month!
But judging by the fact that the updates of netclent produced rarely, we will be happy only after 3 months.

Hello. Here is there answer. They promise to release new version of Net Client till the end of November. I am not satisfied with this quality service because of the speed of reaction.
I can thank them for the quick answer, but not for the quick new version release :frowning:
"Hello, we are sorry we know about this issue, but this issue can be solve only with new NEt-client and there is no date for new Net-client release, we hope it will be till the end of November.
Best regards,
ALWIL Software a.s. support team "

want to add: and be friends with viruses and they have not touched! ;D ;D ;D

I have a feeling that the developers do not need corporate clients. Why do I need an apology and promise to solve the problem for months? What for I paid the money?

avast - the best FREE antivirus! ;D ;D ;D

Well,

Logically either use NetClient or avast prof have same engine to detect attackers, or something happened with avast NetClient compiling?

Have you checked your avast NetClient configuration and compare with avast prof edition?

Regards,
Yanto Chiang

Is it question for me, or for developers?

Hi Kosov,

Yes the question is address to you, just wonder is there any miss with your configuration?
Because, as i mentioned that either avast prof or avast NetClient have a same engine. So it would be different, except we are to late to update avast VPS Definition.

regards,
Yanto Chiang

Yes, there is same engine in 'Pro and NetClient. But not the SAME VERSION of engine! NetClient has much older one. And it’s a common fact that Home\Pro begins to detect new viruses only after engine update, not after signature update.

Hi Elta,

Yes that is true,
normally if we check with ADNM there is a differential between NetClient + ADNM engine with Pro/home user one.