Manually exiting Avast! without turning off self-protection module

I can open services, and shut down Avast! manually with the self-protection module on,
provided I respond to the modal dialog it pops up filling the screen. In this way, I shut down
all 3 Avast! services.

However, it leaves the UI running (AvastUI.exe). I’m aware I can disable the self-protection module,
and then kill it with task manager, but I don’t want to do that. When I attempt to kill it with task
manager, why doesn’t it pop up another modal dialog which I can respond to to let me kill it?

As it stands, if I don’t want to muck with the self-protection settings, it appears I have to
install a kernel mode process kill program specifically for this purpose. It seems silly because
the services (which I can shut down) are the critical pieces of Avast!, not the UI.

Please add this feature, or at least an “exit UI” option on the system tray icon.

(Yeah I’m aware I can hide the icon, but the task is still there, even if it isn’t doing anything.)

Why do you want to do this ?

avast is designed as a ‘resident’ on-access antivirus and the self-defence module is there to prevent it from being easily shutdown leaving you unprotected.

Given your other post it looks like you want an on-demand scanner which avast wasn’t designed to be. Even with the services disabled/stopped the low level drivers will still be there.

I think he’s saying that if he can do it manually, then a piece of malware might also be able to do it. He’s pointing out that the self protection might not be working as well as it should.

I’m saying nothing of the sort, the main point is why does beyondo need to do this.

I didn’t say you were saying it, I meant that he was. I don’t think he wants to able to do those things , only pointing out that he can do them without the self protection preventing it. Or, if he does actually want to do it for some unknown reason, why is he able to?

my opinion is that avast services shouldn’t let you disable them when the self-defense module is on :wink: as to the UI, yeah there should be an option to exit, with an avast protection dialog box confirmation, so without having to disable the module in the first place.

Why would that be needed? doesn’t matter, you’re running your computer and there can always be circumstances, like conflicts when trying out some other security software etc…

edit: I believe too that Avast services could be very easily disabled by malware, with the current self-protection system. There’s just no real anti-termination protection.

I only want the virus software running when I choose, not all the time.

I understand the purpose of the self-defense module.

Actually, I want to use the on access scanning too, but only at certain times…such
as let’s say when I’m installing a new program.

I wasn’t asking about the low level drivers. I was wondering why the same “prompt-response”
system couldn’t be used to terminate AvastUI.exe as it’s used to terminate the services
(with self-protection module active).

Wouldn’t that be consistent? Is the problem that the modal dialogs are run by
the services themselves, so that when they exit nothing is left?

Exactly-- The question to me is this. even if wants to disable everything, why is he able to when the self protection is active?

Eh… geez folks, he just wants an Exit item on tray icon right-click menu (or equivalent on the disable shields prompt). Has nothing to do w/ malware disabling the avast services or whatever similar (which wouldn’t really be so easy as it is since it uses alternate desktop requiring a manual action) - plus the AvastUI.exe thing doesn’t provide any realtime protection anyway.

@ beyondo
Having it on-access only at times you are installing software is a bit of a waste of time if your virus database is out of date (IMHO) as you are suggesting (updating it every 30 days) in your other post. An out of date security application is a false sense of security.

Trying to cripple what is designed as a resident on-access antivirus if you want am on-demand antivirus use one designed for that use.

I set it to 30 days simply to make sure it wasn’t constantly trying to access the internet.
The default is… 4 hours!? I could certainly choose to update it more often if I wanted.

Avast certainly has a ‘scan’ function and I don’t see why I can’t use it for that purpose.
Often, I can verify that an installer (exe) has been out on the internet for some time
(using md5 hash) but don’t know much else. The fact that it dates, say, to 2008, is
enough to ensure it’s covered by any recent virus program.

I picked avast because I was sick of McAfee and heard good things about Avast! and
am not aware of any virus program that is designed solely for “on demand” use. I’m
aware of the risk of 0-day infections if I start downloading random exe’s from porn sites.

Well, w/ updating once in 30 days it’s kinda pointless to use an AV. Your settings won’t be honoured anyway, there’s a separate thread about not even 1440 minutes (1 day) being honored. As for the rest, this is NOT designed as on-demand AV, simply because the drivers are loaded anyway even if you disable the realtime protection, so if you install another AV you are calling for a big trouble.

With the number of ordinary sites compromised every day, any browsing (e.g. reading your favourite magazine) is of a similar risk. It’s not true anymore (for a long time) that you have to visit “dangerous” sites to get infected.

If you disable all the services anyway (i.e. stop the resident protection), what’s the point of the self-defense (i.e. why do you want to have it enabled)? I see no logic here…

WRT to update interval, the large IT department at my work has us scheduled for weekly updates,
which they apparently believe is optimal. Those that reconfigured their machines for daily updates
had the pleasure of having their machines shutdown last week last by McAfee due to netsvc.exe
being deleted (false positive).

I guess I’m an extraodinary man then. I’ve never been infected since I put this computer together in 2000.
And I install a lot of stuff, some questionable, from the web. I’m just careful about where I get it. Actually,
I’ve had more problems from the virus software than from viruses–like the McAfee debacle last week.

I’m not following you here. I’m going to have Avast! either on or off, when it’s off, I’d like it all off, when it’s
on I’d probably just be running the basic file access scanning (not the web scanning).

Well, your IT dept. definitely needs a sanity check… ::slight_smile: :o

Well… you think so :wink:

I’m saying that if you stop the resident protection, the self-defense is pointless (it’s there to prevent killing the antivirus by an unknown malware - but if you stop the resident protection, the antivirus doesn’t run anyway) - so if you want to “use” the antivirus this way, simply disable the self-defense as well… I don’t see why you want to have the resident protection stopped and self-defense active.

As for why the consent dialog isn’t there for killing AvastUi… I assume because there exists a common “interface” for stopping services (which the user can invoke from the Service manager, for example) - while killing a process is quite a special action. Besides, I don’t know why you’d want to kill AvastUI anyway - if you don’t want it running, remove the corresponding auto-start entry from registry.

Ok, I see what you’re saying. The reason I want to be able to shut everything down without turning off
the self-defense is that it’s another thing I’d have to re-enable when I want to use Avast!. Right now,
I have the main service set to manual, not automatic, and the AvastUI removed from the auto-start list.
Thus, I boot windows and Avast! is not running. I can launch the main service manually, and then
click on the icon to launch AvastUI.exe and I’m good to go–two steps. If I had disabled the
self-protection, then I’d need to go into settings and re-enable it, another step to remember.

See the above. The reason is that though I indeed have the machine configured so Avast! doesn’t run
on boot, if I do run Avast! and then want to stop running it, I can’t shut down the AvastUI process without
shutting off the self-defense module, which I then must re-enable since I want to use it when I use Avast.

What I’m trying to say is that those times when you’re running with the resident protection disabled are such a “security hole” - that it doesn’t matter if you have the self-defense enabled or not for the rest of the time.

Anyway, I don’t think there’s any plan to add the consent dialog even for killing of AvastUi process at the moment; quite a lot of work with zero benefit.

So you’re saying that because I choose to disable the Avast! completely at times when I’m, say,
playing a local game on my PC and not even connected to the web, that all of sudden I’m so compromised
it doesn’t matter whether I protect the virus program from being killed off by malware when I actually
have it running, say during a new program install?

Well, you’re entitled to your opinion, of course, but I don’t believe that statement.

I described the positive (>0) benefit above when I described how I wanted to exit Avast! cleanly with as few
steps as possible. Lacking that feature adds a step. It’s hard to believe it’s a “lot of work” since it would seem
the same modal code that you already use for service shutdown could be used, but I’ll take your word for it.

+1 ;D