Native messaging for Avast Secure Browser com.avast.nativeproxy AvastNM.exe

Hello,

I am wondering about the “Native messaging for Avast Secure Browser.”

I don’t have an extension for messaging, and none of the extensions displayed in secure://extensions/ are of the messaging kind. View attached image below Avast - Browser - Extensions - No Messaging App - 20210706T171000PDT.PNG

The browser’s task manager shows “Extension: Messaging,” but again, I am not aware of any messaging app. View attached image below: Avast - Browser - Task Manager - Extensions - Messaging - 20210706T170700PDT.PNG

The registry shows record HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\NativeMessagingHosts\com.avast.nativeproxy which default, and only one, key has value C:\Program Files (x86)\AVAST Software\Browser\AvastNM.json

The file AvastNM.json contains:

{
"name":"com.avast.nativeproxy",
	"description": "Native messaging for Avast Secure Browser",
	"path": "C:\\Program Files\\AVAST Software\\Avast\\AvastNM.exe",
	"type": "stdio",
	"allowed_origins": [
		"chrome-extension://emhginjpijfggbofeediiojmdlmlkoik/",
		"chrome-extension://lhnnoklckomcfdlknmjaenoodlpfdclc/",
		"chrome-extension://dmfdacibleoapmpfdgonigdfinmekhgp/"
]
}

Where can I find this messaging app?

Thanks

Any pointers about the Native messenger I mentioned above would be great. Here is some additional information:

This are HKEY_LOCAL_MACHINE/SOFTWARE/Avast Software records:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen\Adapters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen\Adapters\{90A3C885-12BB-43D3-8CDE-37A3C6711221}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen\Adapters\{90A3C885-12BB-43D3-8CDE-37A3C6711221}\v2]
"AdaptersTypes"=hex:ba,09,b9,aa

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen\Networks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen\Networks\{9B92A7CA-BF10-4374-8273-96FC5F82BA91}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Anen\Storage\Anen\Networks\{9B92A7CA-BF10-4374-8273-96FC5F82BA91}\v2]
"AdaptersTypes"=hex:ba,09,b9,aa
"geo"=hex:9a,1c,b9,d5,fb,68,84,8b,7d,bf,f0,aa,93,4e,6f,67,d4,0b,a5,c4,85,3e,e0,\
  fa,67,a8,bc,b8,d9,1b,43,68,db,45,aa,96,b2,7d,e8,cd,28,f0,a2,e8,9c,44,1e,78,\
  d6,09,bb,db,e3,72,d5,d6,0a,e0,a0,fb,d0,17,56,2b,95,57,e7,99,e3,29,84,f9,16,\
  dc,ea,d9,e6,3f,01,0b,ad,72,a5,b4,82,5a,8b,8a,77,a5,f0,a9,93,2c,68,09,c3,12,\
  aa,94,a8,67,df,9a,7f,b0,8f,ff,d0,1a,49,38,92,51,e6,d5,ed,31,c5,d7,2b,e6,ae,\
  f4,db,10,58,68,db,1c,c6,98,b3,67,ce,98,04,ff,a2,e8,d7,1d,4d,68,cd,1c,eb,98,\
  af,67,cf,d6,20,fc,b3,d9,d1,1a,49,68,db,1c,c6,b6,e3,3f,84,db,2a,e7,a9,ee,cc,\
  07,0e,70,c3,6b,db,d5,ed,31,c5,d7,30,fc,b3,e8,c7,30,4d,27,84,1c,b2,d5,94,7d,\
  cf,cc,20,f6,e7,c9,ca,1f,58,2f,92,1c,a4,d5,a8,63,84,82,67,a5,f7,b4,8f,49,1c,\
  64,d4,10,ba,c5,f5,31,8a,9a,2c,e1,b7,b8,84,5c,6f,25,99,1e,cb,98,ac,7e,d3,d6,\
  2c,f1,a6,ee,d7,11,42,39,c3,12,aa,9b,a0,67,cf,cc,30,f6,a2,b8,84,4d,1a,64,d1,\
  0f,b9,cf,f8,2a,9f,81,7c,ab,fe,a3,87,47,1b,66,c3,52,e7,99,a6,7a,d2,cd,21,f7,\
  e5,a0,93,4f,1d,7f,cf,0e,bc,c4,f2,3f,84,d7,37,f5,a6,f4,d7,04,4d,3e,88,51,e6,\
  d5,fb,31,e5,d7,3d,b2,84,f5,d3,13,59,24,88,5d,e9,83,a8,7c,c8,cb,67,be,e5,ea,\
  d1,0d,58,2b,8d,7d,e7,93,a4,31,9c,9a,7d,ab,f7,ab,8c,5c,00,68,92,4b,ea,93,a8,\
  65,cf,cb,2c,fd,a9,e9,9c,44,77,68,af,68,aa,aa,ed,31,d2,d1,28,f7,bd,f5,d0,1b,\
  0e,70,c3,7f,e5,92,b3,7a,c5,d9,6a,de,a8,e9,e1,3f,42,2d,84,52,ed,84,e3,6e,8a,\
  9a,31,fb,aa,ff,cd,0a,4d,27,91,1c,b2,c6,f7,21,92,80,77,a6,f6,a2,8c,49,1e,79,\
  d5,06,be,c5,bc,6e,8a,9a,33,b0,fd,ab,c3

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser]
"installer_run_count"="1"
"machine_id"="12990693a24f43f6aa4c4a8f75a7c917"
"machine_date"="20210622"
"machine_timestamp"="1624377963"
"BankMode"=dword:00000001
"InstallTimestamp"="1624378009"
"declined_default"="1624352885"
"ProgramFolder"="C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\"
"ProgramFile"="AvastBrowser.exe"
"ProgramName"="Avast Secure Browser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\aswSP]
"LimitedRegistry"=hex(7):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,00,\
  5c,00,55,00,53,00,45,00,52,00,5c,00,53,00,2d,00,31,00,2d,00,35,00,2d,00,32,\
  00,31,00,2d,00,31,00,33,00,30,00,35,00,30,00,32,00,37,00,39,00,37,00,2d,00,\
  32,00,32,00,31,00,32,00,37,00,32,00,37,00,37,00,33,00,39,00,2d,00,32,00,31,\
  00,37,00,31,00,37,00,36,00,35,00,31,00,36,00,39,00,2d,00,31,00,30,00,30,00,\
  31,00,5c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,41,00,56,\
  00,41,00,53,00,54,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,\
  5c,00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,5c,00,52,00,45,00,47,\
  00,49,00,53,00,54,00,52,00,59,00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,\
  45,00,5c,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,57,00,4f,\
  00,57,00,36,00,34,00,33,00,32,00,4e,00,6f,00,64,00,65,00,5c,00,41,00,56,00,\
  41,00,53,00,54,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,\
  00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,00,00
"LimitedFolders"=hex(7):5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,\
  6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,20,00,28,\
  00,78,00,38,00,36,00,29,00,5c,00,41,00,56,00,41,00,53,00,54,00,20,00,53,00,\
  6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,42,00,72,00,6f,00,77,00,73,\
  00,65,00,72,00,5c,00,00,00,5c,00,3f,00,3f,00,5c,00,43,00,3a,00,5c,00,55,00,\
  73,00,65,00,72,00,73,00,5c,00,4f,00,77,00,6e,00,65,00,72,00,5c,00,41,00,70,\
  00,70,00,44,00,61,00,74,00,61,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,5c,00,\
  41,00,56,00,41,00,53,00,54,00,20,00,53,00,6f,00,66,00,74,00,77,00,61,00,72,\
  00,65,00,5c,00,42,00,72,00,6f,00,77,00,73,00,65,00,72,00,5c,00,00,00,5c,00,\
  3f,00,3f,00,5c,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,44,00,61,00,74,00,61,00,5c,00,41,00,56,00,41,00,53,00,54,00,20,00,53,00,\
  6f,00,66,00,74,00,77,00,61,00,72,00,65,00,5c,00,42,00,72,00,6f,00,77,00,73,\
  00,65,00,72,00,5c,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Extensions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Installed]
@=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\NativeMessagingHosts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\NativeMessagingHosts\com.avast.nativeproxy]
@="C:\\Program Files (x86)\\AVAST Software\\Browser\\AvastNM.json"

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update]
"MachineId"="{12990693-A24F-43F6-AA4C-4A8F75A7C917}"
"MachineIdDate"="20210622"
"MachineIdTimestamp"="1624377963"
"uid"="{F2CA0426-CF8B-417A-87D1-852C2266EA4C}"
"uid-create-date"="20210622"
"uid-create-time"=dword:60d20a6b
"devmode"=dword:00000000
"endpoint"="update.avastbrowser.com"
"hostprefix"=""
"path"="C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\AvastBrowserUpdate.exe"
"UninstallCmdLine"="\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Update\\AvastBrowserUpdate.exe\" /uninstall"
"IsMSIHelperRegistered"=dword:00000001
"LastOSVersion"=hex:1c,01,00,00,0a,00,00,00,00,00,00,00,62,4a,00,00,02,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,03,01,00
"version"="1.8.1065.0"
"LastInstallerResult"=dword:00000000
"LastInstallerError"=dword:00000000
"LastInstallerExtraCode1"=dword:00030001
"LastInstallerSuccessLaunchCmdLine"="\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\AvastBrowser.exe\" --from-installer"
"LastCodeRedCheck"=hex(b):35,2d,b8,b3,11,0c,00,00
"LastStartedAU"=dword:60e69747
"MsiStubRun"=dword:00000000
"LastChecked"=dword:60e66d4b

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\Clients]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\Clients\{6D37C760-8FED-48A5-A4A4-CEC095B2D8DD}]
"pv"="1.8.1065.0"
"name"="Avast Browser Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\Clients\{A8504530-742B-42BC-895D-2BAD6406F698}]
"name"="Avast Secure Browser"
"pv"="91.0.10364.115"

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\Clients\{A8504530-742B-42BC-895D-2BAD6406F698}\Commands]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\Clients\{A8504530-742B-42BC-895D-2BAD6406F698}\Commands\on-os-upgrade]
"CommandLine"="\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\91.0.10364.115\\Installer\\setup.exe\" --on-os-upgrade --system-level --verbose-logging"
"AutoRunOnOSUpgrade"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientState]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientState\{6D37C760-8FED-48A5-A4A4-CEC095B2D8DD}]
"pv"="1.8.1065.0"
"brand"="6302"
"InstallTime"=dword:60d20aac
"DayOfInstall"=dword:00001488
"DayOfLastActivity"=dword:ffffffff
"DayOfLastRollCall"=dword:00001497
"RollCallDayStartSec"=dword:60e64001
"ping_freshness"="{89285818-49BC-492B-BA02-3787FF6E92F3}"
"LastCheckSuccess"=dword:60e66d4b

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientState\{6D37C760-8FED-48A5-A4A4-CEC095B2D8DD}\CurrentState]
"StateValue"=dword:00000010

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientState\{A8504530-742B-42BC-895D-2BAD6406F698}]
"ping_freshness"="{EA6C4FE2-ABEC-47CE-B8E4-D4D1930AD10B}"
"lang"="en-US"
"ap"="mv:91.0.10364.115-x64"
"brand"="6302"
"InstallTime"=dword:60d20abd
"DayOfInstall"=dword:00001488
"DayOfLastActivity"=dword:00001497
"DayOfLastRollCall"=dword:00001497
"InstallerProgress"=dword:00000064
"UninstallString"="C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\91.0.10364.115\\Installer\\setup.exe"
"UninstallArguments"=" --uninstall --system-level"
"DowngradeCleanupCommand"="\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\91.0.10364.115\\Installer\\setup.exe\" --cleanup-for-downgrade-version=$1 --cleanup-for-downgrade-operation=$2 --system-level"
"CleanInstallRequiredForVersionBelow"="85.0.4169.0"
"LastInstallerResult"=dword:00000000
"LastInstallerError"=dword:00000000
"LastInstallerExtraCode1"=dword:00030001
"LastInstallerSuccessLaunchCmdLine"="\"C:\\Program Files (x86)\\AVAST Software\\Browser\\Application\\AvastBrowser.exe\" --from-installer"
"pv"="91.0.10364.115"
"LastCheckSuccess"=dword:60e66d4b
"ActivePingDayStartSec"=dword:60e64001
"RollCallDayStartSec"=dword:60e64001

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientState\{A8504530-742B-42BC-895D-2BAD6406F698}\CurrentState]
"StateValue"=dword:00000010

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientStateMedium]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientStateMedium\{A8504530-742B-42BC-895D-2BAD6406F698}]
"_UpdateTime"="1624378075"
"usagestats"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\ClientStateMedium\{A8504530-742B-42BC-895D-2BAD6406F698}\FirstNotDefault]
"S-1-5-21-130502797-2212727739-2171765169-1001"=hex(b):ae,c0,16,49,f3,23,2f,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\PersistedPings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\proxy]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\UsageStats]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\UsageStats\Daily]
"LastTransmission"=dword:60d20c06

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\UsageStats\Daily\Booleans]
"is_system_install"=hex:01,00,00,00
"worker_is_clickonce_disabled"=hex:00,00,00,00
"worker_is_uac_disabled"=hex:00,00,00,00
"worker_is_windows_installing"=hex:00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\UsageStats\Daily\Counts]
"core_start_crash_handler_succeeded"=hex:1d,00,00,00,00,00,00,00
"core_start_crash_handler_total"=hex:1d,00,00,00,00,00,00,00
"goopdate_main"=hex:4a,01,00,00,00,00,00,00
"goopdate_constructor"=hex:4a,01,00,00,00,00,00,00
"cup_ecdsa_http_failure"=hex:98,00,00,00,00,00,00,00
"cup_ecdsa_total"=hex:bf,00,00,00,00,00,00,00
"worker_update_check_total"=hex:31,00,00,00,00,00,00,00
"cup_ecdsa_trusted"=hex:27,00,00,00,00,00,00,00
"cr_callback_status_other"=hex:0a,00,00,00,00,00,00,00
"cr_callback_total"=hex:0a,00,00,00,00,00,00,00
"cr_process_total"=hex:0a,00,00,00,00,00,00,00
"worker_update_check_succeeded"=hex:1f,00,00,00,00,00,00,00
"core_cr_succeeded"=hex:09,00,00,00,00,00,00,00
"core_cr_total"=hex:09,00,00,00,00,00,00,00
"client_another_update_in_progress"=hex:01,00,00,00,00,00,00,00
"core_worker_succeeded"=hex:01,00,00,00,00,00,00,00
"core_worker_total"=hex:01,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\UsageStats\Daily\Integers]
"omaha_version"=hex:00,00,29,04,08,00,01,00
"windows_major_version"=hex:0a,00,00,00,00,00,00,00
"last_started_au"=hex:47,97,e6,60,00,00,00,00
"worker_shell_version"=hex:00,00,29,04,08,00,01,00
"last_checked"=hex:4b,6d,e6,60,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Browser\Update\UsageStats\Daily\Timings]
"updatecheck_failed_ms"=hex:13,00,00,00,00,00,00,00,b1,14,06,00,00,00,00,00,97,\
  3c,00,00,00,00,00,00,d1,6c,00,00,00,00,00,00
"updatecheck_succeeded_ms"=hex:27,00,00,00,00,00,00,00,6d,81,00,00,00,00,00,00,\
  ba,01,00,00,00,00,00,00,27,24,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Products]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Subscriptions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Avast Software\Subscriptions\ActiveProducts]
"AvConsumer"="13661b72-9fef-4913-b814-74473f23210e"
"AvConsumer_at"=hex(b):c2,86,d3,60,00,00,00,00


The image attached below illustrates Avast’s Task Manager with the “Extension: Messaging” highlighted, and in the background is process explorer with the properties of the process (in this case PID 10200). The process’ command line appears as “C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe” --type=renderer --field-trial-handle=1652,4110534526320858791,12645569881604774087,131072 --lang=en-US --extension-process --origin-trial-disabled-features=SecurePaymentConfirmation --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1"

I think the working directory for the process is "C:\Program Files (x86)\AVAST Software\Browser\Application\91.0.10364.115"

It’s not a “user messaging” application, if that’s what you assume.
It’s just a way to communicate with other Avast modules.