We are evaluating the avast ADNM and the avast netclient edition.
We have one AMS, and about 20 clients.
At first sight the installation works OK, the deployment works, the updating of the VPS works, tasks created on the AMS run OK on the clients, but only one important thing doesn’t work:
The policies set in the ‘computer catalog’ are not replicated to the clients.
We changed the following policies:
administrator pasword
enabled the on access user interface
enabled the enchanched user interface
Changes have been made directly in computer catalog → properties → policies avast antivirus, and are not set (not overwritten) in the subcatalog of the domain
Pop interval is still at the default 600 seconds. No sign in any error in any log file (concerning this)
Strange thing, as mentioned, the update of the VPS works ok!
Any ideas?
Also I have noticed that the following things don’t work (but are less important)
the uninstallation task remains in the ‘waiting’ phase forever when run on any pc (from the ADNM), the uninstallation does not start. Uninstalling at the client from config panel → software works ok
when disabeling the default ‘discovery task’ in the scheduler it still runs (looks like the disabled option is ignored)
Also, it whould be great be able to create a task than just runs some script (to enter a command direclty for the tast).
This would alow to create a task chain as
gotta think more about your first problem, so no answer atm on that…
the waiting state is a “feature” not a problem/bug… since the client gets uninstalled it cannot report its status anymore to the ADNM server. This means that it cant tell the server that the uninstall is finished…
task chaining is build in the system, you can create several tasks that when task 1 is finished, task 2 will run and so on…
running custom scripts is not in the scope of this management tool and should not be a goal either, since it has nothing to do with the product and creates a security risk since the tool has to run have to run in elevated privileges meaning that when a infection occurs it can abuse this to infect the whole network in a few seconds…
you should run such scripts at logon and reboot then do the discovery and installation
next to that uninstalling an AV usually involves using an extra tool to clean up the remaining crap from the av product (avast included!)
if you script an uninstall without that tool then other problems will arise in a later stadium causing more trouble… so you have to run that
tool in the script too
the discovery task still running when you disable it, i will test that today
edit: i disabled the task, but changed the time several times so it would run but it didnt… you sure you disabled the task (never hurts to double check ;))
remove the task and create a new task (write down the settings from the current task)
I will check again for the discovery task.
I disabled it again now, and see monday if it has been running or not
Concerning the uninstall task, I agree that it is difficult to get the ‘done’ in the status, but that is not the problem. The problem is that the uninstall never starts!
After (trying to) starting the uninstall from admn, and waiting for a couple of hours, avast netclient is still running on the client pc, and the status remains on ‘waiting’. Normaly it should go from ‘waiting’ to ‘processing’, and if lucky to ‘done’
Concerning the custom tasks. The idea was to run msiexec with the uninstall option on the original msi file. This will do a clean unintall, so this is not the problem. The only thing is that now, I have to go from computer to computer to do this to be sure it is uninstalled before avast is installed. But, this can become a security issue too, but admn (and its settings) are password protected?
my bad, i missread the not starting of the uninstall job, seems like not everything i getting synced really, check the event viewers inside the avast client on the clients itself if there is anything notified
well actually the point that i tried to make with the ADNM tool is that it is not meant to do application “deployment management” for anything other the the avast product… that is beyond its purpose
so you have to either walk by the computers like you said or figure out another automated way to do it, possibly by loginscript with the old av cleaningtool with commandline options or run it from another deployment management tool (system center configuration manager, altiris something like that)…
You can protect the avast clients with Passwords yes
The adnm is standard running on a password protection
As mentioned in the first post, the main problem is the replication of the policies. The other stuff is not that important. Any ideas on this?
There is nothing in the log related to this. Only ‘user logged on’ ‘logged of’ ‘updated vps’ etc…
Checked the server log, and the discovery task didn’t run now. Seems like this problem is gone…
Also the problem of the uninstall task seems only to happen on some computers. On other computers it runs fine. No big problem for me.
The only main thing is the replication of policies. Any ideas about this?
How does it work? Does the server contact the client or is it the other way? On wich port? TCP / UDP?
If I know this, I can monitor the network communication and might discover the problem
Tested everything I can, but still no luck.
I have seen that when the ‘apply to’ option is used, the server contacts the client on port 16109. I can see this communication in a network monitor. There is no problem with firewalls or something like that for sure. Also, when using the ‘apply to’ option in adnm, I can see that the timestamp of avast4.ini in the data folder is updated, but the contents of the file remains the same! (not the options set at the server)
Also I noticed then the client connects to the server on 16111. This is normal I think, but it connects about once in a minute? Is this a normal rate? Every time this happens, the timestamp of the avast4.ini is changed, but the contents not! This looks to me like the changes are detected, but the actual update fails, and it remains trying forever?
I updated to the latest admn version, but no sollution