I’m evaluating Avast! and I’m very happy - but there is one error that is being logged a LOT.
I’m etting an access denied error (or what appears to be one) any time files are scanned in real time over the network. It seems to be happening to 2 machines in particular. Both are windows vista one is x64 the other is 32bit. I have another vista x64 machine where this does not seem to be happening. Before I throw too many red herrings into the mix my question is this: Is there a way to (other than Win2003 group policy) force the avast service(s) to run as a special user? Can I do this from the Central Admin console?
Here is an example of an error message:
3/15/2007 3:41:33 PM SYSTEM 1812 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of \SERVER123\sites_dev\client\engine\checkout_process.asp failed, 00000005.
Are you talking about avast! Home/Professional, or rather managed clients?
Anyway, I may be wrong (Vlk would know for sure), but I think that the scanner actually impersonates the user who’s making the file access. So, if the logged-on user can access the network file, the scanner should be able to do the same.
Maybe some more info about the access would help… what server is that? Is it accessed by \servername, or rather a mapped drive?
Sorry - I’m talking about the professional version. I’m managing a handful of workstations centrally with the ADNM.
The errors are generated by accessing files over a mapped drive, but it seems the avast log data resolves the mapped drive to “\server1234\share-name\dir\file.ext” as opposed to “x:\dir\file.ext”
I thought I had read here in the forum that it uses the local system account which does not have access to the shares (unlike the user’s account). I was hoping there was a way to use different credentials for the service configurable via the ADNM.
I thought I had read here in the forum that it uses the local system account which does not have access to the shares (unlike the user's account). I was hoping there was a way to use different credentials for the service configurable via the ADNM.
You’re right that the avast service runs under the LocalSystem account, and that this account (per se) does not have any network access. However, as Igor correctly pointed out, we actually try to impersonate the original requestor of the file I/O. That is, if user A tries to open a remote file, the request gets relayed to our (LocalSystem) service which in turn attempts to “impersonate” (i.e. assume the identity of) user A when accessing the file. This works in most cases but it’s true that there are situations where this is not possible.
It would be useful to find out more about the way the particular checkout_process.asp file is accessed. Or are you seeing the same errors for (many) other files as well?
Indeed, one solution would be to change the log on details of the avast service (to a named account which has admin rights on the local machine AND at least read access to the network resources), however, this cannot be done remotely from ADNM.
It’s any file over the network: asp, vbs, doc, etc.
It seems to be a vista issue. I’m running x64 with User Access Control enabled and another vista machine is running 32bit without UAC. Both are seeing an error any time Avast tries to scan a file that is access by the user over UNC.
I will configure my machine to us a domain admin account. I’ll set one up for Avast and see if that helps. I’ll post back, but let me know if you have any ideas in the interim.
That did it. No errors now from my own machine. We don’t have so many systems here that I can’t configure them - worst case I can create a GPO to assist I suppose.
I’m assuming Avast is actually trying to scan the network file BEFORE I actually open it (say a *.doc file for example) and because it doesn’t have rights that is why it is failing right? I’m assuming if it waited to scan it until it “got” to my PC then it would be too late… correct?
Well I spoke too soon. I’m seeing other access denied errors. I see some on temp files such as “~filename.doc” which I’m sure are fine as they are probably locked and the actual file “filename.doc” was scanned anyway. But I am seeing simple asp ascii files getting errors. I’m opening these files in a simple script editor (Homesite).
I have not tried the beta. I certainly can. I’m assuming I can just try this on my PC without rolling it out to the other PCs right?