Trial Site Deployment Questions

Hi all,

We’re a 400 student high school with all Mac clients. We do however, have a handful of Windows apps that only a few people need to run for state reporting, accounting and fundraising. Rather that deal with Bootcamp or Parallels, I’ve deployed a Dell rack-mount server running Win 2003 server and Terminal Services. Our users that need to run Windows apps simply connect using the Macintosh version of Microsoft’s Remote Desktop Connection (RDC). Since there are only a handful of people that need this I’ve just created local accounts and have bypassed Active Directory. All has been working fine and it’s a very clean solution for keeping things simple.

I have been concerned about security and protection for this Dell Server so I’ve installed the trial version of Avast Server Edition. Pretty straightforward so far but I haven’t been able to find any documentation on the Avast Web Site for this version. So I’ve got a couple of questions that I’m hoping you experts can help me with.

  1. During the initial configuration of Avast I have the option of setting up the installation as a stand-alone server or to support Terminal Services. I set it up for Terminal Services (TS) compatibility but when my Mac clients log-in, they see the Avast Blue Balls in their system tray. And it looks like they can configure the services or do whatever they want. I don’t really want these TS users to have any access to Avast. Is it really necessary to configure Avast to support Terminal Services when the only true Window’s machine in my network is the server itself? If Avast must be configured to support Terminal Services, how do I prevent the Blue Balls from showing in my user’s trays?

  2. The only other things I’m concerned about are either someone bringing in an infected PC laptop with a worm or Virus that might target our Dell Server, or a valid TS user running IE during a session and picking up some malware or worse. So to this end I have configured Avast services to run Network Shield, Script Blocking, Standard Shield and Web Shield. Does this sound about right? Are these all necessary given my concerns. I don’t have anything else going on with the Dell…no Exchange, no AD, etc. I’m not worried about peer-to-peer stuff as these users aren’t students and wouldn’t know how to IM to save their lives :-))

Thanks in advance,

Dan

Hi Dan, and welcome to the avast forums. Please see my answers below.

1. During the initial configuration of Avast I have the option of setting up the installation as a stand-alone server or to support Terminal Services. I set it up for Terminal Services (TS) compatibility but when my Mac clients log-in, they see the Avast Blue Balls in their system tray. And it looks like they can configure the services or do whatever they want. I don't really want these TS users to have any access to Avast. Is it really necessary to configure Avast to support Terminal Services when the only true Window's machine in my network is the server itself? If Avast must be configured to support Terminal Services, how do I prevent the Blue Balls from showing in my user's trays?

There are basically two options here: either have the tray icon settings protected by a password (that’s the recommended way) or have the tray icon disappear completely. To do the former, simply right-click the avast tray icon and select Set Password. To do the latter, open the file \data\avast4.ini and add the following line to the [Common] section:

HideResidentGui=1

For the changes to become effective, you can either restart the server, or kill the process ashDisp.exe and restart it from the avast folder (simply double-click it in Explorer).

2. The only other things I'm concerned about are either someone bringing in an infected PC laptop with a worm or Virus that might target our Dell Server, or a valid TS user running IE during a session and picking up some malware or worse. So to this end I have configured Avast services to run Network Shield, Script Blocking, Standard Shield and Web Shield. Does this sound about right? Are these all necessary given my concerns. I don't have anything else going on with the Dell....no Exchange, no AD, etc. I'm not worried about peer-to-peer stuff as these users aren't students and wouldn't know how to IM to save their lives :-))

That should be fine, and should the server clean. In fact, only Standard Shield + Network Shield are needed. The remaining two will only provide extra protection (will potentially catch the malware sooner) but are not absolutely necessary.

Thanks
Vlk

Thanks Vic!

I have logged in to the main local admin account on the server, right-clicked the Avast tray icon and set the password. I have then restarted the server. It doesn’t appear to have any effect. For example, when I sign back on as admin, or log in through terminal services as a regular user, I can still pause and kill resident Avast processes and it never asks me for a password before it does so.

Maybe I’m missing something here?

Thanks again…

Dan

You mean you can kill them from the tray icon GUI - or using other tools, such as the Task Manager?

Vic,

If I go into the advanced user interface, it asks me for a password before I can make any changes. The Java based simple user interface only asks for a password when I click on the “Resident Scanner” button. The tray icon that brings up the “On-Access” scanner window doesn’t ask for passwords at all. The administrator or any logged on TS user can stop, start and kill tasks at will.

I did a search for “password” in the archives of the Server Edition forum and found this post. It doesn’t exactly describe my situation but this guy is using Terminal Services so maybe this is a clue.

“I have Avast server on a terminal server and I had it password protected so users couldn’t change any settings. recently i updated the avast program to 4.6.566 and rebooted and now my program settings and protection control panel are wide open (no prompt for password). I’ve verified that the password is correct (I get prompted for it when I try to open the virus chest or set the scanner sensitivity), but not where I used to get prompted for before the upgrade.”

Also just to be thorough, I’ve uninstalled Avast with the uninstaller utility, and reinstalled it but the symptoms remain. I’ll be happy to do some further testing if I can help you out.

Best,

Dan