Update Problems...again!

Have been getting the pop that a new version is available. I’m currrently running Build: Mar 2005 [4.6.603] and my virus database is current as of today (That’s not causing any problme updating).

I’m running XP Pro+SP2 berhind an Origo ASR-84500 router

Tried the program update but get following problem.

Get request from Sygate to allow access for the update. I click YES and the following message window shows.

Downloading file: servers.def.stamp

Connection terminated, retrying

avast! antivirus Update (avast.setup) is trying to connect to download3.avast.com (67.15.62.22) using remote port 80 (HTTP-World

Wide Web) You want to allow this program to access the network?

The download number at avast.com varies each time, but this time was download3

Note: This application was launched by avast! service GUI component (ashDisp.exe)

If I click cancel the program is still trying to connect because Sygate keeps prompting for access for a time.

I can’t find an entry in Sygate for avast.setup but do have entries for the following.

avast! antivirus service–{C:\Program Files\Awil Software\Avast4\ashServ.exe]
avast! service GUI component–[C:..\ashDisp.exe]

This is the report from Sygate.

Parent Process : C:\Program Files\Alwil Software\Avast4\ashDisp.exe
Parent Version : 4.6.585.0
Parent Description : avast! service GUI component
Parent Process ID : 0x4B8 (Heximal) 1208 (Decimal)

File Version : 4.5.0.0
File Description : avast! antivirus Update (avast.setup)
File Path : C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
Process ID : 0xB68 (Heximal) 2920 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 10.0.0.14
Local Port : 1210
Remote Name : download3.avast.com
Remote Address : 67.15.62.22
Remote Port : 80 (HTTP - World Wide Web)

Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00-09-f3-01-26-ef
Source: 00-dd-10-00-8a-69
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1… = Don’t fragment: Set
…0. = More fragments: Not set
Fragment offset:0
Time to live: 64
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0x6909 (Correct)
Source: 10.0.0.14
Destination: 67.15.62.22
Transmission Control Protocol (TCP)
Source port: 1210
Destination port: 80
Sequence number: 3008023239
Acknowledgment number: 0
Header length: 28
Flags:
0… … = Congestion Window Reduce (CWR): Not set
.0… … = ECN-Echo: Not set
…0. … = Urgent: Not set
…0 … = Acknowledgment: Not set
… 0… = Push: Not set
… .0… = Reset: Not set
… …1. = Syn: Set
… …0 = Fin: Not set
Checksum: 0xd074 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 09 F3 01 26 EF 00 DD : 10 00 8A 69 08 00 45 00 | …&…i…E.
0010: 00 30 A6 2C 40 00 40 06 : 09 69 0A 00 00 0E 43 0F | .0.,@.@…i…C.
0020: 3E 16 04 BA 00 50 B3 4A : CA C7 00 00 00 00 70 02 | >…P.J…p.
0030: FF FF 74 D0 00 00 02 04 : 05 B4 01 01 04 02 01 00 | …t…
0040: 00 C3 C8 04 7B FC 4B 10 : A9 F8 B2 6A | …{.K…j

I had a similar problem with the previous update, see my post

http://forum.avast.com/index.php?topic=11500.msg97418#msg97418

I have downloaded the full updated package but I’m a bit loathe to try an install without knowing what the problem might be. Also, the update seems quite minor so doesn’t seem urgent.

Also, it’s worrying if this is going to happen everytime I try to update and a great pity as this apart I really like the program.

You must allow

C:\Program Files\Alwil Software\Avast4\Setup\avast.setup

to have access in sygate.

When u click on update sygate should ask you to allow avast.setup, click yes and tick remember .

avast.setup is not a permanent file, it is created just before the update and is removed afterwards.

I would however, read the threads about sygate and web shield (a new provider), as when you update to the latest version it can expose a flaw in sygate’s localhost monitoring.

See these first:
http://forum.avast.com/index.php?topic=12222.0
http://forum.avast.com/index.php?topic=12123.0

Into the firewall settings, the following programs should be allowed to connect:

ashWebSv.exe
ashMaiSv.exe
ashUpdSv.exe
avast.setup

Thanks for the replies.

I have checked Sygate and the following permissions are granted:

avast! antivirus service ashServ.exe
avast! e-Mail Scanner Service ashMaiSv.exe
avast! Log Viewer ashLogV.exe
avast! service GUI component ashDisp.exe
avast! Web Scanner ashWebSv.exe

I have followed the links given and have to confess that much of what’s written is a bit over my head. I like to have things simple, the less I need to get involved tweaking the better I like it and the less likely I am to inadvertently create problems. However, I have blanked port 80 redirect in Web Shield and temporarily disabled Web Shield whilst I try and update.

Neither of these worked as Sygate Pro still asked permission (using port 80) and the update connection timed out just as before.

From reading the links it seems this is an ongoing issue between the way Sygate works and avast! that doesn’t look likely to be resolved.

That being the case it seems I am left with the options of changing my firewall to perhaps Outpost or Kerio or going to another anti-virus program that will/might work OK with Sygate.

Not keen on either option to be honest. Apart from the avast! program updating Sygate does everything I want and I’m a great fan of avast!

As I said earlier I have downloaded the latest full version of avast! so my question is, would I have to uninstall the current version to run the updated version and would there still be any issues with Sygate when doing the update or afterwards?

Would it be possible,if not already done, to provide an link to the program update on the web site rather than needing the whole thing. I’ve looked at http://www.avast.com/eng/updates.html and it talks about updating VPS etc. Is this the program update?

Thanks

I think ashLogV.exe (avast! Log Viewer) and ashDisp.exe (avast! service GUI component: the ‘icon’) should not ask for connection ::slight_smile:
For me, they never asked…

They must have asked at some stage for them to be logged in Sygate applications.

The avast! Service GUI is included in the note, see my orginal post, when avast.setup tries to update the program. At no other times do either get flagged.

Clicking YES on the update doesn’t stop Sygate repeating it’s request for permission for avast.setup to access the Net until I cancel.

Can you help with the other questions regarding updating?

Thanks

I used Sygate about six months…
I can try to help but I’m not an expert on Sygate.
It has its own forum and could be better asking there.
For me, answering ‘yes’ on the update access requesting stop immediatly the Sygate requests for permission (to avast.setup to access the Internet). I have never had this problem. My trouble with Sygate is a well known bug/problem with local proxy appications.

You’ve said:

Can you help with the other questions regarding updating?

Can you rephrase them again, one by one… let’s try :wink:

As I said earlier I have downloaded the latest full version of avast! so my question is, would I have to uninstall the current version to run the updated version and would there still be any issues with Sygate when doing the update or afterwards?

Would it be possible,if not already done, to provide an link to the program update on the web site rather than needing the whole thing. I’ve looked at http://www.avast.com/eng/updates.html and it talks about updating VPS etc. Is this the program update?

In short, is there a work around I can use to manually update the program without always having to download/install the latest full version and pssible uninstalling the one I am currently using?

Have found in past that posting a question on the Sygate forum can be a bit hit and miss as to whether you get a helpful answer (unlike yourselves) but I will take a look again and see is there is anything there about avast! issues.

You say you used Sygate for six months so I assume you aren’t using it now in which case what firewall are you using?

In Short, no. - Even by manually updating you will be download the latest current version. If you chose to stick with a particular version then you can only update the virus pattern file. Ther will come a time when a) Windows Security Center may say your program is out of date or b) avast makes some form of program update that doesn’t work with the existing virus pattern file.

This is not like windows, where you can stick with win98 and get updates for that version, untill support for win98 dries up (like it has), you will then be left unsupported. Or if you chose not to install XP SP2, MS have now decided to force users to update after April 12th, the changes in SP2 are generally to increase protection, the same is true of the 4.6.623 version of avast.

Outpost firewall free.
Latest versions of ZA do not work well in my system. But I think ZA is better than the free of Outpost.
About update, David answered.

Thanks for all the replies.

Spent time yesterday browsing the numerous topics on the Sygate forum relating to issues between avast! & Sygate.

Tried a couple of “fixes” but they didn’t work. I then came across a topic suggesting stopping the Anti-Application Hijacking option has worked for some people.

Tried this and lo and behold the update went off a treat!

Quickly re-enabled the option in Sygate to ensure I wasn’t vulnerable.

By looking at the topics it does seem that because the avast.setup file is only created for the update, and then removed, Sygate doesn’t recognise it and blocks the update under the Anti-Application Hijacking protection.

Have kept a note of the topic for future reference.

Interesting, hadn’t been aware of that. I have many friends who haven’t updated to SP2, think a couple haven’t even bothered with SP1.

Have you a link where I can read up and perhaps even point them to?

Thanks

I do have avast.setup to have an application rule and ‘allow’ it as only client to connect to internet.
See the attached pic. As I replied you in Sygate forum Chris, I would not disable any usefull Sygate features like antiapplication hijacking, just to get the automatic VPS updates work.

I used Sygate for about 6 months. I have never have to disable any feature to get automatic updates… They worked like a charm for me…

Thanks for the reply and apologies for not responding to your Sygate forum post…

It’s not the VPS (!AVS Update) updates that are the problem, these work fine and completely in the background. It’s only when the program itself needs to be
updated that it becomes an issue.

As said, I only disabled the Anti-Application Hijacking to test the automatic program updating and once that completed OK I reinstated it. I certainly wouldn’t run without it.

Does your advanced rule work for the program updates as well as the VPS updates?

Thanks, but again I refer to the fact that it’s only program updates that cause a problem, not the VPS updates, and this seems quite common from reading various posts on the Sygate forum.

While updating avast the file C:\Program Files\Alwil Software\Avast4\Setup\Setup.ovr changes to C:\Program Files\Alwil Software\Avast4\Setup\avast.setup in order to reach the website. So, if this information is useful, the ‘problem’ is how your firewall understand the transformation of this file and the connection of avast.setup. When a program updates ‘really’ exists, the avast.setup file changes and the firewall asks for a ‘new/updated’ connection.

That pic was just a normal Application rule window. I don’t have any advanced rules for Avast. Though I did just go with the right click to ‘Updating → Program Update’. And, there was no new program update, but it downloaded new VPS definitions with the same click.

This is by design:
Program update = program + virus database
VPS update = only virus database

There have been a number of articles in the on-line media, I don’t have a direct reference although some of the e-newsletters I get have covered it. A google search for say Windows XP SP2 April 12 update may return some info.

If you switch of the auto update function (which these people who don’t even have SP1 won’t know of) and only do manual update, it will be possible to get round this. But as time goes on the only updates will be related to those using SP2, so your/their system is going to get more and more out of date and vulnerable. The main reason for this vulnerability is as MS announces a patch, it seems to wake up the script kiddies to try and exploit the vulnerability before people update.