With the latest version of Avast, if I block the inbound and outbound connections with the Vista embeded firewall (advanced mode) and allow all the Avast services/files to pass through (in+out), strangely, Avast will not be able to make updates with downloadxx.avast.com. If I remember well, the logs said to check the ie settings (wich were untouched). I’m using the retail version of Vista so is there something I can do
to make the updates work correctly? Is this a bug or something?
there is no service for avast.setup which requires internet access to be able to be able to update. Ensure it isn’t blocked by the Vista firewall.
The avast.setup isn’t a permanent file but one that is created at the time of update and once the update is complete it is deleted. It would be in this folder when created, C:\Program Files\Alwil Software\Avast4\Setup\avast.setup, assuming you installed avast in the default location, you could try adding that path.
Windows Vista firewall (advanced security mode) can’t allow rules with .setup file extention (so I can’t add the path) but only .exe so I uninstalled Avast, reinstalled (with default firewall settings- blocking inbound packets) and the updates were ok but once I block incoming and outgoing connections and allow all the Avast .exe files/services via rules (in+out), I get the message: “Last encountered error: Cannot connect to downloadxx.avast.com (xxx.xxx.xxx.xxx:80)”. Everything is fine except the updates.
Disable the outbound protection of the vista firewall. If you really want outbound protection invest in a good third party firewall. Most are more configurable than the built in one and some have free versions
Vista firewall isn’t that bad so I hope that in a near futur, Avast programmers will make it usable for users/admins who want to stick with Vista firewall and block in+out connections.
Someone have a good non-beta third party firewall to suggest?
Mac is right to say you should seriously consider a third party firewall, the Vista firewall was never going to give the kind of flexibility, configurability or protection of a full blown software firewall. If it did the firewall manufactures would be screaming blue murder and instructing their legal eagles to issue anti-trust/competitive suits about monopoly position, etc.
For me a firewall that ‘isn’t that bad’ ‘isn’t going to be good enough’ certainly not for me, vista or otherwise. I mean it should be a basic option that Vista’s outbound protection at the very least ask permission for a process to connect. If you make an error in your decision you should at least be able to correct it and either allow connection or delete the entry for the blocked process, which would force it to ask again.
avast isn’t doing that much different to other update processes and a firewall should be flexible enough to cater for multiple configurations for individual files accessing the internet.
Hi,
I don’t have find your avast.setup on XP and vista !
But you can allow avast update with :
VisthUpd.exe
see U
PS: see my topic :
http://forum.avast.com/index.php?topic=27102.0
avast.setup is a temporary file created by setup.ovr file on the \setup folder.
It’s used to update avast.
For those interested and running Vista FW with OB access blocked, just to confirm - these Avast settings work correctly. After getting these to work you can “tighten” the actual ports used.
BTW - you can add avast.setup as an exception - just specify . in the files dialog box when looking for it.
Rule1: IE OutBound - general IE access.
Rule2: Avast Web Shield - ashWebSv.exe
Rule3: Avast Mail Scanner - ashMailSv.exe - haven’t actually tried this yet.
Rule4: Avast.Setup
After adding the rules - reboot - keeps things simple.
Seems to me Avast will need to be “re-engineered” at some point - the idea of allowing access to a “temp” file is a tad questionnable - although it works.
BTW - you can also get Windows Updates working by adding an exception for svchost - again - you may need to “tighten” the ports afterwards - the firewall runs under svchost. There may be security implications by doing this - haven’t had the time to look into that yet.
Cheers, r
I think they won’t change this… the temporary file has its own meanings… although they never published them (maybe for commercial/security reasons).
If you are looking for alternative Comodo Firewall is a firewall that many people seem happy with, the only bad news is that right now its not compatible with Vista but if you wait about 21 weeks it will be ready.
Please note that Comdo firewall is freee and is the only known antivirus to have passed all known leaktests.
Al968
Possibly - if they don’t change it they definetly need to officially document it
Correction on my previous post “the firewall runs under svchost” should obviously have been “Windows Update runs under svchost”.
I’ve read the various “slaggings” about MSs two-way FW in Vista and I only actually have one real complaint with it -which is more geared around the fact they probably just didn’t have time to implement it within the Vista release timeframe.
The FW (as in XP/SP2) prompts when InBound access is required by Apps/Progs and gives you some idea as to
what that App is.
For OB access - it doesn’t give you a darned thing - only the blocks in the FW logs give you any indication where to start.
Users will have no choice but to consult documentation for the Apps in question - which is exactly what MS want - i.e. that’s nothing to do with us.
I can imagine some Corps having monumental issues with this and there will be ALOT of work required to keep existing Infrastructures up and running.
That said, the FW does what it is documented to do - it just needs more development to be up to competing with third party firewalls etc… which is more than a few years away yet.
r
What do you mean? This is a well-known update behavior, there is nothing ‘hidden’ here.
You are of course correct.
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=25
My bad…
r
My bad…
No need to be sorry. By the way, thanks for posting that link.
Maybe it will be useful to this user: http://forum.avast.com/index.php?topic=27338.msg222781#msg222781
yeah, i just ran into this Windows Advanced Firewall issue, Avast won’t update itself… tried to add everything i could as an outbound exception but no go…
has this been fixed yet? i see no reason why Avast can’t work with Vista/Windows 7 native firewall (considering its a very decent firewall)
i see no reason why Avast can’t work with Vista/Windows 7 native firewall (considering its a very decent firewall)
Neither do we… avast works perfectly with Windows Vista firewall… maybe you mess any configuration (Advanced) and you’re experiencing trouble. Can you update with Windows firewall off (disabled)?
yes, it updates fine when ‘outbound’ connections allowed (turned off), if i block all outbound connections but add all the exceptions i’ve seen on the boards it still doesn’t work, parts of avasts update exes seem to freeze in task manager, until they timeout…
where is a list of exceptions i need to add to advanced firewall outbound protection? in order to get things to work properly, i saw somewhere that there are issues with avast.setup file and how its temporary being one cause of this type of issue, saw that when looking at a thread on the Vista Firewall Control app
help!
Into the firewall settings, the following programs should be allowed to connect:
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.
Don’t need rights to connect:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service). Although, ashServ.exe sends ping packets to find out if the Internet connection is alive. You can turn this off by checking the “My computer is permanently connected to the Internet” box in the avast Program Settings > Update (Connections) page.
i’ve added the following, no luck… when firewall with outbound protection is on (changed from allow to block) … avast.setup and VisthUpd.exe hang in the task manager for awhile, then disappear, and not checking for an update
when outbound protection is changed from blocked to allow, all is fine… checking for update takes a second
any other ideas?
Vista Ultimate SP1 32bit
note, firewall functions just fine, every other program i’ve added from Media Player, IE to IM apps work just fine when rules are added for their respective components, i even have Windows Update working with outbound protection (block) on and i have no other protection software running atm other than Avast
i notice this in the log viewer
setifaceupdatepackages () has failed return code is 0x20000004.
dialog box returns failure connecting to server and hangs there retrying…