I’m a very satisfied Avast! Free user and have been for a couple of years, using Avast! Free in combination with Comodo Firewall. I only use the Comodo Firewall for… well firewalling, and Avast Free! for antivirus tasks.
A couple of days ago I got an Defence+ alert from the firewall that the file “avast.setup” wanted to access the file “awsRep.dll”, located in :
C:\Programfiles\Alwil Software\Avast5\defs????\aswRep.dll (? = a series of numbers)
I tried to find some info on this file, but to no avail…
I would be grateful to get some info on this file. It seems that avast.setup is creating a new directory for this file (where the “?” are in the above) every now and then, so I wondered if this can have anything to do with updating the database. But i cannot recall seing this alert before, and Comodo Defence+ would have alerted me about this happening before.
I know this file resides within Avast’s own directory, but I think it’s strange that there’s virtually no info on this file on the net.
First, I’m a bit surprised about the alert. The folders you are talking about - are avast! virus definitions. Every virus definition is downloaded and extracted into a new folder; this folder contains a number of files, including about 15 DLLs. The names or numbers of the DLLs may change any time, a virus definition folder created tomorrow might look different that the one created today. Yes, aswRep.dll is new, it was introduced just recently… but does Comodo really keep a list of names of our virus definition files and whitelists them, based on the names? Or have you created a set of rules yourself?
As for the meaning - it’s not directly related to WebRep, at least not the one you have, or don’t have, installed on your machine. The file will soon be providing additional “cloud” features for the scanning engine, for example by giving it access to some statistics gathered from WebRep. (Don’t worry, there won’t be any detection based on whether the particular site is red or green in WebRep, that value won’t be used for anything - but there are other values that actually might be useful as an auxiliary info for some heuristic detections).
Yes, it also means that the avast! service may actually start making some network connections occasionally.
igor, as far as i know Comodo doesn’t whitelist everysthing, but if the main executable that started the actions chain is whitelisted and trusted, it won’t bother with stuff created later on unless they go beyond allowed boundaries (ie try to access off limits resources).
In this case avast! is whitelisted so anything it does should be allowed as well.