I got the following error when doing a upgrade from 4.8.1195 to 4.8.1201 in windows vista home edition 32bit sp1 :
"“avast on acces scanner message : Write access to registry key \registry\machine\system\controlset001\services\aswmonfit denied.”
I tried doing a “repair” of avast, and I got the same message.
I disabled avast self-defence, and I do not get the message doing a repair…
why is this happening? will I have a corrupt avast installation if I get this aswmonfit error message and dont disable self defence before upgrading?
I dont get this message on any of my XP sp3 pcs.
I’m no Avast expert, but I believe “write access” errors in general are caused by trying to write to the registry while an application is still open. So the underlying process needs to be closed and then the changes will be permitted.
If it is that, then once you have succeeded (the process has been closed permitting the change) it should not result in a corrupt installation. But if you have doubts or notice any peculiar behavior, you can always err on the safe side and uninstall (I’d be sure the application and ALL its processes are closed before the uninstall) and then reinstall.
Hopefully, someone from Avast will be able to confirm if this general advice holds true for Avast.
I’ve tested right now and I get the warning while repairing but the final message is that the product was repaired successfully, i.e., it worked. I’m using Vista Business 32bits.
This is the avast self-defence module at work where it doesn’t allow programs to access the avast registry entries with write permission, so these messages are informative and not errors as such, but confusing none the less.
Repair won’t harm, that is the whole point to rectify any problem and you are after al reporting a problem. Though I don’t believe this problem is one that is within the scope of the repair function.
Try a reboot and see if it happens again, if not no problem, if it does happen again then more investigation is required.
Check the C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log (self defence) using notepad as that file contains information about these entries. It should also report which program it is that is accessing the registry entries with write permission. So post what program is responsible for the write access that the self-defence module is notifying you about.
Interesting as these two windows system files (services.exe and rundll32.exe) may have been at work during an update to XP SP3 (I assume you have XP not Vista?) but I have no idea why they would need to open the avast services with write permissions.
Yes, it may well be checking what services might be running during the update (XP SP3 or Vista SP1) and it may just be it has write permission in case it has to make any modification in other services it is checking.
So hopefully this information may be of help to the avast developers and that one of them picks up on it.
I believe the issue is the same if you have Vista SP1 or XP SP3, what I don’t know is if this is just a one off after the first update or if it happens on every boot, etc. ?
I don’t think it is a problem as these are notifications as opposed to errors reported by avast.
The problem was that there were more of these notices from other programs and XP SP3. That was one of the things in the avast update that was tweaked and most of these notifications weren’t displayed. Currently this doesn’t seem to have stopped the notifications relating to Vista SP1, but it does seem to have stopped them with XP SP3.
It entirely depends on if you rebooted after the initial install/update as that is what changes the registry and adds the reboot.txt file. A program update requires a reboot for the effective completion of the program update.
I am getting this message every single time I do an AVAST! Update now… Vista SP1 totally updated except for latest Silverlight Package. I checked the logfile DavdR specified. There are a TON of entries. These are just the ones from today’s update attempt. Do I have a virus or other problem?
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\system32\services.exe]
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [PID 2892]
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances denied. [PID 2892]
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances\aswMonFlt Instance denied. [PID 2892]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\system32\services.exe]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\System32\rundll32.exe]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances denied. [C:\Windows\System32\rundll32.exe]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances\aswMonFlt Instance denied. [C:\Windows\System32\rundll32.exe]
Here is what I get when I try to run update again immediately after…
Information about current update:
Total time: 7 s
Program: Already up to date
(current version 4.8.1201)
Vps: Already up to date
(current version 080520-1)
These are informational messages only and there is no action you can take on them.
These messages are recording the fact those processes attempted to open registry keys belonging to avast with permission to write to them (this generally indicates poor code writing) and this represents almost all of these messages for all avast users. The avast protection module has prevented the function from having write access to the avast registry keys. However, these messages could provide evidence of a piece of malicious code trying to interfere with the functions of avast.
It is an unfortunate fact the avast self protection feature, while needed and a valuable development of avast is scaring some users in an unnecessary way.
I am sure that the avast team will do their best to reduce the alarm - especially since these are essentially “false positives”. From my own experience with WinXP they have been very successful … seems they still have some work to do with Vista.
This is no false positive, and has anything to do with any kind of malware. If you read carefully the logs, you can see that the Avast Update program itself was the one causing the messages. The update program fails to write the registry. I have started another thread about this behaviour before this one was started (not that this matters), and still I’m waiting for an answer other than “don’t worry about it, it’s probably nothing”. Well, is it “nothing” or not?
If anyone would like to take a look (even though till now they didn’t answer either, as in this thread):