"write access to registry" denied during upgrade

I got the following error when doing a upgrade from 4.8.1195 to 4.8.1201 in windows vista home edition 32bit sp1 :

"“avast on acces scanner message : Write access to registry key \registry\machine\system\controlset001\services\aswmonfit denied.”

I tried doing a “repair” of avast, and I got the same message.

I disabled avast self-defence, and I do not get the message doing a repair…

why is this happening? will I have a corrupt avast installation if I get this aswmonfit error message and dont disable self defence before upgrading?
I dont get this message on any of my XP sp3 pcs.

I’m no Avast expert, but I believe “write access” errors in general are caused by trying to write to the registry while an application is still open. So the underlying process needs to be closed and then the changes will be permitted.

If it is that, then once you have succeeded (the process has been closed permitting the change) it should not result in a corrupt installation. But if you have doubts or notice any peculiar behavior, you can always err on the safe side and uninstall (I’d be sure the application and ALL its processes are closed before the uninstall) and then reinstall.

Hopefully, someone from Avast will be able to confirm if this general advice holds true for Avast.

I got the same error, (with XP SP3, when 1195 was installed and I rebooted).

There’s 2 other posts here about it.

After I installed 1201 (I uninstalled 1195, and used the uninstall tool, that error / message didnt appear again).

So your prob is / was similar to mine, but the other way round

I had this on Vista going from 1195 to 1201 also. Am I ok?

I’ve tested right now and I get the warning while repairing but the final message is that the product was repaired successfully, i.e., it worked. I’m using Vista Business 32bits.

I got the same message upgrading to 1201 although I didn’t get chance to read what key it was trying to write. I am on Vista Ultimate SP1.

I haven’t tried to repair because it seems to be working fine.

I don’t want my version of Avast to be corrupt if it needed to write that file to the registry.

This is the avast self-defence module at work where it doesn’t allow programs to access the avast registry entries with write permission, so these messages are informative and not errors as such, but confusing none the less.

Repair won’t harm, that is the whole point to rectify any problem and you are after al reporting a problem. Though I don’t believe this problem is one that is within the scope of the repair function.

Try a reboot and see if it happens again, if not no problem, if it does happen again then more investigation is required.

Check the C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log (self defence) using notepad as that file contains information about these entries. It should also report which program it is that is accessing the registry entries with write permission. So post what program is responsible for the write access that the self-defence module is notifying you about.

5/16/2008 10:13:05 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\system32\services.exe]
5/16/2008 10:13:05 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\System32\rundll32.exe]
5/16/2008 10:13:05 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances denied. [C:\Windows\System32\rundll32.exe]
5/16/2008 10:13:05 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances\aswMonFlt Instance denied. [C:\Windows\System32\rundll32.exe]

Interesting as these two windows system files (services.exe and rundll32.exe) may have been at work during an update to XP SP3 (I assume you have XP not Vista?) but I have no idea why they would need to open the avast services with write permissions.

Yes, it may well be checking what services might be running during the update (XP SP3 or Vista SP1) and it may just be it has write permission in case it has to make any modification in other services it is checking.

So hopefully this information may be of help to the avast developers and that one of them picks up on it.

I’m vista 32 sp1. Was full updated the last update on the 15h. Hope I’m alright.

I believe the issue is the same if you have Vista SP1 or XP SP3, what I don’t know is if this is just a one off after the first update or if it happens on every boot, etc. ?

I don’t think it is a problem as these are notifications as opposed to errors reported by avast.

The problem was that there were more of these notices from other programs and XP SP3. That was one of the things in the avast update that was tweaked and most of these notifications weren’t displayed. Currently this doesn’t seem to have stopped the notifications relating to Vista SP1, but it does seem to have stopped them with XP SP3.

If prompted me to reboot after the update and after I rebooted I never got the message again. Does this mean everything is ok now?

It entirely depends on if you rebooted after the initial install/update as that is what changes the registry and adds the reboot.txt file. A program update requires a reboot for the effective completion of the program update.

If they are gone, then you should be OK.

I am getting this message every single time I do an AVAST! Update now… Vista SP1 totally updated except for latest Silverlight Package. I checked the logfile DavdR specified. There are a TON of entries. These are just the ones from today’s update attempt. Do I have a virus or other problem?

5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\system32\services.exe]
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [PID 2892]
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances denied. [PID 2892]
5/20/2008 3:12:50 AM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances\aswMonFlt Instance denied. [PID 2892]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\system32\services.exe]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt denied. [C:\Windows\System32\rundll32.exe]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances denied. [C:\Windows\System32\rundll32.exe]
5/20/2008 11:58:02 PM Write access to registry key \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\aswMonFlt\Instances\aswMonFlt Instance denied. [C:\Windows\System32\rundll32.exe]

Here is what I get when I try to run update again immediately after…

Information about current update:
Total time: 7 s

  • Program: Already up to date
    (current version 4.8.1201)
  • Vps: Already up to date
    (current version 080520-1)

Server: download928.avast.com (74.86.125.39)
Downloaded files: 2 (0.02 KB)

This is not indication of a virus.

These are informational messages only and there is no action you can take on them.

These messages are recording the fact those processes attempted to open registry keys belonging to avast with permission to write to them (this generally indicates poor code writing) and this represents almost all of these messages for all avast users. The avast protection module has prevented the function from having write access to the avast registry keys. However, these messages could provide evidence of a piece of malicious code trying to interfere with the functions of avast.

It is an unfortunate fact the avast self protection feature, while needed and a valuable development of avast is scaring some users in an unnecessary way.

Thank you alanrf. This was a new occurrence and after using AVAST! for a long time surprised me to see it appear.

I am sure that the avast team will do their best to reduce the alarm - especially since these are essentially “false positives”. From my own experience with WinXP they have been very successful … seems they still have some work to do with Vista.

This is no false positive, and has anything to do with any kind of malware. If you read carefully the logs, you can see that the Avast Update program itself was the one causing the messages. The update program fails to write the registry. I have started another thread about this behaviour before this one was started (not that this matters), and still I’m waiting for an answer other than “don’t worry about it, it’s probably nothing”. Well, is it “nothing” or not?

If anyone would like to take a look (even though till now they didn’t answer either, as in this thread):

http://forum.avast.com/index.php?topic=35603.0

Let’s hope the support team and the devs will take care of this soon, as they usually have done before. Thank you.