AVG Internet Security 7.5

[Guest]

"Alan D" wrote:

Well, this is serious. I just tried the Gibson Research Shields up test and
failed it spectacularly.

Well, I think I've managed to help myself, but I'd be mighty glad if someone
could confirm that I've done the right thing. I found a tab in the firewall
configuration panel called 'profile switch'. Looking at the profiles in the
box, I changed the 'local network' setting from 'standalone computer' (which
had been my random guess) to 'unassigned'.

Another visit to Steve Gibson showed me I was back to my full stealth rating
again. So the immediate crisis is past - but why I suddenly acquired a local
network that required firewall changes completely baffles me.

 

[Guest]

Thanks for all this Robin.

In "System" I am betting there is where it
put the local network as a block or allow.

There's no mention of 'local network' under the 'System' tab, as far as I
can recognise (see below).

When viewing NEVER say OK- click "Cancel" this way nothing changes.
You had to click on something and accidently change it and that is prolly
why this happened.

I could have sworn I only ever clicked 'cancel', but obviously I'm mistaken!
It seems to me that where I made the mistake must have been under the
'Profile switch' tab - this is where I find the 'local network' listed. I
can't imagine what change I must have inadvertently made. I seem to have
fixed the immediate problem by setting the 'local network' to 'unassigned' -
but would it be better to set that to 'block', instead? I notice there's a
tick box in this section that allows me to disable profile switching - and
since I don't need that, maybe it would be best just to tick that? Would it?

Thanks for your other comments Robin - I do understand the basics about
blocking individual applications, and if there's anything I'm in doubt about,
I make it 'ask' until I'm sure. So far, so good! But this 'local network'
business completely threw me. (I still haven't a clue what it's really all
about.)

 

[Robin]

yes it should say "standalone computer" unless you are on a network
when playing you migh have accidently clicked that off
robin

 

[Robin]

just to clarify
as long as you go directly to the internet it is considered "stand alone
computer" all the way in all tabs
robin

 

[Guest]

just to clarify
as long as you go directly to the internet it is considered "stand alone
computer" all the way in all tabs

Aha! THAT's the same mistake that I made, Robin!
Under the tab 'Profile' I have it set to 'standalone computer' - there is no
problem there.

But under the next tab ('Profile switch'), there are the following entries,
with options to change the settings:

All dial-up connections..............X Unassigned
The Internet (1) ->...............Standalone computer
All Network areas
Local Network.....................X Unassigned.

For each of those three there are 4 options: Allow all, Block all,
Standalone computer, and Unassigned. It was when I set the 'Local Network' to
'standalone computer' that everything went haywire and my computer shockingly
failed the Shields UP test. When I changed the setting to 'Unassigned',
Shields Up gave me a clean bill of health again. So I conclude that the
'local network' setting must absolutely NOT not be 'standalone computer', or
the firewall's effectiveness disintegrates!

The only real issues remaining now are whether I should have set that Local
Network entry to 'Block all' (rather than 'Unassigned'), and whether I should
disable the 'Area Detection and Profile Switch'?

Even more worrying, though, is this. Throughout the whole (mercifully short)
period when my firewall was effectively disabled, the main AVG panel assured
me specifically that my firewall was running AND WAS CORRECTLY CONFIGURED! In
other words, it's possible to accidentally change one setting and destroy the
firewall protection, while still being assured by the control panel that
everything is fine. All I can say is - thank goodness for Steve Gibson!!!!

 

[Guest]

More to follow

The firewall passes Steve Gibson's Leak Test in its basic form (i.e. if I
rename it to something that's allowed, the firewall still blocks it).

I can't get the 'stealth' test to run, for some reason. Maybe I'm
misunderstanding something.

 

[Robin]

didn't you do the stealth test when you first installed it?
clear your cache in your browser and try the test again
robin

 

[Guest]

didn't you do the stealth test when you first installed it?
clear your cache in your browser and try the test again

When I first installed it, all I did was test it using the Gibson port
probes (i.e. testing to try to get in from outside). That was fine and it
achieved a 'stealth' rating.

Today was the first time I tried the Gibson 'leak test' - which tests the
firewall from inside out. The standard test (renaming the leak test file as
things like 'firefox.exe, an allowed program') worked fine, and the firewall
stopped it. But its second mode of operation, the 'stealth' leak test,
wouldn't run. However I just tried it now and it worked fine, so I don't know
what was wrong before.

 

[Guest]

More to follow

Oooh, I hadn't noticed this before. I said earlier that AVG and Defender
play nicely together, but I'm now wondering if this is an illusion caused by
the rather limited logging record that AVG provides.

When Defender begins to scan, AVG leaps into action, with avgrssvc.exe
taking up roughly DOUBLE Defender's CPU usage. Typically this is around 20%
for Defender's msmpeng.exe, compared with around 40% for AVG's avgrssvc.exe.
One consequence is that a Defender quick scan is now significantly less quick
than it used to be.

Now... I presume that AVG is checking out whether Defender is a 'potentially
unwanted progam' (and checking it out pretty thoroughly if that 40% CPU usage
is anything to go by!) Is this normal for an antivirus/malware program? Does
anyone know? Norton (when I had it) was very pernickety about Defender
probing its files, but I don't recall ever seeing it involved in this degree
of activity.

 

[Bill Sanderson MVP]

I can't speak to the details of the CPU usage levels which vary with the
products involved, but this kind of interaction is to be expected--the
antivirus and antispyware products share an API to do real-time scanning,
and will both be analyzing the bits as the scan proceeds.

--

 

[Guest]

I can't speak to the details of the CPU usage levels which vary with the
products involved, but this kind of interaction is to be expected--the
antivirus and antispyware products share an API to do real-time scanning,
and will both be analyzing the bits as the scan proceeds.

Thanks Bill. The curious thing (to me, in my ignorance) is that if I reverse
the roles - i.e. set AVG to do a scan - Defender appears to take no notice.
AVG does its thing, and there's no CPU usage by Defender.

It's also curious to see the differences with other products. When AdAware
does a scan, AVG snatches 40-50% of the CPU usage, and AdAware trickles along
with 10% or less. But when Spybot runs a scan, AVG can hardly get a foothold.
Spybot's CPU usage sits mostly between 90 and 100% and AVG seldom figures
much at all. I suppose this means something. I wonder what?

 

[Robin]

when i had ad-aware doing a scan (before se) and I had norton antivrirus
+firewall 2005 cpu went up to around 90-100% (it would flow up and down but
would not go under the 90). and I could not do a thing except let ad-aware
finish
so go figure
robin

 

[Robin]

also when any programs scan, I set it to do scanning when I am not really
doing anything else.
Rember it is going through your whole computer and this takes up memory in
its self and I would rather let it do its scan (adaware takes about 10-15
min to scan-spybot about the same). I think I can afford 20min about of my
time to just allow it to scan.
When AVG scans I still find I can do other things but you know, I have it
actually set up at night when i am not on the computer so I am not
"bothering it" even though I can work while it is going.
robin

 

[Guest]

also when any programs scan, I set it to do scanning when I am not really
doing anything else.
Rember it is going through your whole computer and this takes up memory in
its self and I would rather let it do its scan (adaware takes about 10-15
min to scan-spybot about the same). I think I can afford 20min about of my
time to just allow it to scan.

Well, as a Norton refugee, I'm already used to running scans when I'm not
using the computer for anything else - this kind of restriction doesn't
bother me at all. I'm just curious about the differing degrees of interaction
between all these programs when they scan, and what that implies about what's
going on 'behind the scenes.

It seems that we don't know, for example, how AVG responds to Defender
probing its files - because it doesn't log those events, whereas Norton does
- and so we know that it blocks them.

 

[Guest]

More to follow

Well, just as I was being lulled into s sense of false security, this
happened:

I try to do a quick check at the ShieldsUp website every day, and every
time there's been no problem. But today, out of the blue, all sorts of
vulnerabilities were exposed, including two open ports and the loss of
'stealthed responses' from the others.

I hadn't made any changes to the firewall, and a computer restart solved the
problem. The only thing I can think of that might be relevant was that I'd
been checking through the Adobe and Java IE add-ons, and got myself into a
tangle, aborting an attempt to update. It would be disturbing if this had
upset the firewall though (is that even possible?). Even more disturbing is
the fact that all the time the AVG control panel kept assuring me that
everything was properly configured even though it very obviously wasn't.