Avast Business Antivirus Scan With Password Protection Enabled

How to have your users initiate scans with Avast Business Antivirus when password protection is enabled:

First, you must use this password setting in the Settings template in your Avast Business Antivirus console:

Avast Business Antivirus Scan With Password Protection Enabled

Then, from the users system, open the Avast user interface.

NOTE: The “RUN SMART SCAN” on this page is password protected and cannot be run without password!Avast Business Antivirus Scan With Password Protection Enabled

However, by clicking on “Protection” and selecting “Scans”, I was able to perform a scan when I selected “Full Virus Scan” from this page without any password:

NOTE: The “RUN SMART SCAN” on this page is password protected and cannot be run without password!

Avast Business Antivirus Scan With Password Protection Enabled

Avast Endpoint Protection migration to Avast Business Antivirus

With the acquisition of AVG last year, all Avast & AVG Business versions are utilizing the Avast Business A/V client with a new NEX-GEN Behavior Shield. Avast and AVG had independently been working on this shield for several years, and using the Avast’s Hardened Mode (whitelisting module), significantly increases protection against Crypto / Ransomware.  These components are not available in the legacy Endpoint Protection versions. Also, Microsoft Windows 10 Spring Update (released) is not compatible with the legacy Endpoint clients. The user is prompted to uninstall Avast or the update will simply fail to install. Additionally, Endpoint has an End of Life for December 31st, 2018 where VPS updates will cease. I want to make sure that we get started on a migration, as this is included in your subscription at no charge, and the increase in protection is dramatic! I will assist you in creating groups and templates for testing using J.R’s best practices. You will be able to continue using Avast Endpoint Protection on those systems for your license term.

Instructions:

  1. Make sure that your devices are online and have internet access. An offline version of the client is in the works now, but today it is required for activation
  2. Make sure that your Avast Enterprise Administrator (AEA) or Avast Small Office Administrator SOA) console are updated to the current (AEA 8.0.405 or SOA 1.3.3.112)
  3. Make sure that your Avast Endpoint Protection program version is on .1609 on the managed clients.
  4. If you using a LAN Gateway firewall, it is recommended that you whitelist *.avast.com & *.avcdn.net. Port requirements: http/80 (updates) https/443 (FFL encryption key negotiation) TCP, UDP/ 8080, 8090, 443, 5222
  5. NOTE: Each device will download the 300MB Avast installer file silently, so please be patient as this may take some time.
  6. Devices may request multiple reboots. This is usually due to restarts that are previously pending.
  7. Some devices may stay in “Pending” status for some days even though they are online. They are still protected, but unmanaged at that point.

You will need an Avast Business Management Console that is live, either the Cloud or an On-Premise version (Cloud is recommended)

a.     For the Cloud Management Console, go to https://id.avast.com/?target=https%3A%2F%2Fbusiness.avast.com%3A443%2F#register to register and receive your account activation email..

b.     For On-Premise Management Console, go to https://www.avast.com/download-software and download the Console Installer for Windows. You can install on the same Windows device where your existing AEA / SOA resides. And follow the instructions.

c.     Next, search for the file export.xml on your existing AEA / SOA console.

d.     With AEA, the file is located in: C:\Program Files\AVAST Software\Enterprise Administration\DATA\log

e.     With SOA, the file is located in: C:\ProgramData\AVAST Software\Administration Console

Now open your Avast Business Management Console (On-Premise or Cloud), go to: “General settings” (console, not template, lower left), then “Transfer From Other Console” and choose “Import file”.

Avast Endpoint Protection migration to Avast Business Antivirus

Import the XML file (from step d. / e. above) and you will now get an overview of how many groups and devices you’re able to transfer. The Settings/Policies will also be transferred alongside the devices.

NOTE: The xml file has to be less than 1MB to work, which is approximately 1000 seats.

Once successfully imported, devices from the AEA/SOA console will start to appear in the Avast Business console in the Devices section.  This may take a while and when they appear, they will have the status “Pending”.  On the Devices page, manually select the groups or devices you want to transfer by clicking the Transfer button:

The device’s status will change from Pending to Transferring. The legacy Endpoint Protection clients will be replaced (reinstalled) with Avast Business clients (EP, EPP, EPS to ABA and EPSP to ABAP)

Avast Business consoles will support multiple editions (we call them licenses) in the Licenses section. You may have to activate devices manually, if you have more than one license.

Once devices are fully transferred they will have the status Safe, Vulnerable, or In Danger, depending on the health of the device. NOTE: If above fails, do the following.

Manual Transfer from Avast Endpoint Protection to Avast Business Antivirus

If you wish to carry out a manual transfer due to a complex network, multiple proxies or that you wish to use Group Policy to deploy, please follow these steps:

Instructions

a.     Create your Avast Business console, and acquire your migration license and insert into the console under the “Licenses” tab, and click “Enter license code”

b.     Uninstall Endpoint Protection from your devices

c.     NOTE: If you are using the AEA or SOA consoles to manage your clients, you should first attempt to push out the uninstall using your Management Console.

How to Uninstall Endpoint Protection from your console

d.     If you are using the AEA or SOA consoles to manage your installed devices, you should first attempt to push out the uninstall using your Management Console.

i.     In the SOA console you can do this using a job by going to JOBS > Scheduler > Create new job > Details > Job type, then set Deployment and Job selected: Uninstall Avast Protection.

ii.     In the AEA console you can do this using a job by going to Client-side tasks > Auxiliary tasks, then right click Auxiliary tasks and create a new task. Select to create an Uninstall managed product(s) task type, set the reboot settings, then select which computers to apply the task to and run the task.

Using the MSI Installer for Enterprise

i.     If you have Active Directory in your environment it is possible to download a Full MSI installer in addition to selecting which license tier and settings template to apply to newly installed devices so that they automatically activate after installation without requiring a reboot.

ii.     To do this you will need to configure a GPO that deploys the MSI installer in your environment. Please see Microsoft’s documentation regarding deploying MSI files for installation via GPO for the version of Active Directory you are using in order to set this up.

iii.     The MSI installers is created from the dashboard, and will require being able to remotely configure your devices to run a startup script as a system level process. For this purpose we recommend using an Active Directory’s Group Policy Object. The correct configuration for this GPO depends largely on which version of Active Directory your domain uses. We recommend reading the following Microsoft TechNet articles as guides when writing your own GPO:

iv.     https://technet.microsoft.com/en-us/library/dd630947.aspx

v.     https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn789196(v=ws.11)

vi.     NOTE: When using the MSI installer via GPO, both the script and MSI files should be located in the same directory of a network drive share accessible to all computers and your GPO should reference these files by UNC file path.

When all else fails, Remove Avast for CLEAN Installation

The AVASTCLEAR.EXE removal tool works for all versions of Avast:  http://www.avast.com/en-us/uninstall-utility  NOTE: “AVASTCLEAR.EXE” must be used in safe mode

or

UNINSTALL the existing Avast, reboot, and delete the (4) Avast Software folders above. Microsoft uninstaller always leaves the old directories for the purpose of System Restore.  Go look, every program you have ever uninstalled is still there! Revo Uninstaller will delete directories automatically. These are the Avast Software folders that MUST BE REMOVED for a clean installation:

C:\Program Files\Avast Software

C:\Program Files\common Files\Avast Software

C:\Program Files(x86)\Avast Software

C:\ProgramData\Avast Software

 

Please let me know what I can do to help, and have a great day!

 

Avast Business Antivirus – How to block all websites except 1 (or the ones you want)

Start by editing the target Settings Template under Device Settings.

Under Active Protection, go to Web Shield, and choose Customize:

Avast Business Antivirus - How to block all websites except 1 (or the ones you want)

Under the Site Blocking tab, check box the Enable site blocking option, and in the “Blocked URL address” windows, insert:

https://* and click add

http://* and click add

do this a 3rd time just adding the single character * and click add:

Avast Business Antivirus - How to block all websites except 1 (or the ones you want)

Now select the Exclusions tab, and check box the Use URLs to exclude option, and in the “URL address” windows, insert:

http://api*.webrep.avast.com/* (should already be there by default)

*.avast.com and Add (Avast update servers)

*.avcdn.net and Add (Avast update servers)

And lastly, add the URL addresses of the websites that you want to have access to: *facebook.com/* and Add

Avast Business Antivirus - How to block all websites except 1 (or the ones you want)

Now save the settings, and when the clients sync to this Settings Templates, they can only navigate to avast.com and facebook.com. All other URLs are blocked!

Avast for Business – How to remove modules / shields from the cloud console

Avast for Business – How to remove modules / shields from managed clients using the cloud console

While inside the console, under Network, Settings, and chose the target Settings Template. Select the Active Protection tab, and you will notice 3 dots to far right of each module. This allows you to uninstall that module from the template, so it will not be installed on the system. The module must be ON in the template for you to be able to uninstall:
1

Notice that one of the only components that is NOT listed is the SafeZone Browser. This was at least initially due to the SecureDNS module was imbedded into SafeZone. This function prevented a DNS hijack from affecting the Avast upgrade procedure, hijacking the update process to inject malicious code. However, this also caused a new set of issues, that had to be addressed.

Today, the only way I know to remove the SafeZone Browser is to go the device inside the console. Find and open the target system under Network, Devices. By choosing the Components tab, you can see all the installed components. Then, we must turn on the “Customize component installation settings” to enable the ability to install/uninstall the modules.
2

Notice that I have removed Data Shredder, Browser Cleanup, and SafeZone Browser. With the new console (still in BETA), we will have the ability to select the template during installation, and then only install modules that match that policy. SafeZone and SecureDNS are options that are included, but the question then becomes, when will we see this BETA for final release.

NOTE: Avast is only 1 of 2 A/V to block the CIA from cracking their program!
3

Avast! Premium Business Endpoint Security ABES using best practices

To configure your avast! Premium Business Endpoint Security console using best practices:

1)       Login to your console from here:   https://business.avast.com using your APBS login email address

2)       I will have your license applied to your console for the correct expiration date.

3)       Installers are downloaded from the console under “Add new devices” and have a 30 day trial embedded.

NOTE:  If the system was using any previous version of avast!, then it is highly recommended to use the avast! removal tool (see #7 below)

image027

INSTALLERS

Now we have the selection of Installer type, Installer size, Proxy server, Download, or Send by email:

image028

4)       After installation, the system requires a reboot to show up in the console Dashboard under ACTIVATION

5)       You must activate each system in the console under “Activate now”, a reboot message will pop up on the freshly activated system.

6)       Note that previous avast! installation directories must be removed for best results: C:\Program Files\AVAST Software  and  C:\ProgramData\AVAST Software

7)       There are MSI installers under “Add Devices” and a MSI removal tool for the legacy avast! Endpoint Protection. I will email the avast! removal techniques.

8)       Avast! “Hardened Mode” (whitelisting) is disabled by default, as it may require exclusions. The “Aggressive” setting blocks RanSim (ransomware simulator) and is highly recommended.  Any other setting allows RanSim to encrypt files!

9)      Virtualization of Adobe Flash is highly recommended, as this removes the number 1 vulnerability vector of all time! This can be done in your avast console and is shown below.

10)     I have included exclusion nomenclature at the bottom of this document, as it is different than all previous versions (see exclusion section below)

11)     After devices are Activated, they will show up in the default group, using the default template.  You can have many different groups and templates to match any required variables:

image029

The “J.R. BEST PRACTICES” settings below are aggressive and provide the best protection.  However, I highly recommend testing on one or more systems prior to deploying. Run all your apps to verify if any exclusions are needed.  Exclusion terminology is different from previous avast! versions, so I have included examples at the bottom of this document.

TEMPLATES

From Network, Settings, Default, Advanced: use the following settings for BEST protection:

image030

File System Shield, Customize, Packers:  All

image031

File System Shield, Customize, Sensitivity: High and PUPs

image032

Mail Shield, Customize, Sensitivity: High and PUPs

image033

Web Shield, Customize, Sensitivity: High and PUPs

image034

Antispam, Customize, Sensitivity: High, Add recipients of outbound to whitelist, Add entries from address book to whitelist:

image035

Sandbox, Customize, Virtualized processes, Path to the application:  C:\Program Files (x86)\Adobe\Flash Player

Sandbox, Customize, Virtualized processes, Path to the folder:         C:\Program Files (x86)\Adobe\Flash Player\*

Sandbox, Customize, Virtualized processes, Path to the folder:         C:\Windows\System32\Macromed\Flash\*

image036

Under the General settings tab: set a template password to prevent users from disabling protection, and change Program updates to manual:

image037

Under the Antivirus settings tab: setting Hardened mode to Aggressive may require exclusions so test first before enabling (currently disabled) This setting provides the maximum protection from Ransomware.

image038

EXCLUSIONS

Under notifications in the console, it will tell you what is blocked by what shield.  Then we can insert those items as exclusions in the console. Note that some of the similar fields use different nomenclature.  Also, we can use the avast! “false positive” reporting module, and then those false positives are whitelisted within 24 hours most of the time.

Avast! False Positive File Form submission: https://www.avast.com/false-positive-file-form.php

To add exclusions for Avast Premium Endpoint Security, they must be performed in the console web portal: https://business.avast.com   Adding exclusions in the web portal will allow the change to sync to all computers. Login to https://business.avast.com/  and go to:

Network > Settings > Choose the target Template > Advanced > Antivirus Settings:

Executables in File Path Exclusions:  Example: C:\Program Files\AVAST Software\Avast\example.exe  Add like this: *\example.exe

File Path Exclusions:   Example: C:\Program Files\AVAST Software\Avast

Add like this: *\AVAST Software\*     (for relative file path,  always use ‘*’ before and after)

URL Exclusions Example: https://business.avast.com/

Add like this: https://business.avast.com/* or  *business.avast*

Site Blocking:  Example: https://www.facebook.com/

Add like this: https://www.facebook.com/* AND  http://www.facebook.com/* (must use both for facebook, since both URLs exist, and https: must go 1st)

DeepScreen Exclusions:   Example: C:\Program Files\AVAST Software\Avast\tools.exe

Add like this: C:\Program Files\AVAST Software\Avast\*  or  *\AVAST Software\*

Hardened Mode Exclusions:   Example: C:\Program Files\AVAST Software\Avast\tools.exe

Add like this: C:\Program Files\AVAST Software\Avast\tools.exe    (full path is required, no wild cards or directories are valid)

FIREWALL

avast! Firewall Troubleshooting Guide – Avast for Business

Please let me know if you have any questions, and have a great day!

Remove avast! for clean installation – ASWCLEAR.EXE or AVASTCLEAR.MSI

One of the issues with all anti-virus vendors is leftovers from previous versions. To rule out this as the point of failure, I recommend a clean installation. This is a requirement when migrating from avast! consumer versions (Pro, I.S., Premium, free) or legacy Endpoint Protection to the cloud version.  There are several ways to accomplish this task:

DOMAIN – If you have a Domain and are currently using legacy avast! Endpoint Protection Suite / Plus, then you can use group policy to deploy AVASTCLEAR.MSI – https://www.dropbox.com/s/5rpu32cnkc5fy54/avastclear.mis?dl=0

UNINSTALL – Uninstall the existing avast!, reboot, and delete the “AVAST Software” folders under “C:\Program Files” and “C:\ProgramData”  Microsoft uninstaller always leaves the old directories for the purpose of System Restore.  Go look, every program you have ever uninstalled is still there!

REMOVAL TOOL – The last option is to use ASWCLEAR.EXE process described below.

NOTE: ASWCLEAR.EXE supports all avast! versions, including consumer (Free, Pro, Internet Security, Premier) where AVASTCLEAR.MSI is for Endpoint Protection ONLY!

Download the avast! removal tool:  http://www.avast.com/en-us/uninstall-utility  “ASWCLEAR.EXE”

Next step is to clear the checkbox “Enable avast! Self-Defense Module”. This prevents one from having to run the avast! removal tool in safe mode!

Disable Self Defense Module NOTE:  When the Self Defense Module is disabled, then you DO NOT RUN “ASWCLEAR.EXE” IN SAFE MODE

image001

You must acknowledge “Yes” to fully disable the avast self-defense module:

image003

Uninstall the avast! anti-virus by running “ASWCLEAR.EXE”

NOTE: DO NOT RUN “ASWCLEAR.EXE” IN SAFE MODE:  click “NO”

image006

NOTE: DO NOT RUN “ASWCLEAR.EXE” IN SAFE MODE:  click “NO”

image007

On this screen, you will have to choose the version of avast! that we just un-installed. NOTE: If you did NOT change the default location during installation, then you may leave / ignore the top 2 locations as “unchanged”  If multiple different avast! versions were installed, you may close and reopen ASWCLEAR and select a different version. I have done them all before when unknown.

Reboot the system after ASWCLEAR, and now you can “clean” install. Rarely, I have used this problem to replace corrupted installs

Please let me what I can do to help, and have a great day!