Free, web-administered "Avast for Business".

Discussion in 'other anti-virus software' started by Vladimyr, Feb 1, 2015.

  1. Frank the Perv

    Frank the Perv Banned

    Joined:
    Dec 16, 2005
    Posts:
    882
    Location:
    Virginia, USA
    Good Thread. I'm a latecomer..

    Excellent product analysis Mayahana.

    And notable vendor interest and support without excuses.



    -Frank
     
    Last edited: Feb 6, 2015
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    http://en.wikipedia.org/wiki/Avast!
     
  3. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Hardened Mode works good - except that as Avast 2015 currently sits, it doesn't correctly retain settings. So it simply turns this feature off on it's own. When it flags Kerish Doctor on load and you select 'add exclusion', it actually doesn't add it to the exclusion list. (bug)
     
  4. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I just concluded my call with Avast! It's good to see such a proactive response from vendors. I was pretty frank in our discussion, and hopefully it will be viewed for what it is.

    Right now I see two potentially huge markets for this product;

    1) Solution for providers (SaaS), such as small independent IT guys like zfactor. Where they can open a portal, and deploy the solution to dozens of clients at multiple different locations, and centrally manage the installations/services from a single portal. However to make this happen there probably should be a way to categorize/organize devices into 'company groups', and much for flexibility in things like logging. The market for this type of solution is pretty big considering the cost of other solutions, and the inability of small IT companies to handle any infrastructure in a sufficient manner. Frankly I am shocked small PC guys even deploy individual desktops, it's ridiculous to imagine how they manage them, and keep licenses in order. All small PC guys, and IT firms should be SaaS providers. You can even run your own server at home to do this, and make a lot of profit. Avast could fill a niche here.

    2) SaaS on deployment. Right now Avast! Business 2015 is a sort of 'bastard child' of the consumer desktop, and enterprise. It's not really GREAT at what it is supposed to be great at - Hosted SMB deployable solution. The reason I feel is there are too many options, too little control, and inadequate reporting mechanisms. The market for SaaS is huge, and I think with some improvements Avast! could quickly become a player in the field.

    For those that aren't aware, this is usually how deployment of hosted solutions works in a business (cut down for brevity). Speaking of the continued trend of companies scaling back on-site IT, and infrastructure, and moving towards managed solutions, remote IT, and hosted API.

    1) Onsite IT decides they need a 'solution'. Onsite IT works with remote IT (MSP) on a solution.
    2) Once a solution is decided upon through various departmental approvals, deployment packages are rolled out with best practice procedures/settings.
    3) Deployment packages are finished. Administration moves to managed IT via portal, with potential portal access to IT contact within the firm.

    That's it.. The rest is essentially auto-pilot, once in awhile managed IT logs in to check the reports. Or onsite IT requests reports, of if they have admin access generates their own reports from the portal. Sometimes remote scans are executed, quarantines cleared, or settings carefully adjusted. The END USER only sees a tray icon, and when they click it all they can do is 'Scan, Update, and Check Logs' for the most part. Onsite IT has all of the data they need from the portal, with no real need to step into the client. It's HELPFUL to have a 'Request Support' button ON the deployed AV client so they can open a chat-task on the portal for 'limited, delayed' two way communication. For example let's say Avast is blocking a website, they could right click the tray for 'helpdesk' and then report the website. IT from the portal can evaluate this, and if necessary whitelist it. This is a tried and true way of going business in the SaaS field for nearly a decade, which is why most products conform to this.
     
  5. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Note, Avast! is entering a market with a fairly low amount of raw competition but only a couple of them hold a 'lion share' of the market.

    Avast! Business 2015
    Panda Cloud Antivirus
    Trend Micro Hosted Business Security
    Symantec Cloud
    McAfee SaaS
    Sophos Cloud Business
    Vipre Business Online

    Not sure there are any others right now?
     
  6. MikeMT

    MikeMT Registered Member

    Joined:
    Feb 7, 2015
    Posts:
    63
    Location:
    Malta
    Cheers to Vladimyr for starting the thread & bringing this product onto my radar, similar thanks to Mayahana for the detailed working experiences to date.

    The advertised free web portal endpoint business administration solution looked too good to be true. So out of interest I installed ABS onto my test network & from my experiences this week I feel that the product has great potential once certain issues are resolved.

    I was able to overcome most of my teething problems where the endpoints were not retaining certain settings by applying them in Template advanced mode through the web portal & assigning the template to each device in the Device Settings Template option rather than the original setting that pointed to >Parent. By doing this the superb “Hardened Mode” module options, Passwords along with White-lists + corresponding file paths are correctly retained & published globally to the clients. The odd quirk appeared opening .pdf’s from Nitro Pro Enterprise as the app was flagged as unknown by Hardened Mode & this time two lines had to be added to the web portal white-list ie : C:\Program Files\Nitro\Pro 9\NitroPDF.exe & C:\PROGRA~1\Nitro\PRO9~1\NitroPDF.exe to enable the files to be opened from the desktop & documents folders??

    Apart from PUPS detection not being retained I am currently experiencing exceptionally high memory usage growth from the Business Client Console service on all endpoints. The bccavsvc.exe memory footprint will rocket from around 16MB to sometimes over 500MB and remain there until a reboot. I can live with this ATM as my workstations have sufficient RAM & are restarted on a daily basis but would like to see this resolved ASAP.

    My thoughts concur with Mayahana’s that more configuration options should be available through the web portal templates & less on the client endpoints to make this a more practically manageable security solution. On the plus side incorporating the Hardened Mode module into this app has been a winner for me as to date it has quarantined every nasty I have thrown at it. With clean ups easily accomplished through the web portal.

    I cannot comment on the Anti-Spam, Firewall or VPN modules as ATM I have alternative solutions in place.

    All in all I am well impressed bearing in mind this is the first release & congrats to Avast for bringing a new offering to our tables. I eagerly await the up & coming product updates as this security app has the ingredients that I would seriously consider implementing into our environment once the initial bugs are flattened.
     
  7. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    I'm wondering will the Client get product updates as they are released or do you have to push the updates out to the clients?
     
  8. MikeMT

    MikeMT Registered Member

    Joined:
    Feb 7, 2015
    Posts:
    63
    Location:
    Malta
    From my experience of testing this week both product updates & virus sigs are shown to be automatically updated from Avast servers providing that the default settings in the account web portal management template for that module have not been changed.
     
  9. Brocke

    Brocke Registered Member

    Joined:
    Mar 16, 2008
    Posts:
    2,306
    Location:
    USA,IA
    Are product updates release often as this is new ?
     
  10. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    418
    Interesting product for us SMB consultants, seems my portfolio of WSA clients (also managed from the web since forever) will have some competition :)

    Any chance of a Linux client while you guys are at it?

    /E
     
  11. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
    I have changed the program update settings in the portal to manual (because I'm wary of 'surprises') but I'm thinking that emergency program updates will still be pushed as deemed necessary, in a similar way to with the 'regular' Avast product.
     
  12. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I no longer do SMB consulting on an individual scale, but our firm handles thousands of SMB's. I can see this product being very good for independent SMB IT Guys like you and zfactor. Not so valuable for larger MSP's at this point until due to the non-stripped client, free model, and limited profit pricing model. Which is fine, this fills a niche. Also I could see this being really good for people with large, complex home networks/devices to manage and they don't want to spend a ton of money each year to do it. Right now I have 8 clients on mine, and have a couple more laptops to add. Once they support mobile/tablet deployment I may reach 30 devices. Doing that on Trend or Symantec would cost a small fortune, which is why in those bases most people just buy heavily discounted solutions and ignore SMB type stuff.

    So Avast Business could fill the gaps between, a likely substantial market!
     
  13. MikeMT

    MikeMT Registered Member

    Joined:
    Feb 7, 2015
    Posts:
    63
    Location:
    Malta
    It will be interesting to see what module updates bring to the product. Whether they will be applied to the endpoint client or through enhancements to the client / template config options in the web portal management console, or a combo of both. I have left auto updates on ATM as all test workstations have incremental system images taken daily.

    Mayahana, as a matter of interest, are you experiencing similar memory leaks on the bccavsvc.exe service as I am on your pc’s? I am not over concerned about this as the application is still in early development & has many plus features. I look forward to implementing it on a permanent basis once teething issues are resolved. Hopefully the Avast spec that it could be run fairly comfortably on a box with 128MB of RAM will materialise in the near future.

    From my continued testing the Avast app sits very well alongside either Windows Firewall Control 4.4 or Privatefirewall 7. With both firewalls one can easily set up a standard rules site policy & instantly import to the work stations. Hopefully in time there will be more client configurations options in web management as I have seen no way to export an endpoint configuration for group deployment from a PC.

    Similar to yourself I’ve been in corporate IT support for many years and agree that this product has excellent potential to be a winner for Avast & users alike in home / SMB environments.
     
  14. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    Teething issues is a good way to put it. I wish they'd be more proactive with patches, I've not seen any updates/patches since deploying it.

    bccavsvc.exe has a horrendous memory leak issue, even CleanMem doesn't keep it in check. Right now on a just booted machine bccavsvc is sitting at 4Mb. On my machine that has been on for a few hours, it's at 145Mb!!!!!

    I am close to dropping it off my machines, but I am holding out for a patch to address this and a few other issues.
     
  15. lwalling

    lwalling Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    24
    Location:
    Charlotte, North Carolina
    Mayahana, less a bug and more a lack of a feature. If the function isn't configurable in the UI it reverts to it's default setting. We will improve this in the near term though as I know it's an irritating if not serious problem.

     
  16. lwalling

    lwalling Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    24
    Location:
    Charlotte, North Carolina
    Some of this is simply a legal concern, detecting something in this category and removing it generates less than desirable lawsuits sometimes as I think most of us here are aware.

    On the flip side, you should be able to enable it as a policy setting and propagate that to your devices - and that will happen. As with other concerns it's not configurable and defaults back to default settings when such a case exists. It will be added soon.

     
  17. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I wonder if the 'growing' bccavsvc issue is actually memory caching? If so I am fine with that.

    I think if it was a memory leak CleanMem would deal with it. Since CleanMem doesn't, it may be intentional?
     
  18. lwalling

    lwalling Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    24
    Location:
    Charlotte, North Carolina
    Mayahana, keep the frank feedback coming. Thats what we want to hear.

    On this specific point

    "The reason I feel is there are too many options, too little control, and inadequate reporting mechanisms."

    Too little control and inadequate reporting is fair and will be expanded in short order. The product being a SaaS product, we can iterate quickly and at almost anytime without challenging uptime or your productivity. Expect us to do just that over the next few months in particular.

    I agree with your use cases also, from the IT manager or MSP perspective in particular. I would have loved to have had this product when I was in the MSP business, it would have saved me a ton of money. We're building a product that is intended to fill the technical user's needs as well as a small business owners needs - the guy that wants to manage stuff himself, who is used to dealing with cloud services and products.

     
  19. lwalling

    lwalling Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    24
    Location:
    Charlotte, North Carolina
    @Brocke and MikeMT - anti-malware client updates both product and signature are automatically delivered based on availability automatically and are not configurable - yet. This will come soon as we introduce proper task scheduling.

     
  20. lwalling

    lwalling Registered Member

    Joined:
    Feb 2, 2015
    Posts:
    24
    Location:
    Charlotte, North Carolina
    The technology powering our Avast for Business anti-malware client is actually the same basic technology in our consumer product, which was released late last year. I'm not personally aware of this one on that front or in our business product and can't find anything to answer or resolve it immediately - I'll ask Jeff in my tech support team to reach out to you to gather more information to get it fixed quick.

    @MikeMT are you also seeing this? Anyone else?

     
  21. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I'm seeing bccavsvc balloon up on all 8 machines here with it deployed. I am upping it to 12 machines in the coming days, but so far the problem appears widespread - at least with Windows 8x.

    Right now the one I reported at 4Mb, has expanded to almost 10Mb in the first hour of the machine being booted.
     
  22. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    It's still growing. Approaching 171Mb. that's up from less than 4mb at boot.
     

    Attached Files:

  23. MikeMT

    MikeMT Registered Member

    Joined:
    Feb 7, 2015
    Posts:
    63
    Location:
    Malta
    @lwalling Thanks for the feedback

    As I have previously mentioned both here & @ the Avast forum, I had experienced memory leaks of the bccavsvc.exe service grow to 500MB+ on Windows 8.1 (Update 3) endpoints last week. The service will normally start with approx. 4MB after logon drop to around 2MB & then continually rise throughout the day. On the box I am posting this message from that has not been restarted for 16 hours or so, it’s currently taking 240MB & still rising. On a similar machine on my network 250MB. None of my systems have either Hibernation or Sleep mode enabled & the memory growth scenario still occurs if they remain used.

    I have not seen another 500MB+ !!! Spike again since I applied the latest Net Framework 4.5 along with all current updates from MS last Friday to the Win 8.1 boxes. Prior to this their last updates were current to mid-December. Maybe this is just a coincidence?

    @Mayahana this does not only apply to Win8 it also occurs on a little used Windows XP box (AMD Dual Core – 4MB RAM) that I put into the mix too (bccavsvc.exe being 290 MB+). So to me, the glitch would not appear to be OS, Processor, running apps or system brand related.

    With this still occurring I do not feel ready yet to test this on any of the 2008R2 – 2012 servers within my group of companies as restarting them on a daily basis is not in my equation.

    The PUPS setting non retention is not a main concern for me ATM 9 (The Memory Leak Is) it would be good to have asap. As of this moment of time a PUP gets through the other network filters I have in place, the nasty would be hopefully blocked from executing by the Privatefirewall (Third Party) software endpoint app controls & / or quarantined by the excellent Hardened Mode feature within the Avast Business product.

    @Iwalling I would be pleased to discuss my Avast experience further with your Tech support / Devs as although I have no major issues with Eset Endpoint & other security solutions that I have currently in place on my networks. I believe for us the new Avast Business has offerings to reduce potential risks even further. Whilst also enabling us to easily keep our fingers on the pulse of Endpoint security through the one stop shop web portal. Whilst my sites are not large, currently the maximum is 50 endpoints excluding corporate mobile phones; I have quite a few to manage.

    My endpoint security concept has always been when possible to reduce any decision making made by the end-user to a minimum & proactive / preventative action to threats automatically taken by the measures we have in place.

    Regards

    Mike
     
    Last edited: Feb 10, 2015
  24. Mayahana

    Mayahana Banned

    Joined:
    Sep 13, 2014
    Posts:
    2,220
    I like this product, and the potential. But who were the beta testers? I think they really let you down. We've identified so much in this thread, including a fairly substantial memory leak. All of these things seemed to have escaped beta!

    BTW, all of my Win8x boxes are set to auto update, so they should be on all of the latest updates. I don't think that is the issue.
     
  25. sovamiroslav

    sovamiroslav Registered Member

    Joined:
    Feb 11, 2015
    Posts:
    4
    Location:
    Prague, Czech Republic
    Hi Mayahana (and all others involved in this conversation),

    Thanks for all your valuable feedback. I have been monitoring this thread for a while and we (the Avast for Business product team @Avast) are taking several actions now:
    1. Our engineers are currently investigating the memory leak and working on pinpointing the issue. We will let you know ASAP if we have confirmed it and let you know when a hotfix for this will be pushed out.
    2. We are pushing additional settings into the cloud console, so they are configurable and do not "reset" themselves on the endpoint software - specifically sensitivity settings for all shields (which includes PUP setting) and other settings such as exceptions, whitelist, blacklists. This will be available before this end of the month. We will let you know when it's released. Additionally, we will keep adding new settings in console every release.
    3. We are thinking to introduce an admin/troubleshooting mode of the endpoint, which will allow you override the settings defined in the cloud console for as long as you want on the client and make a per-machine exception. It would be also great to get your feedback on the concept of this solution once we have worked out the details around it. We are currently planning to make this available sometime in early Q2, 2015.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.