Sign in to follow this  
Martyoplastic

Ad-aware 2007 Version 7.0.1.3 - Aawservice.exe

Recommended Posts

What is the use of aawservice.exe ?

Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?

Why when I close Ad-Aware 2007 this service keeps running ?

Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?

Edited by Martyoplastic

Share this post


Link to post
Share on other sites
What is the use of aawservice.exe ?

Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?

Why when I close Ad-Aware 2007 this service keeps running ?

Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?

 

I would also like to know the answer to these questions. Thanks.

Share this post


Link to post
Share on other sites

  1. What is the use of aawservice.exe ?
    aawservice.exe is the executable file that is the heart of the AAW2007 engine. Current malware operates at the kernel level, or even as rootkits, so to fight those you have to be at the same level they are. You can't get to the kernel level from the API, it requires the use of services and drivers.
  2. Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
    The free (Personal) edition uses the same engine as the Plus and Pro, just has some features turned off.
  3. Why when I close Ad-Aware 2007 this service keeps running ?
    See answer 2 above. Additionally, it is easier for malware to stop a service from starting than stop one that is already running.
  4. Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?
    As explained above, aawservice.exe is the executable for AAW2007. When you disable the service you disable the application.

Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

Share this post


Link to post
Share on other sites

How does Ad-Aware 2007 detect that some malwares are trying to stop aawservice.exe ?

Is that the resident protection feature called Ad-Watch which is only available on non-free editions of Ad-Aware 2007 ?

If aawservice.exe is stopped by a malware, how will I be alerted ?

What will be displayed on the screen ?

Edited by Martyoplastic

Share this post


Link to post
Share on other sites
How does Ad-Aware 2007 detect that some malwares are trying to stop aawservice.exe ?

I am not sure that it does. What I am sure of is that with the service loaded into memory and running under the NT AUTHORITY/SYSTEM account it will be impossible for malware to prevent it from starting. It is not uncommon for current malware to load HOSTS file entries which block access to common security sites, including product vendor download sites, and remove executables for common AS applications preventing them from being run.

If aawservice.exe is stopped by a malware, how will I be alerted ?

What will be displayed on the screen ?

I haven't seen it so can't say for sure, but would expect either the Windows '...... has terminated unexpectedly' message or even nothing. That assumes, of course, that the malware was even able to terminate a System owned process.

Share this post


Link to post
Share on other sites
  1. What is the use of aawservice.exe ?
    aawservice.exe is the executable file that is the heart of the AAW2007 engine. Current malware operates at the kernel level, or even as rootkits, so to fight those you have to be at the same level they are. You can't get to the kernel level from the API, it requires the use of services and drivers.
  2. Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
    The free (Personal) edition uses the same engine as the Plus and Pro, just has some features turned off.
  3. Why when I close Ad-Aware 2007 this service keeps running ?
    See answer 2 above. Additionally, it is easier for malware to stop a service from starting than stop one that is already running.
  4. Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?
    As explained above, aawservice.exe is the executable for AAW2007. When you disable the service you disable the application.

Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

thank you very much for the clear explanation of what aawservice actually does. its purpose had me totally baffled, particularly since there is no on-access scanner in adaware 2007 free. maybe in future versions they can get it to the point where it uses less system resources.

 

i was going to uninstall adaware 2007 because of the service, but after it found and removed a dialer that none of my other antivirus /antispyware programs found, i'm probably going to keep it. i HOPE it wasn't just a false alarm! it was called "Holyistic Dialer" and had a TAI rating of 5.

 

thanks again for the info.

Share this post


Link to post
Share on other sites
Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

 

Not to be argumentative, but I use some of the above on my various boxes, and they don't use a lot of memory, in marked contrast to your comments.

 

NOD32 for example, protects every one of the boxes in my network ... and its footprint is small by comparison, yet understandable due to the real-time protection that it offers.

 

Likewise the firewall example you mention, although I use a different one ... real-time protection.

 

I know you have beta tested Counterspy, and I don't use it, so I'll defer to you on that one.

 

My point being ... the 'free' version is an on-demand scanner.

Edited by winchester73

Share this post


Link to post
Share on other sites

NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware = additional service for real time protection.

Ad-Aware 2007 Free Edition = additional service and no real time protection.

Don't you think there is something strange ?

How many potential customers will you lose before you understand ?

It is time to wake up !

Edited by Martyoplastic

Share this post


Link to post
Share on other sites
Not to be argumentative, but I use some of the above on my various boxes, and they don't use a lot of memory, in marked contrast to your comments.

No argument there at all, matey. My purpose in this topic has been to explain the use of the service, not to defend the amount of resource usage.

 

In some ways this has been deja vu of the release of an AAW competitor a while back. People didn't like the running service and the resource usage was outrageous. That product still has the running service but the resource usage has been pared to a fraction of its original value. I fully expect LS to make the same refinement, over time.

 

Quite honestly, I am more concerned about CPU usage than the size of the working memory set. My experience with the other product showed that if the active protection features were disabled the working set shrank as other active processes demanded RAM. At that time I observed and documented a working set shrinkage of ~70% over a three day period. LS obviously needs to take a hard look at this and we can help by observing and reporting performance in an objective manner.

Share this post


Link to post
Share on other sites

:P

 

Reading your post, I was reminded of something else, totally unrelated to anything other than your location ... I fixed a Coyote brisket this past weekend for a pot luck. :lol:

Share this post


Link to post
Share on other sites
NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware = additional service for real time protection.

Ad-Aware 2007 Free Edition = additional service and no real time protection.

Don't you think there is something strange ?

How many potential customers will you lose before you understand ?

It is time to wake up !

Product: Working set/Virtual Size

 

NOD32 with all monitors disabled: 20,356/81,792

Counterspy with AP disabled: 14400/78,224

a² with all guards disabled: 32,860/110,408

Share this post


Link to post
Share on other sites
Product: Working set/Virtual Size

 

[snip]

 

Hi, Buddy. :lol: What tool did you use to obtain that information?

 

:P

 

Reading your post, I was reminded of something else, totally unrelated to anything other than your location ... I fixed a Coyote brisket this past weekend for a pot luck. B)

 

I hope that means you used Tom Coyote Wilson's special brisket recipe. (Edit to note -- The page link to the Brisket recipe is missing. I've posted a request in this thread: "Quick Coyote Chatroom RibSauce")

Edited by Corrine

Share this post


Link to post
Share on other sites
What tool did you use to obtain that information?

Hey, Partner! I used Process Explorer from Sysinternals. I normally have it open on the second monitor just for times like this.

Share this post


Link to post
Share on other sites

If anyone wants to stop the service from hogging up the memory, I made a little demo on how to disable it - use it at your own risk!

 

Are there any plans to slim it down a bit? I find 20 megs a bit excessive, especially for people who run older machines with lots of stuff already in RAM...

Share this post


Link to post
Share on other sites

one question about the aawservice.exe

 

is it compatible with firefox? like for ex. if your surfing around and somehow malware slips past firefox, is there a chance that the service will detect it? or does it only work with internet explorer?

Share this post


Link to post
Share on other sites
one question about the aawservice.exe

 

is it compatible with firefox? like for ex. if your surfing around and somehow malware slips past firefox, is there a chance that the service will detect it? or does it only work with internet explorer?

 

First of all - real time protection is only provided with Ad-Watch, which comes with the Plus and Pro versions. The Free version will not actually block the malware from running, but it will detect and remove it when you do a scan.

 

Secondly, malware are not (necessarily) browser-dependent. You can get malware onto you computer in various ways (e-mail, file transfers, etc.).

 

One of the new features of Ad-Aware 2007 is the ability to find and remove tracking cookies in Firefox and Opera, although they are not malware per se.

 

Regards, Tobias

Share this post


Link to post
Share on other sites
If anyone wants to stop the service from hogging up the memory, I made a little demo on how to disable it - use it at your own risk!

 

Are there any plans to slim it down a bit? I find 20 megs a bit excessive, especially for people who run older machines with lots of stuff already in RAM...

OK, AM088, thanks for the demo. This illustrates the fact that the service aawservice.exe can be set to manual, that it will be activated when Ad-Aware 2007 is launched, and that it will stay nevertheless set to manual, preventing it from being started on next boot. Fine.

 

But whet happens if Ad-Aware, through a regular scan, has detected a malware which may only be removed after reboot? Since the service aawservice.exe is set to manual, it will not be launched on reboot, and the malware will not, in this case, be removed... this means that if removing the malware after reboot is notified after the scan, than one has to return to the services and reset aawservice.exe to 'automatic' before rebooting, right? Complicated...

 

Why is it not possible for Ad-Aware 2007 to have its aawservice.exe service set to 'manual' by default and reset to 'automatic' in case a malware requiring reboot for removal be detected?

 

:wub:

Edited by Doodle

Share this post


Link to post
Share on other sites
Why when I close Ad-Aware 2007 this service keeps running ?

 

hi all,

 

 

Step 1> services.msc > "Ad-Aware 2007 Service" mode manual (check the demo)

Step 2> create a "start.bat" with the following lines:

 

@ECHO OFF

Ad-Aware2007.exe

sc stop aawservice

@echo Done

 

Step 3> place start.bat in ad-aware folder

Step 4> launch start.bat for launch ad-aware 2007

 

aawservice.exe will disappear when ad-aware quit.

Share this post


Link to post
Share on other sites
hi all,

Step 1> services.msc > "Ad-Aware 2007 Service" mode manual (check the demo)

Step 2> create a "start.bat" with the following lines:

 

@ECHO OFF

Ad-Aware2007.exe

sc stop aawservice

@echo Done

 

Step 3> place start.bat in ad-aware folder

Step 4> launch start.bat for launch ad-aware 2007

 

aawservice.exe will disappear when ad-aware quit.

That's the reason not to use 2007 - the users are having to come up with their own personal ways to deal with a service they don't want that they arn't able to turn off without creating macros to deal with it.

Edited by Cartigan

Share this post


Link to post
Share on other sites
You forget the fact that the users are having to come up with their own personal ways to deal with a service they don't want that they arn't able to turn off without creating macros to deal with it.

Detractors should remember that without the running service there can be no AAW functionality from within Limited User accounts. It would become an "Administrator only" application. While some users of the Personal version may not care I am sure that there are others who do.

Share this post


Link to post
Share on other sites

If you are not administrator, but you can sart/stop services (for ex. power user), you should set aawservice to manual and do bat file like this:

 

@ECHO OFF

sc start aawservice

Ad-Aware2007.exe

sc stop aawservice

@echo Done

 

place it to folder, where is ad-aware installed and and doubleclick it, when you want to start ad-aware. And then, if you close ad-aware, the service will be stopped. Its easy..

Share this post


Link to post
Share on other sites
Detractors should remember that without the running service there can be no AAW functionality from within Limited User accounts. It would become an "Administrator only" application. While some users of the Personal version may not care I am sure that there are others who do.

 

Ok, so you are telling us that if you are not connected under an account with administrator privileges, you cannot install Ad-Aware 2007 because it is impossible.

Edited by Martyoplastic

Share this post


Link to post
Share on other sites
Ok, so you are telling us that if you are not connected under an account with administrator privileges, you cannot install Ad-Aware 2007 because it is impossible.

Limited Users do not have write permission to \Program Files\ so can't install software of any variety. More to the point, though, is that if AAW is run under LU ownership it will be ineffective at cleaning anything other than what is in the \Documents and Settings\{uname}\ folder since that is the only area to which an LU has write permissions. With the service starting at boot and running under System ownership a LU can open the GUI and use it to relay instructions to the service.

Share this post


Link to post
Share on other sites
Sign in to follow this