Ad-aware 2007 Version 7.0.1.3 - Aawservice.exe Options

[Martyoplastic]

What is the use of aawservice.exe ?
Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
Why when I close Ad-Aware 2007 this service keeps running ?
Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?


This post has been edited by Martyoplastic: Jun 9 2007, 04:06 PM

[doonyakka]

What is the use of aawservice.exe ?
Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
Why when I close Ad-Aware 2007 this service keeps running ?
Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?

I would also like to know the answer to these questions. Thanks.

[op57]

I would also like to know the answer to these questions. Thanks.

+1

[Bill_Bright]

+1

+2

This post has been edited by Bill_Bright: Jun 11 2007, 04:50 PM

[Oldfrog]

1. What is the use of aawservice.exe ?
   aawservice.exe is the executable file that is the heart of the AAW2007 engine. Current malware operates at the kernel level, or even as rootkits, so to fight those you have to be at the same level they are. You can't get to the kernel level from the API, it requires the use of services and drivers.
2. Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
   The free (Personal) edition uses the same engine as the Plus and Pro, just has some features turned off.
3. Why when I close Ad-Aware 2007 this service keeps running ?
   See answer 2 above. Additionally, it is easier for malware to stop a service from starting than stop one that is already running.
4. Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?
   As explained above, aawservice.exe is the executable for AAW2007. When you disable the service you disable the application.

Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

[Martyoplastic]

How does Ad-Aware 2007 detect that some malwares are trying to stop aawservice.exe ?
Is that the resident protection feature called Ad-Watch which is only available on non-free editions of Ad-Aware 2007 ?
If aawservice.exe is stopped by a malware, how will I be alerted ?
What will be displayed on the screen ?

This post has been edited by Martyoplastic: Jun 11 2007, 06:50 PM

[Oldfrog]

How does Ad-Aware 2007 detect that some malwares are trying to stop aawservice.exe ?

I am not sure that it does. What I am sure of is that with the service loaded into memory and running under the NT AUTHORITY/SYSTEM account it will be impossible for malware to prevent it from starting. It is not uncommon for current malware to load HOSTS file entries which block access to common security sites, including product vendor download sites, and remove executables for common AS applications preventing them from being run.

If aawservice.exe is stopped by a malware, how will I be alerted ?
What will be displayed on the screen ?

I haven't seen it so can't say for sure, but would expect either the Windows '...... has terminated unexpectedly' message or even nothing. That assumes, of course, that the malware was even able to terminate a System owned process.

[philbee]

1. What is the use of aawservice.exe ?
   aawservice.exe is the executable file that is the heart of the AAW2007 engine. Current malware operates at the kernel level, or even as rootkits, so to fight those you have to be at the same level they are. You can't get to the kernel level from the API, it requires the use of services and drivers.
2. Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
   The free (Personal) edition uses the same engine as the Plus and Pro, just has some features turned off.
3. Why when I close Ad-Aware 2007 this service keeps running ?
   See answer 2 above. Additionally, it is easier for malware to stop a service from starting than stop one that is already running.
4. Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?
   As explained above, aawservice.exe is the executable for AAW2007. When you disable the service you disable the application.

Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

thank you very much for the clear explanation of what aawservice actually does. its purpose had me totally baffled, particularly since there is no on-access scanner in adaware 2007 free. maybe in future versions they can get it to the point where it uses less system resources.

i was going to uninstall adaware 2007 because of the service, but after it found and removed a dialer that none of my other antivirus /antispyware programs found, i'm probably going to keep it. i HOPE it wasn't just a false alarm! it was called "Holyistic Dialer" and had a TAI rating of 5.

thanks again for the info.

[winchester73]

Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

Not to be argumentative, but I use some of the above on my various boxes, and they don't use a lot of memory, in marked contrast to your comments.

NOD32 for example, protects every one of the boxes in my network ... and its footprint is small by comparison, yet understandable due to the real-time protection that it offers.

Likewise the firewall example you mention, although I use a different one ... real-time protection.

I know you have beta tested Counterspy, and I don't use it, so I'll defer to you on that one.

My point being ... the 'free' version is an on-demand scanner.

This post has been edited by winchester73: Jun 12 2007, 12:38 AM

[Martyoplastic]

NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware = additional service for real time protection.
Ad-Aware 2007 Free Edition = additional service and no real time protection.
Don't you think there is something strange ?
How many potential customers will you lose before you understand ?
It is time to wake up !

This post has been edited by Martyoplastic: Jun 12 2007, 12:26 AM

[Oldfrog]

Not to be argumentative, but I use some of the above on my various boxes, and they don't use a lot of memory, in marked contrast to your comments.

No argument there at all, matey. My purpose in this topic has been to explain the use of the service, not to defend the amount of resource usage.

In some ways this has been deja vu of the release of an AAW competitor a while back. People didn't like the running service and the resource usage was outrageous. That product still has the running service but the resource usage has been pared to a fraction of its original value. I fully expect LS to make the same refinement, over time.

Quite honestly, I am more concerned about CPU usage than the size of the working memory set. My experience with the other product showed that if the active protection features were disabled the working set shrank as other active processes demanded RAM. At that time I observed and documented a working set shrinkage of ~70% over a three day period. LS obviously needs to take a hard look at this and we can help by observing and reporting performance in an objective manner.

[winchester73]

Reading your post, I was reminded of something else, totally unrelated to anything other than your location ... I fixed a Coyote brisket this past weekend for a pot luck.

[Oldfrog]

NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware = additional service for real time protection.
Ad-Aware 2007 Free Edition = additional service and no real time protection.
Don't you think there is something strange ?
How many potential customers will you lose before you understand ?
It is time to wake up !

Product: Working set/Virtual Size

NOD32 with all monitors disabled: 20,356/81,792
Counterspy with AP disabled: 14400/78,224
a² with all guards disabled: 32,860/110,408

[Corrine]

Product: Working set/Virtual Size

[snip]

Hi, Buddy. What tool did you use to obtain that information?

Reading your post, I was reminded of something else, totally unrelated to anything other than your location ... I fixed a Coyote brisket this past weekend for a pot luck.

I hope that means you used Tom Coyote Wilson's special brisket recipe. (Edit to note -- The page link to the Brisket recipe is missing. I've posted a request in this thread: "Quick Coyote Chatroom RibSauce")

This post has been edited by Corrine: Jun 12 2007, 01:34 AM

[Oldfrog]

What tool did you use to obtain that information?

Hey, Partner! I used Process Explorer from Sysinternals. I normally have it open on the second monitor just for times like this.

[AM088]

If anyone wants to stop the service from hogging up the memory, I made a little demo on how to disable it - use it at your own risk!

Are there any plans to slim it down a bit? I find 20 megs a bit excessive, especially for people who run older machines with lots of stuff already in RAM...

[Morgoth]

one question about the aawservice.exe

is it compatible with firefox? like for ex. if your surfing around and somehow malware slips past firefox, is there a chance that the service will detect it? or does it only work with internet explorer?

[LS Tobias]

one question about the aawservice.exe

is it compatible with firefox? like for ex. if your surfing around and somehow malware slips past firefox, is there a chance that the service will detect it? or does it only work with internet explorer?

First of all - real time protection is only provided with Ad-Watch, which comes with the Plus and Pro versions. The Free version will not actually block the malware from running, but it will detect and remove it when you do a scan.

Secondly, malware are not (necessarily) browser-dependent. You can get malware onto you computer in various ways (e-mail, file transfers, etc.).

One of the new features of Ad-Aware 2007 is the ability to find and remove tracking cookies in Firefox and Opera, although they are not malware per se.

Regards, Tobias

[Doodle]

If anyone wants to stop the service from hogging up the memory, I made a little demo on how to disable it - use it at your own risk!

Are there any plans to slim it down a bit? I find 20 megs a bit excessive, especially for people who run older machines with lots of stuff already in RAM...

OK, AM088, thanks for the demo. This illustrates the fact that the service aawservice.exe can be set to manual, that it will be activated when Ad-Aware 2007 is launched, and that it will stay nevertheless set to manual, preventing it from being started on next boot. Fine.

But whet happens if Ad-Aware, through a regular scan, has detected a malware which may only be removed after reboot? Since the service aawservice.exe is set to manual, it will not be launched on reboot, and the malware will not, in this case, be removed... this means that if removing the malware after reboot is notified after the scan, than one has to return to the services and reset aawservice.exe to 'automatic' before rebooting, right? Complicated...

Why is it not possible for Ad-Aware 2007 to have its aawservice.exe service set to 'manual' by default and reset to 'automatic' in case a malware requiring reboot for removal be detected?



This post has been edited by Doodle: Jun 14 2007, 09:20 AM

[pmc2]

Why when I close Ad-Aware 2007 this service keeps running ?

hi all,


Step 1> services.msc > "Ad-Aware 2007 Service" mode manual (check the demo)
Step 2> create a "start.bat" with the following lines:

@ECHO OFF
Ad-Aware2007.exe
sc stop aawservice
@echo Done

Step 3> place start.bat in ad-aware folder
Step 4> launch start.bat for launch ad-aware 2007

aawservice.exe will disappear when ad-aware quit.