What is the use of aawservice.exe ?
Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
Why when I close Ad-Aware 2007 this service keeps running ?
Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?

I would also like to know the answer to these questions. Thanks.

+1

+2

1. What is the use of aawservice.exe ?
   aawservice.exe is the executable file that is the heart of the AAW2007 engine. Current malware operates at the kernel level, or even as rootkits, so to fight those you have to be at the same level they are. You can't get to the kernel level from the API, it requires the use of services and drivers.
2. Why does it is installed and ran automatically when I install Ad-Aware 2007 Free Edition ?
   The free (Personal) edition uses the same engine as the Plus and Pro, just has some features turned off.
3. Why when I close Ad-Aware 2007 this service keeps running ?
   See answer 2 above. Additionally, it is easier for malware to stop a service from starting than stop one that is already running.
4. Why when I stop and disable this service, then launch Ad-Aware 2007 I get an error message ?
   As explained above, aawservice.exe is the executable for AAW2007. When you disable the service you disable the application.

Okay, if you don't want the service running in the background then you will either have to control the service manually or select a different product. If you decide on the latter then you will want to avoid such things as NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware just to name a few.

How does Ad-Aware 2007 detect that some malwares are trying to stop aawservice.exe ?
Is that the resident protection feature called Ad-Watch which is only available on non-free editions of Ad-Aware 2007 ?
If aawservice.exe is stopped by a malware, how will I be alerted ?
What will be displayed on the screen ?

I am not sure that it does. What I am sure of is that with the service loaded into memory and running under the NT AUTHORITY/SYSTEM account it will be impossible for malware to prevent it from starting. It is not uncommon for current malware to load HOSTS file entries which block access to common security sites, including product vendor download sites, and remove executables for common AS applications preventing them from being run.

I haven't seen it so can't say for sure, but would expect either the Windows '...... has terminated unexpectedly' message or even nothing. That assumes, of course, that the malware was even able to terminate a System owned process.

thank you very much for the clear explanation of what aawservice actually does. its purpose had me totally baffled, particularly since there is no on-access scanner in adaware 2007 free. maybe in future versions they can get it to the point where it uses less system resources.

i was going to uninstall adaware 2007 because of the service, but after it found and removed a dialer that none of my other antivirus /antispyware programs found, i'm probably going to keep it. i HOPE it wasn't just a false alarm! it was called "Holyistic Dialer" and had a TAI rating of 5.

thanks again for the info.

Not to be argumentative, but I use some of the above on my various boxes, and they don't use a lot of memory, in marked contrast to your comments.

NOD32 for example, protects every one of the boxes in my network ... and its footprint is small by comparison, yet understandable due to the real-time protection that it offers.

Likewise the firewall example you mention, although I use a different one ... real-time protection.

I know you have beta tested Counterspy, and I don't use it, so I'll defer to you on that one.

My point being ... the 'free' version is an on-demand scanner.

NOD32, Counterspy, Sunbelt Personal Firewall, or a² Antimalware = additional service for real time protection.
Ad-Aware 2007 Free Edition = additional service and no real time protection.
Don't you think there is something strange ?
How many potential customers will you lose before you understand ?
It is time to wake up !

No argument there at all, matey. My purpose in this topic has been to explain the use of the service, not to defend the amount of resource usage.

In some ways this has been deja vu of the release of an AAW competitor a while back. People didn't like the running service and the resource usage was outrageous. That product still has the running service but the resource usage has been pared to a fraction of its original value. I fully expect LS to make the same refinement, over time.

Quite honestly, I am more concerned about CPU usage than the size of the working memory set. My experience with the other product showed that if the active protection features were disabled the working set shrank as other active processes demanded RAM. At that time I observed and documented a working set shrinkage of ~70% over a three day period. LS obviously needs to take a hard look at this and we can help by observing and reporting performance in an objective manner.

Reading your post, I was reminded of something else, totally unrelated to anything other than your location ... I fixed a Coyote brisket this past weekend for a pot luck.

Product: Working set/Virtual Size

NOD32 with all monitors disabled: 20,356/81,792
Counterspy with AP disabled: 14400/78,224
a² with all guards disabled: 32,860/110,408

Hi, Buddy. What tool did you use to obtain that information?



I hope that means you used Tom Coyote Wilson's special brisket recipe. (Edit to note -- The page link to the Brisket recipe is missing. I've posted a request in this thread: "Quick Coyote Chatroom RibSauce")

Hey, Partner! I used Process Explorer from Sysinternals. I normally have it open on the second monitor just for times like this.

If anyone wants to stop the service from hogging up the memory, I made a little demo on how to disable it - use it at your own risk!

Are there any plans to slim it down a bit? I find 20 megs a bit excessive, especially for people who run older machines with lots of stuff already in RAM...

one question about the aawservice.exe

is it compatible with firefox? like for ex. if your surfing around and somehow malware slips past firefox, is there a chance that the service will detect it? or does it only work with internet explorer?

First of all - real time protection is only provided with Ad-Watch, which comes with the Plus and Pro versions. The Free version will not actually block the malware from running, but it will detect and remove it when you do a scan.

Secondly, malware are not (necessarily) browser-dependent. You can get malware onto you computer in various ways (e-mail, file transfers, etc.).

One of the new features of Ad-Aware 2007 is the ability to find and remove tracking cookies in Firefox and Opera, although they are not malware per se.

Regards, Tobias

OK, AM088, thanks for the demo. This illustrates the fact that the service aawservice.exe can be set to manual, that it will be activated when Ad-Aware 2007 is launched, and that it will stay nevertheless set to manual, preventing it from being started on next boot. Fine.

But whet happens if Ad-Aware, through a regular scan, has detected a malware which may only be removed after reboot? Since the service aawservice.exe is set to manual, it will not be launched on reboot, and the malware will not, in this case, be removed... this means that if removing the malware after reboot is notified after the scan, than one has to return to the services and reset aawservice.exe to 'automatic' before rebooting, right? Complicated...

Why is it not possible for Ad-Aware 2007 to have its aawservice.exe service set to 'manual' by default and reset to 'automatic' in case a malware requiring reboot for removal be detected?

hi all,


Step 1> services.msc > "Ad-Aware 2007 Service" mode manual (check the demo)
Step 2> create a "start.bat" with the following lines:

@ECHO OFF
Ad-Aware2007.exe
sc stop aawservice
@echo Done

Step 3> place start.bat in ad-aware folder
Step 4> launch start.bat for launch ad-aware 2007

aawservice.exe will disappear when ad-aware quit.

That's the reason not to use 2007 - the users are having to come up with their own personal ways to deal with a service they don't want that they arn't able to turn off without creating macros to deal with it.

Detractors should remember that without the running service there can be no AAW functionality from within Limited User accounts. It would become an "Administrator only" application. While some users of the Personal version may not care I am sure that there are others who do.

If you are not administrator, but you can sart/stop services (for ex. power user), you should set aawservice to manual and do bat file like this:



place it to folder, where is ad-aware installed and and doubleclick it, when you want to start ad-aware. And then, if you close ad-aware, the service will be stopped. Its easy..

Ok, so you are telling us that if you are not connected under an account with administrator privileges, you cannot install Ad-Aware 2007 because it is impossible.

Limited Users do not have write permission to \Program Files\ so can't install software of any variety. More to the point, though, is that if AAW is run under LU ownership it will be ineffective at cleaning anything other than what is in the \Documents and Settings\{uname}\ folder since that is the only area to which an LU has write permissions. With the service starting at boot and running under System ownership a LU can open the GUI and use it to relay instructions to the service.

Hi
Before it can be effective in removing anything, it has to be effective in finding something like cookies that do exist in the computer. If it can't find cookies effectively, I don't know if it can find anything else other than MRU items. I also have Spyware Doctor which is turned on every time I want to use it. I click to turn it on, then the program turns on the necessary parts to run the program and it cleans what it finds also. I don't want it running full time, so I clicked to turn it off. It then closes all necessary services and parts and requires a reboot to completely disable it. I certainly don't mind rebooting after I have finished with the program. This is what needs to happen with Ad-Aware 2007. I am not very computer literate, so I don't know if I am explaining it correctly, but if Ad-Aware is going to have a service that is needed to run to find and clean anti spyware etc., then it needs to be set up like this other program is. If a reboot is needed to clean something, then you can reboot and still have the program going. When it is finished cleaning, then you can turn off the program and the shut down process closes down all its parts and a reboot completes the shut down process.

False : users can install Ad-Aware 2007 in a different location than C:\Program Files\.

False: Administrators may be able to do that. AAW2007 uses the Windows Installer to install. If you check the file permissions for the installer you will see that only Administers and System have any permissions whatsoever. If an LU can't run the installer he/she can't install it anywhere.

I too think it's strange ... the Free Version doesn't make use of that part, yet that freakin aawservice just can't be stopped. It's the ONLY software I have where the exe restarts itself after being closed in the TaskManager Why keep it loaded when it's not used? Is it to irritate the free users so much so they will upgrade to Pro? I for one did stop using AdAware 2007 for this stuff ....

If aawservice is not running, then nobody logged onto the system as a regular user will be able to open and use AAW2007. I have tested this so know it to be true.

I am still not sure why so many folks object to this. Unless AAW is open the service uses no CPU and pages most of its RAM out to the swap file so other programs can use the on-chip memory.

XP and Vista are far different architecturally than Win9x and require more advanced techniques to clean and protect. The service running under System permissions is the most obvious sign of this advancement.