How to install Antivir PE (and maybe other non-Server Apps)

Forums Operating Systems Windows Server 2008 Applications Compatibility How to install Antivir PE (and maybe other non-Server Apps)

Viewing 35 reply threads
  • Author
    Posts
    • #43126

      Hi, first of all: I’m not a native english speaker so I apologize in case my english might be incorrect sometimes.

      Thanks to the process monitor which was mentioned in another thread I’ve found a way to install Antivir Personal Edition which I want to share with you.

      It’s pretty simple and might work with other programms which check for a Server OS and deny the installation too.

      1.) Start –> Run –> Regedit
      2.) Go to HKEY_LOCAL_MACHINE –> SYSTEM –> CurrentControlset –> Control
      3.) Now change the permissions of the folder “ProductOptions” –> add your user account (for example ComputernameUsername) and deny yourself the read rights for the whole folder. Be careful not to deny the whole rights for all administrators or something like that (I tried that first cause of a black out and it leads to windows not being able to boot).
      4.) Now you should be able to install Antivir PE

      In case you want to revert the permission settings just log to your administrator account. Here you can again grant your user account full rights for “ProductOptions”.

      Up until now I didn’t notice any drawbacks but I won’t garantie that there might be some.

    • #46329
      Arris
      Moderator

      Nice explanation, I didn’t know this trick! πŸ™‚ Added a link to this at the Security Software Compatibility page for Avira AntiVir Personal.

    • #46330

      Though in another thread you gave “steve” the important hint to use the process monitor (quite a nice tool btw, I wouldn’t want to miss it from now on ^^) :).

      By the way: Before I remembered that it won’t work with vista anyway a few minutes ago I noticed that I could install Sunbelt Kerio PE like that too. So it might work for several other programs too.

    • #46331
      Arris
      Moderator

      yeah, Process Monitor is a *must have* for experimenting with programs and tracing errors!
      I still wonder what’s so special with the HKLMSYSTEMCurrentControlSetControl key and subkeys in the registry! I’d rather think that programs check out the HKLMSOFTWAREMicrosoftWindows NTCurrentVersion (and HKLMSOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersion in x64 edition) when checking for the OS version, but I am glad this works for several programs! :geek:

    • #46332

      To be honest the keys and subkeys you’ve mentioned were the first ones I tried too πŸ™‚ (I also thought that they might be the logical choice for a program checking the OS type) but that didn’t seem to have any impact on the Antivir installer while the “ProductOption” keys worked.
      But maybe, there might also be programs, on which changing the “CurrentVersion” keys and subkeys is the important step to install them.

      Up until now, I didn’t notice much programs that denied the installation after tweaking the .msi anyway πŸ˜‰ So my experience just relies on Antivir PE and Sunbelt Kerio PE (which won’t work under Vista anyway ^^).

    • #46333

      I tried this with the Antivir PE and it didn’t work. I changed the keys you listed, restarted, tried to install, still gave me the “does not run on server OS” message. I double checked I changed everything and tried again, no go.

      Also tried it with several other security apps (onecare, AVG) and it didn’t work there either. Are you sure you listed all of the changes that you need to make?

      Thanks πŸ™‚

    • #46334

      Hmm… let me think about it. Are you sure you denied the read rights to the same account you were logged on when you tried to install Antivir PE?

      On a second thought it might also depend on the group membership of your account. In my case, my account on which I tried this is an account with administrator rights (other than the standard “Administrator” account). Maybe if you try this with a non-administrator account the read deny will not work because the program can bypass this.

      I’ll try to set up a clean VMWare virtual machine and make some tests today or tomorrow (I’ll also try other programs like Avast Home and AVG Free).

    • #46335

      Ok, I’ve tried it now with a fresh and clean Windows Server 2008 x64 VMware virtual machine and it seems to be like I assumed: The account on which you want to install Antivir PE and which read rights you deny has to be an administrator-type account (at least until the installation is complete). Otherwise (with normal user rights) it definitly didn’t work.

      Plus, I’ve tried to install AVG Free and Avast Home and here are the results:

      – The installation of Avast Home works with this registry tweak too
      – The installation of AVG Free doesn’t seem to rely on the “ProductOptions”-Key so in other words: It won’t work like this

      So it’s now at least 2 of 3 free antivirus softwares which work with Windows Server 2008 πŸ™‚

    • #46336

      Yes, silly of me, It was a user account i was trying to install it with. I shall try the admin account now πŸ™‚ thanks πŸ™‚

    • #46337

      Nice work Scimitar! :mrgreen: This trick allowed me to install Avast Home in Server 2008 Enterprise (64 bit). Afterwords I logged into the master Admin account and reset the permissions. So far so good!

    • #46338
      zel

      The registry change works to install the avast home on win2k8 server. I have also reverted the changes, but the avast is giving me the same error, that it cant be installed on server OS when updating the AV database.

      Without read access to the programoptions folder, the AV updates fine.

    • #46339

      Haha..

      Like a moron I went and did precisely what the OP warned not to — checked the box to turn off read access to all admins. Unbootable is right πŸ™‚ no last known good config or safe mode either. Luckily I had another bootable partition on the drive…got a little education in restoring registry hive files. Careful with those registry permissions, kids. But actually following the instructions, it does work, so thanks!

    • #46340

      Avira AntiVir Personal
      Here is a mod. version of Antivir PE for Windows Server 2008 x86, download, run the basic/setup.exe to install and … update after install, it works fine !!!
      http://www.megaupload.com/de/?d=RNYW0SJT

    • #46341

      @duicui wrote:

      Avira AntiVir Personal
      Here is a mod. version of Antivir PE for Windows Server 2008 x86, download, run the basic/setup.exe to install and … update after install, it works fine !!!
      http://www.megaupload.com/de/?d=RNYW0SJT

      I installed this MOD of AntiVir and successfully updated the program and virus database.
      But the AntiVir Guard isnt working, no autostart after boot and no reaction if I try to start manually.

      Is there a way to get it working ?

    • #46342

      i’ve tried this trick on x64…when i restart i’m unable to boot..it keep restarting….but it’s fine when i tried on x86…anyone know why???

    • #46343

      worked like a charm for me w/ x86 server 08 and Avast Antivirus!

      thanks so much.

    • #46344

      Spent serveral hours trying to get Antivir 8 to run yesterday…

      1) The “deny read access” method doesn’t work for me. Tried it with my account (default Admin), with another account (admin rights) and serveral combination of options.

      2) Patching the setup.exe, similar to AVG’s setup (instructions here) only brought up a CRC error upon running Antivir’s setup.

      3) The modified version wouldn’t let me enable Antivir Guard.

      AVG patched and installed fine though, but I’m using Rising Antivir at the moment (saves resources).

      Anything else one could try?
      I like Antivir because you can disable it fairly easily for gaming.

    • #46345

      @duicui wrote:

      Avira AntiVir Personal
      Here is a mod. version of Antivir PE for Windows Server 2008 x86, download, run the basic/setup.exe to install and … update after install, it works fine !!!
      http://www.megaupload.com/de/?d=RNYW0SJT

      Hi dude…
      This Instalation using Deutsch Language, you have English version? (iΒ΄m dont speech Deutsch πŸ™ )
      Someone have it???

      Really thanks dude….

      cya

    • #46346

      AVG Free depends on this key but will not install if it cant read it. It also has to be WinNT.

    • #46347

      Thank you Scimitar! I suceeded installing AVAST and rebooting the machine. Now it runs smoothly.
      The only thing I noticed is that the update function will throw the same “OS not supported” error everytime I try to update. Should we tweak the registry and deny read access everytime we need to update? I am afraid that if I permanently leave the registry setting with read denied I won’t be able to boot my machine (I am using the Administrator account). Any suggestions?

      Thanks!

      Mc

    • #46348

      Hello,

      I too have successfully installed avast! Home Edition on Windows Server 2008 using this registry tweak. Many thanks!

      @mcclausky wrote:

      Thank you Scimitar! I suceeded installing AVAST and rebooting the machine. Now it runs smoothly.
      The only thing I noticed is that the update function will throw the same “OS not supported” error everytime I try to update. Should we tweak the registry and deny read access everytime we need to update? I am afraid that if I permanently leave the registry setting with read denied I won’t be able to boot my machine (I am using the Administrator account). Any suggestions?

      Thanks!

      Mc

      Just keep the read permissions for the ‘ProductOptions’ denied for your user account, after installing avast!. It shouldn’t cause any problems. I’ve kept the registry tweak in place after installing avast! and have not run into any problems. Plus, I’m able to perform program and definition updates.

    • #46349

      Hey – nice find!

      But umm…. did any og you guys notice the String entry “ProductType” = “ServerNT” ? Looking at Win7, it has “WinNT” instead of ServerNT. I tried changing it to WinNT, but something changes it back to ServerNT. Can’t nail why it happens with Process Monitor, System just does it straight away.

      I’m gonna try changing the key via Offline Hive mounting – if it still changes back, I think there’s some hard-coded stuff in Windows there to stop us doing this =P

    • #46350

      Hi!

      I did the same stupid thing as seancho and denied the access to all users.

      After that I managed to install Avira Free without problems.

      But when I tried to change back the registry changes I received a warning: Error Opening Key. ProductOptions cannot be opened. An error is preventing this key from being opened. Details: Access is denied.

      Then I made another stupid thing, I restarted the comp, erasing the “last known good configuration”, because it loaded win 2008 just fine.

      So, now I have a “normal” running system, but I cannot change the registry tweak back to the original state.

      Should I be worried? Is there any way to recover the registry now?

      EDIT: I made all the registry modifications as Admin.

    • #46351

      @Marksman wrote:

      Hi!

      I did the same stupid thing as seancho and denied the access to all users.

      After that I managed to install Avira Free without problems.

      But when I tried to change back the registry changes I received a warning: Error Opening Key. ProductOptions cannot be opened. An error is preventing this key from being opened. Details: Access is denied.

      Then I made another stupid thing, I restarted the comp, erasing the “last known good configuration”, because it loaded win 2008 just fine.

      So, now I have a “normal” running system, but I cannot change the registry tweak back to the original state.

      Should I be worried? Is there any way to recover the registry now?

      EDIT: I made all the registry modifications as Admin.

      Administrator is always able to take ownership or change permissions of any file/folder. You’re probably experiencing inherited permissions, change the folder owner (key owner) first and try again

    • #46352

      @JonusC

      With your help I managed to gain rights to change the permissions.

      Thanks a Million.

      I hope I made right security permissions for ProductOptions: Administrators (and System) have Full Control (Full Control + Read) and Users have just Read control. Creator Owner has none.

      Thanks in advance.

    • #46353

      Make Creator Owner have the Full Control + Special aswell since the Creator Owner is usually SYSTEM and the restrictive-inheritence of “none” would override the FULL CONTROL of SYSTEM before it πŸ™‚

      It might no matter, but better safe than sorry. Apart from that – perfect.

    • #46354

      @JonusC wrote:

      But umm…. did any og you guys notice the String entry “ProductType” = “ServerNT” ? Looking at Win7, it has “WinNT” instead of ServerNT. I tried changing it to WinNT, but something changes it back to ServerNT. Can’t nail why it happens with Process Monitor, System just does it straight away.

      Take a look at the AVG on Server 2008 Comment for some information on the ProductType = ServerNT stuff.

      http://www.win2008workstation.com/win2008/security-software#comment-2002

    • #46355

      @xxcom9a wrote:

      Take a look at the AVG on Server 2008 Comment for some information on the ProductType = ServerNT stuff.

      http://www.win2008workstation.com/win2008/security-software#comment-2002

      Ah that’s very clever, it never occured to me to simply replace the offset to make a setup check an alternate key for “ProductType”.

      Alas I’m sure it works for some but it wouldn’t for all – AVG probably uses it’s own hard-coded registry check for this value, whereas other (perhaps MSI/Windows Installers) would use sort of internal function to check this key that’s part of the Windows API.

      Regardless, this is interesting to know – I’m going to investigate this method (among others) further over the next few weeks, maybe I can write some sort of in-memory runtime patcher…

    • #46356

      Apparently they changed it in AVG 9.0 or something like that though.

    • #46357

      Hi,

      I’ve written a step-by-step illustrated guide (with screenshots) on how to do this hack. There’s also some information about the legality of this particular hack, from the EULA’s point of view. Check it out here:

      Alvin’s Blog – How to install avast! Home Edition on Windows Server 2008

      (Attribution has been given to the OP, Scimitar.)

    • #46358

      I used the trick in Windows Server 2003 (I think it is the same in 2008 and R2), and I was able to install Avira free AV, but the guard does not work, so it is useless. I love Avira because it is truly free and it has the best detection rate out there.

    • #46359

      I noticed that with the newest update to Avast (Version 8) that the update mechanism now also does a check on that registry key. Furthermore, because this check is run within the Avast service, not the interactive “AvastUI.exe”, it ignores the deny permissions that we have set. This was not a problem on version 7. Luckily, on Server 2008 R2 and up (according to this stack exchange post), there is a way to set permissions that only affect a single service! I have verified that these steps have no sides effects on my server and quite possibly less affect than the original solution due to only restricting permission on the avast process. The steps are as follows:

      1. Install or upgrade the antivirus software in accordance to the instructions in the OP
      2. Remove the “Deny read” permission on your own user account
      3. Add this new entity to the permissions list: “NT SERVICEavast! Antivirus”, for the case of Avast 8. Additionally, if a member of a domain or a domain controller, change the search scope (the “Locations…” button) to your local server instead of the Active Directory.
      4. Click “Check Names”
      5. Click Ok and set the “Deny Read” permission.
      6. Update Avast!

      P.S. I don’t use any of the other free antiviruses on my server but if Avira or other antiviruses use a service to gain full “NT AUTHORITYSYSTEM” this may help bypass any checks they may do without affecting other processes or destroying the integrity of the binaries. Btw, I’m running Windows Server 2012 Essentials.

      -Prydom
      prydom.net

    • #46360
      hackerman1
      Moderator

      @prydom wrote:

      1. Install or upgrade the antivirus software in accordance to the instructions in the OP
      2. Remove the “Deny read” permission on your own user account
      3. Add this new entity to the permissions list: “NT SERVICEavast! Antivirus”, for the case of Avast 8. Additionally, if a member of a domain or a domain controller, change the search scope (the “Locations…” button) to your local server instead of the Active Directory.
      4. Click “Check Names”
      5. Click Ok and set the “Deny Read” permission.
      6. Update Avast!

      Hi !

      Thanks for the info.
      But, itΒ΄s a bit confusing….

      Could you please explain #2 ?
      There is no “deny rights” on your own user account in the original post.
      It says “deny read rights” for ADMIN.

      Could you please explain #3 ?
      Where should “NT SERVICEavast! Antivirus” be added ?

    • #46361

      @hackerman1 wrote:

      Could you please explain #2 ?
      There is no “deny rights” on your own user account in the original post.
      It says “deny read rights” for ADMIN.

      If you carefully followed Scimitar’s instructions (the step in question is below) you should have had a “Deny Read” permission on your own user account. If you are unsure how to remove that permission, the way I did it was to promote another unprivileged user account to administrator and then remove the permission on my local administrator account.

      @Scimitar wrote:

      […] Now change the permissions of the folder “ProductOptions” –> add your user account (for example ComputernameUsername) and deny yourself the read rights for the whole folder. Be careful not to deny the whole rights for all administrators or something like that […]

      @hackerman1 wrote:

      Could you please explain #3 ?
      Where should “NT SERVICEavast! Antivirus” be added ?

      Pictures tell an entire written tutorial. πŸ™‚

      (Imgur album) I took the screen shots on a Windows 7 laptop but the process is the same.

    • #46362

      Nice… working perfectly for Avast 8.. 😎

    • #46363

      @Scimitar wrote:

      Hi, first of all: I’m not a native english speaker so I apologize in case my english might be incorrect sometimes.

      Thanks to the process monitor which was mentioned in another thread I’ve found a way to install Antivir Personal Edition which I want to share with you.

      It’s pretty simple and might work with other programms which check for a Server OS and deny the installation too.

      1.) Start –> Run –> Regedit
      2.) Go to HKEY_LOCAL_MACHINE –> SYSTEM –> CurrentControlset –> Control
      3.) Now change the permissions of the folder “ProductOptions” –> add your user account (for example ComputernameUsername) and deny yourself the read rights for the whole folder. Be careful not to deny the whole rights for all administrators or something like that (I tried that first cause of a black out and it leads to windows not being able to boot).
      4.) Now you should be able to install Antivir PE

      In case you want to revert the permission settings just log to your administrator account. Here you can again grant your user account full rights for “ProductOptions”.
      five nights at freddy’s free full games, free survival games online
      Up until now I didn’t notice any drawbacks but I won’t garantie that there might be some.

      Nice work Scimitar! :mrgreen: This trick allowed me to install Avast Home in Server 2008 Enterprise (64 bit). Afterwords I logged into the master Admin account and reset the permissions. So far so good!

Viewing 35 reply threads
  • You must be logged in to reply to this topic.