Avira Updates Antivirus

Wednesday, May 16, 2012 @ 01:05 PM gHale

A faulty update for Avira’s paid-for anti-virus software blocks harmless processes and may in some cases stop computers from booting.

That all can happen because in Avira’s ProActiv behavioral monitoring component becomes oversensitive in its treatment of executable files.

RTFs Fall Victim to APTs
Security a Weak Link for States
Security First; Not in Smart Grid
Smart Meters Getting Smarter

ProActiv blocks trusted system processes such as cmd.exe, rundll32.exe, taskeng.exe, wuauclt.exe, dllhost.exe, iexplore.exe, notepad.exe and regedit.exe, according to user reports. In some cases this results in Windows failing to boot properly. It also appears to be blocking non-OS applications such as Microsoft Office, the Opera web browser and Google’s Updater program.

All versions that include the ProActiv behavioral monitoring component suffer from the issue, including Avira Antivirus Premium 2012 and the enterprise version. Only 32-bit systems suffer from the problem as ProActiv doesn’t currently support 64-bit operating systems. On the Avira forum, an employee of a company that runs Avira on one hundred computers said, “This update has been pretty catastrophic. The whole company ground to a standstill.”

If users want to disable Avira’s ProActiv behavioral monitoring component, they can access Avira’s settings, activate the Expert mode using the switch on the left and uncheck ‘Enable Avira ProActiv’ under ‘Realtime Protection’, ‘ProActiv’. If Windows is having difficulty booting, the user can fix it in some cases by starting in safe mode and then deactivating ProActiv, according to user reports.

Avira confirmed the problem and released an update to resolve the bug. The potential scale of the bug is huge, according to Avira, the faulty update has already been downloaded more than 70 million times. That figure, however, includes those running the free version of Avira which does not suffer from the issue. The company has now stopped distributing the update.

Leave a Reply

You must be logged in to post a comment.