Avira antivirus upgrade wreaks 'catastrophic' havoc on Windows PCs



Sucks to be them ;D

Only the subscribers to the payed version were affected. The user of the Free version are not.

These things happen. FP’s are a necessary byproduct of trying to completely protect a computer using only signature detection. As can be seen, sometimes these signatures can get a bit greedy. >:-D

That said, I would have hoped that some precautions would have been put in place to at least protect against critical windows system files like this. Hopefully they are now (and as far as I’m aware they already are with Comodo). Comodo does not scan whitelisted files, which should include all Windows files.

True, but that’s just because the free edition doesn’t include Behavioral Blocker (BB)

Hi Chiron,

What kind of signatures are you talking about? BB’s do not rely on / not using signatures.

Well, sure we (at least me personally) don’t have detailed info about Avira’s BB flaw in their recent SP

At the same time,… again … users must be blamed as well if not in the 1st place
Such disasters happened in the past and will happen in the future
It was discussed here & in other forums

As soon as any security installed – go through all options and disable auto-quarantine / auto-deletion wherever you can see that Set those to “Notify” only.
You must not allow any security silently quarantine/delete anything
Pay attention to anything considered as a threat which resides in a system area
This way users are protected against such malware as their own security :slight_smile:

And we all know (I hope) that even if those important system files are infected indeed – there is no way any security should attempt to quarantine/delete them, since special procedures are needed to deal with such in order to repair/put back the legit ones

As for BB’s (no signatures involved) - the rule of thumb is pretty much the same
The thing is that most BB’s (or HIPS - not the same but similar) have just Alerts as a default with Block/Quarantine/Allow/Create Rule/etc. options
Honestly, I was not interested in Avira’s ProActiv behavioral-based monitoring system, therefore I will refrain myself from comments & judging at the moment, but according to common sense – it most likely (or rather should) has similar setting(s) for not blocking/quarantining by default.


p.s. Since it’s offtopic here

can you please PM me some details about this matter in particular
That is interesting, because system files can be poisoned; substituted; dig signatures can be forged … and so on… So how those crucial sys files are whitelised & not “scanned” / or not checked by Defense+/ or theoretically by by so many times promised awaited BB by Comodo :wink:
Thanks in advance

As long as D+ is active it will protect the Windows system files from being tampered with.

That’s funny LOL! ;D

These things happen. True. I never really liked Avira.

Accidents like this happens to all of the security programs. It’s not a a valid way of distinguishing the good from the bad, the outstanding from the mediocre and below, etc…

I know even Microsoft gets it wrong time to time. I express my personal opinion. For me Avira will be the last AV I will ever use… Personal choice.