Defense+ prevents Avira to update

I have Avira Antivir 10.0 and Comodo 5.0 installed on a XP SP3 computer.
The Comodo Firewall and Defense+ modules are running in safe mode.
The Avira exe files are added to the trusted files list.
Problem : when updating Avira (automatic or manual) the download is OK, but the files are not treated.
Only after disabling Defense+ the Avira updating is working.
How to update Avira while Defense+ is on???

can you take screenshots an put then here about the D+ log and firewall log after an avira tries to update?

You need at least a customized defense+ rule:
X:\Avira\Antivir Desktop\update.exe
Run an executable:
allow X:\Documents and Settings\All Users\Application Data\Avira\Antivir Desktop\TEMP_update\update.exe
(and of course a blocking one for avnotify.exe if you run the free version and don’t want the popup screen for paid version).

Other avira executables are needed both in firewall and defense+, but are not relevant if downloads are succesfull and if avira runs right.

I have the same problem, but this trick doesn’t run on my XP SP3.

I`m currently running Avira and am able to update fine. What i did was make a group for the whole Avira folder and give it the “Installer or Updater” policy.

Go to Defence+ → Computer Security Policy and choose Protected files and folders. Now choose “Groups”. Next “Add”-> “A new group”->call it Avira and hit Apply.
This entry will now be at the bottom of the list, right click where it says “Add files here” and select Add 88)
Now Browse to the Avira ProgramFiles\Avira folder and move it accross with the arrow. APPLY to close all windows.
Now go to Computer Security Policy, click Add → Select → File groups → Avira → Tick “use a pre-defined policy” and choose “Installer or Updater” Apply to close all windows.

Hope this helps,

p.s. I do still get Avira files in Trusted files which i have to Purge now and then!

[attachment deleted by admin]

Thanks for your so specified help, but I tried it twice and it doesn’t run. :o

Is there anything in the Defence+ log bluevik?

Does it do anything at all. i.e. does the updater window come up?

Check via services.msc that the Avira AntiVir Scheduler service is running and set to Auto.

Try this via the Avira control panel. Administration->Scheduler->Insert new job->Name (Test)->From the drop-down choose “update job” then Next->Immediately->Maximised->Finish.

This should get sched.exe to run update.exe and avwsc.exe.

I`m not on xp at the moment but will fire up a VM on the other machine later to have a gander!


p.s. Check in Unrecogonized Files for anything that could be Avira related

If it can help, my Avira rules (no Sandbox, no Trusted Vendor): (Avira installed under E:\Avira, amend as necessary)

E:\Avira\Antivir Desktop\update.exe: allow TCP Out From Any to (Required IPs), port 80
E:\Avira\Antivir Desktop\schedule.exe: same rule

C:\Windows\System32\csrss.exe: Close process: allow E:\Avira\Antivir Desktop\avgnt.exe

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe:
Run an executable: allow C:\Windows\system32\regsvr32.exe, E:\Avira\Antivir Desktop\avgnt.exe, E:\Avira\Antivir Desktop\updfix.exe, E:\Avira\Antivir Desktop\update.exe
Protected registry keys: allow HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
Allowed files and folders: you have to allow \Device\Afd\Endpoint and every single temp file used during the update and corresponding to the updated files, e.g.:
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\wks_avira\win32\fr\classic-nt\rcimage.dll

E:\Avira\Antivir Desktop\update.exe
Run an executable: allow C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\TMP_UPDATE\update.exe, deny E:\Avira\AntiVir Desktop\avnotify.exe
Allow all other items.

E:\Avira\Antivir Desktop\avgnt.exe
Run an executable: allow E:\Avira\AntiVir Desktop\avconfig.exe and E:\Avira\AntiVir Desktop\avcenter.exe

E:\Avira\Antivir Desktop\avscan.exe
Ask to run an executable, allow everything else

E:\Avira\Antivir Desktop\avconfig.exe
Run an executable: allow E:\Avira\AntiVir Desktop\avscan.exe and E:\Avira\AntiVir Desktop\avconfig.exe

E:\Avira\Antivir Desktop\sched.exe
Run an executable: allow E:\Avira\AntiVir Desktop\update.exe
allow everything else

E:\Avira\Antivir Desktop\avguard.exe
Run an executable: allow E:\Avira\AntiVir Desktop\GUARDGUI.EXE
allow everything else

E:\Avira\Antivir Desktop\avwsc.exe
Run an executable: ask
allow everything else

Run an executable: allow E:\Avira\Antivir Desktop\avgnt.exe

at brucine
very detailed, but its a bit “scary complicated” :smiley:

when something doesnt work, i usually erase all rules of the program that doesnt work.
then i start it and answer all questions from comodo defense+ (safe mode). in case of avira there are not many questions.
then i start an update and give the updater the right for OUTgoing only. and for defense+ i tell “treat the updater as updater”.
for tests i go to eicar test file, and maybe you have to answer one time (remember answer) to allow the guard to fire an alarm.
and avira runs without any problems.

i often suspected the clean pc mode and the sandbox feature to cause more trouble than to give real benefit.

very detailed, but its a bit "scary complicated"
I of course didn't write them from scratch, they result only from defense+ (paranoid mode and everything custom) asking them.

I don’t provide them for someone to also write them from scratch, but to check their existence in his running configuration as, concerning their part relevant to Avira updates, they are functionnal (at least until the next nasty Avira modification of update servers and/or utilities, happening quite often, but you are then warned for the new request).

no, all seems regular.

All the other update are regular.

I already checked it: the Avira services are in automatic and enabled.

Tried: no result.

at bluevik
try my example of simply allowing avira to run. its working proved here for many years.
erase the wrong rules for avira first. and start a new avira chapter.

at brucine, soon you will make the 1337`s post :smiley:

in your detailed description it looked as if this all has to be made and set “by hand” to make avira running.
i wanted to mention that its easier than this looked :wink:

Thanks clockwork, I already tried but keeping Defense in paranoid mode, and I don’t use the sandbox. I’m not glad to turn up in Safe Mode, but I’ll do the trial.

Failed. I also tried a full uninstall, I cleaned my pc and I reinstalled in Safe Mode, but Avira’s update doesn’t work.

Just anecdotal experiences here, but I recently installed Avira when CAV wasn’t updating for me, and running D+ and the Firewall in Safe Mode on Win XP SP3, I didn’t have to do anything special to get Avira to update. -shrug-

I didn`t mean windows update, are you even getting as far as the picture below (the updater window)?

From looking at Process explorer it looks like sched.exe is what starts the update session, take a look at any D+ rules pertaining to this (if there are any). Maybe go through the D+ list to
Did you uninstall CIS or Avira?

Like HeffeD i`m at a bit of a loss (:SAD)


p.s. I`m going to try re-booting while in Paranoid (sometimes a clean session is needed) after removing all Avira related rules and see what i get!

[attachment deleted by admin]

Okay after re-booting i got these alerts while doing an update (allthough nothing was downloaded as i was up to date)
First 3 just a normal update from avcenter, second from Update → Start product update

[attachment deleted by admin]

Sorry, I misunderdestood. No, I don’t have any Avira’s update window.

No do I, after my reinstalling I see only the first pop up that you posted.

i used paranoid mode before for long. and i allways got avira to run.
the only tricky thing was, to test one time eicar files to allow the guard to fire an alarm.

but apart from that with the same things as you, never a problem.

what is your setting in avira about updates? is it on “install at once” or on “if a restart is needed, install after next restart, otherwise at once”… then it should work.
there are settings that require your interaction before updating. thats why i ask.

is avira updater set as “updater and installer” in comodo?