This happens to me periodically with infected files:

From Webguard
When accessing data from the URL, ...
a virus or unwanted program 'HEUR/Crypted' [heuristic] was found.
Action taken: Blocked file

Now a couple of seconds later from Guard:
Virus or unwanted program 'HEUR/Crypted [heuristic]'
detected in file 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\WEBGUARD\00001201.exe.
Action performed: Deny access

So it seems that occasionally guard is detecting a portion of webguard as a virus when something is detected? I'm not sure if this is a correct assessment, but I'm never able to replicate this consistently -- not even with the same files/websites. I'm running Vista 64. Any idea what's going on here?

its not detecting the webguard as a virus, its detecting the temp file of the .exe that was infected, its nothing to worry about since Avira caught it

But if it is an exploit it could be too late? ::)

On the contrairy, Avira nailed it before it could even think of doing anything at all to your system. ;D

-{ Quote: "But if it is an exploit it could be too late? ::)" }-

Action taken: Blocked file

Action performed: Deny access

Hardly too late when one action it's blocked and in the other it's deny. It did it's job!!

-{ Quote: "
Hardly too late when one action it's blocked and in the other it's deny. It did it's job!!" }-

I see :)

the webguard should block it. it would seem that a file got past the webscanner but the guard blocked it. with some malware that would be to late.

hmm how did the file get in that avira temp directory?
the webguard says it blocked the file from being downloaded yet it download anyway?
submit the bug to avira.

-{ Quote: "the webguard should block it. it would seem that a file got past the webscanner but the guard blocked it. with some malware that would be to late.

hmm how did the file get in that avira temp directory?
the webguard says it blocked the file from being downloaded yet it download anyway?
submit the bug to avira." }-

I might submit a bug, but I cant even re-create it using the same file and website. It just happens randomly and I have no idea what to tell them.

-{ Quote: "I might submit a bug, but I cant even re-create it using the same file and website. It just happens randomly and I have no idea what to tell them." }-
Hello,
tell them that sometimes the webguard says malware is blocked but a few seconds later the guard blocks the same file.
this means the webguard isnt acually blocking the file so the guard catchs the file after its downloaded.
definatly a bug and if im sure it can be found out and fixed.

make sure you show them an example with screenshots of malware name location and time of both webguard and guard.

-{ Quote: "Hello,
tell them that sometimes the webguard says malware is blocked but a few seconds later the guard blocks the same file.
this means the webguard isnt acually blocking the file so the guard catchs the file after its downloaded.
definatly a bug and if im sure it can be found out and fixed.

make sure you show them an example with screenshots of malware name location and time of both webguard and guard." }-

Do I post this on their support forums or is there an official support email?

-{ Quote: "Do I post this on their support forums or is there an official support email?" }-
Hello,
I cant seem to find any bug reporting email address.
I would post on the avira forums and also PM Stefan (http://www.wilderssecurity.com/member.php?u=6661)
Send a friendly message and point to this thread.

-{ Quote: "This happens to me periodically with infected files:

From Webguard
When accessing data from the URL, ...
a virus or unwanted program 'HEUR/Crypted' [heuristic] was found.
Action taken: Blocked file

Now a couple of seconds later from Guard:
Virus or unwanted program 'HEUR/Crypted [heuristic]'
detected in file 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\WEBGUARD\00001201.exe.
Action performed: Deny access

So it seems that occasionally guard is detecting a portion of webguard as a virus when something is detected? I'm not sure if this is a correct assessment, but I'm never able to replicate this consistently -- not even with the same files/websites. I'm running Vista 64. Any idea what's going on here?" }-
It's very strange. Did you modify program's default settings at installation? what version of avira are you using? for heuristic detections with the webguard you should get a 'deny access' option as first choice, you shouldn't be bothered by the guard again. Vista 64? yes, it may be a bug.

Vista 64 bit here: don't have this. Works like it should.

It's downloaded to the temp directory because webguard is a proxy! This is not a bug. I assume up to a certain limit things are kept in memory, but if files are too large, you don't want them to sit around in RAM while being downloaded now, do you? That doesn't mean the data reached any app other than webguard.

-{ Quote: "It's downloaded to the temp directory because webguard is a proxy! This is not a bug. I assume up to a certain limit things are kept in memory, but if files are too large, you don't want them to sit around in RAM while being downloaded now, do you? That doesn't mean the data reached any app other than webguard." }-
why would the guard detect files in its own temporary directory?
surely the file should of been blocked from downloading?
it says it was blocked from downloading yet it still got on the HD.

INTERNET -> WBGUARD IN -> (download to webguard temp or keeping in memory if size is small) -> SCAN -> WEBGUARD OUT -> SEND TO BROWSER

Simplified at least. Usually the On-Access Guard should not alert on files saved by webguard, that much is correct. Maybe it couldn't properly "attach" itself due to some other system software blocking the 'authentication and exception from scan' of the webguard process. Dunno,the log might provide more detail on that.

Still, stuff ending up on your HD in the webguard temp directory is not an indication of failure by webguard. You want it to keep a 4GB DVD ISO fully in RAM to be able to scan it? That'd be pretty idiotic :) After the download gets scanned and pased to the browser, the temp file of course will be deleted.

The issue here, at least to me, seems to be only that guard caught a write operation by webguard, which it normally shouldn't. As i tried explaining, probably some issue caused by other applications preventing the webguard from 'authenticating' itself to the on access scanner.

Reasons for that could be other protection software/mechanisms or a bug, which seems less likely since its the first time i've heard of such an issue described with the AV9 release.
We'll never know without an error log or thorough analysis, so please don't jump to conclusions prematurely :)

-{ Quote: "INTERNET -> WBGUARD IN -> (download to webguard temp or keeping in memory if size is small) -> SCAN -> WEBGUARD OUT -> SEND TO BROWSER

Simplified at least. Usually the On-Access Guard should not alert on files saved by webguard, that much is correct. Maybe it couldn't properly "attach" itself due to some other system software blocking the 'authentication and exception from scan' of the webguard process. Dunno,the log might provide more detail on that.

Still, stuff ending up on your HD in the webguard temp directory is not an indication of failure by webguard. You want it to keep a 4GB DVD ISO fully in RAM to be able to scan it? That'd be pretty idiotic :) After the download gets scanned and pased to the browser, the temp file of course will be deleted.

The issue here, at least to me, seems to be only that guard caught a write operation by webguard, which it normally shouldn't. As i tried explaining, probably some issue caused by other applications preventing the webguard from 'authenticating' itself to the on access scanner.

Reasons for that could be other protection software/mechanisms or a bug, which seems less likely since its the first time i've heard of such an issue described with the AV9 release.
We'll never know without an error log or thorough analysis, so please don't jump to conclusions prematurely :)" }-

It used to happen in version 8 as well. The strange thing is, it doesn't happen all the time, not even with the same file/website. I have no other resident av/as running in memory.

Funny I have Avira premium here on couple of PCs and none exhibit this behavior, of course I have no other security apps along with it. Just LUA, full DEP and Avira.

-{ Quote: "Funny I have Avira premium here on couple of PCs and none exhibit this behavior, of course I have no other security apps along with it. Just LUA, full DEP and Avira." }-

Here too, no problems at all.