Avira, its cloud and uploading of filenames ?

This has probably been discussed in the past. However, past situations don't necessarily properly represent the present !

I have two main questions (paid products only):

- is it possible to avoid using the cloud part of the AV, and if so, how effective will the AV/suite be under those conditions ? I never get infected, but if it doesn't work properly there is no point in using it !

- does the product upload filenames/paths ?

 

Create firewall rules to block their cloud servers.

The 2013 version without APC did horrible in the real world test, so not that much.

 

Lol, don't listen to this guy. You can't disable the cloud functionality without severely lowering the protection offered by the product. Why even bother using it? You can block the servers with the firewall, but have fun not getting your normal signature updates also.

 

I've already said that. But if he wants it, why not tell how to? Don't get me wrong, no offense to anyone, but no one here always makes purely "rational" AV choices and that's perfectly fine. Although I doubt the OP will or should stick with it for long anyway, he can try it out for some time.

Maybe I'm missing something, but aren't cloud analysis servers and update servers supposed to be different?

 

Many company's use location routes or servers close to the users around the globe, many keep cloud and download signatures in the same servers for convenience and even if it was not so, if you blocked a cloud data server the program would realize and default to another one second closest. Hence its kinda a pointless exercise, hell... the programs are built this was so malware cant create windows firewall rules for the very act of blocking cloud/signature updates.

 

I read that test as well and your what we call wrong. 97.4 No APC (March to June.) (Aug to Nov) test 99.4 of which Aug and Sept portion used 2013 and Oct and Nov used the 2014 version. We can look at 2012 as well if you like. Not the top scores but darn good. Some others should do so well.

 

a) Yes, it is possible. Just disable the "Protection Cloud" option=
http://techblog.avira.com/wp-content/uploads/2013/10/config-center.png

Obviously less effective. Common sense.... (If it was the same effective with/without the cloud, then which was the reason for Avira to produce and for users to install it?).

Also:
https://www.wilderssecurity.com/showpost.php?p=2305183&postcount=1063
http://techblog.avira.com/2013/10/14/advanced-real-time-protection-with-avira-protection-cloud/en/
---------------

b)

 

https://www.wilderssecurity.com/showpost.php?p=2305183&postcount=1063
https://www.wilderssecurity.com/showpost.php?p=2307489&postcount=1113
https://www.wilderssecurity.com/showpost.php?p=2308696&postcount=1131

 

So Sept did use APC I stand corrected.

 

https://www.wilderssecurity.com/showpost.php?p=2280990&postcount=722

-------------------------
November 24th, 2013:

June 24th, 2013:

 

What anon said.

 

You can just turn it off in the cofiguration.

~97% isn't exactiy "horrible".

 

Thanks for the feedback.

I don't like connecting to a cloud, but using AVs that use the cloud as a main part of their protection does not make that much sense either.

Avira without cloud may still be decent. Avira's score in the charts is not as bad as I remember.

Yet, I don't like the shift to marketing and the price increase but that is a different matter.

 

Good or bad test results are relative. Of course it's great that most AVs managed to block more than 98-99%, but all products will always compete with each other. If an AV misses 2% of all threats while another equally popular one misses only 0.5%, that means the users of the former will most likely get infected far more often. ~97% may look good, but APC-less Avira 2013 was always at the bottom few out of 21.

 

Stefan says the opposite.
For sure he knows more (about Avira) than you and me ......
-----------------------------------

Actually it's decrease (If you have more than one pc) =
https://www.wilderssecurity.com/showpost.php?p=2317191&postcount=1206

 

He can be a little hard on himself at times.

 

Comparing test results before and after the "real-time scanning of programs with the Avira Protection Cloud" feature was added may shed some light on the subject, but I wonder about scenarios such as:

1) The inclusion and use [by others] of such a feature exposes Avira to more [timely] information which they promptly incorporate into client side updates. Leading to improved detection rates for those who aren't using the cloud features (due to configuration or lack of an Internet connection or ...).

2) Cloud based detection features get the focus/funding and [possibly over time] the pure client side detection features wane. Leading to reduced detection rates for those who aren't using the cloud features.

IOW, I think if one is interested in a "with vs without cloud" comparison they would want to see a test of precisely that using the same version. It would be easy to throw samples at a box that has no Internet connection, but a more comprehensive test would be to allow Internet communications/exposures in general while taking steps to disable, block, or both, the cloud functionality.

With Avira, would the behavior including user-feedback be different between a) real-time APC disabled, and b) real-time APC enabled but no route to the cloud?

 

=

............

 

I would expect that sequence of events to *not* happen in both of the scenarios I mentioned: a) real-time APC disabled, and b) real-time APC enabled but no route to the cloud. Note that in (a) the user has DISabled the Protection Cloud feature, and in (b) the feature is enabled but there is no way to communicate with the cloud.

I'm wondering if the level of protection and user feedback are the same in those two specific scenarios where the cloud won't/can't be used.

I just noticed some descriptions which suggest the ProActiv feature can also send information to Avira and it has a separate enable/disable. So at least when discussing "no phone home" configurations perhaps we'd have to assume that ProActiv is disabled as well(?).

 

Does ProActiv actually 'do something ' ?

A long (?) time ago it was (reportedly) almost useless.

 

No idea why they can't seem to implement a passable BB while far less capable developers manage to.

 

ProActiv is actually working with 32 bit OSs. I don't think it will ever happen with 64 bit systems because of the long debated issue of Windows Kernel Patch Protection for 64 bit systems which basically doesn't allow any kernel patching, a common problem to several malware developers:
http://en.wikipedia.org/wiki/Kernel_Patch_Protection

 

------------------------------
What is ProActiv?
http://www.avira.com/en/proactiv

------------------------------

How to deactivate / activate Avira Protection Cloud
http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/1523

 

I came here to try to find out a little more about exactly how Cloud Protection works in Avira Professional 14.

I'm still a little unsure of the specifics.

How does Avira "know" whether a file is suspicious in order to query the MD5 against the cloud?

We work with some very specialist applications and have our own in-house applications and it would be nice to know exactly how the product works i.e. does it upload any unknown executable or DLL regardless of size?

Where is the history logged?