That's almost the answer to my question. I don't doubt the capabilities of the APC itself, HOWEVER, if something gets by the local agent then APC cannot block it. So, the 2nd part of my question is if the local agent DOES NOT stream all of the fingerprints to the APC, is protection still dependent on the processing at the local PC for the first detection decision? No, I meant per-process, as shown in these screenshots from Process Explorer. It is an Amazon cloud service as the name resolution shows. With APC enabled, this TCP connection is always established. I realize that there are various Avira processes that connect via HTTP & HTTPS, but I singled this one out because it is ALWAYS established when APC is enabled. So now I'm wondering just what it is doing over an unsecured connection. With APC disabled and no other internet facing applications running, my active network view looks like this (unconnected endpoints hidden).
The Avira Service Host process reconnected again later, despite having APC disabled. It hosts multiple Avira services within one Windows service, according to Process Explorer. Guess that's why it's named Avira Service HOST, duh!!! Telemetry? It's located in the Launcher sub-folder at "C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe" Wireshark? Nope, don't have it setup. I have used it in the past, but not doing network stuff any more. If someone else feels it's worth the effort, have at it! I was just curious, not a show-stopper by any means ... Thanks again for the feedback
I just downloaded the latest beta version of Avira's new software update checker and it installed the launcher. I use Avira Pro antivirus and up to now had not experienced the launcher. I can see what Avira is trying to do with it and it makes sense if you have a few of their apps installed. So, when I click on my Avira tray icon the launcher pops up and I can start Antivirus Pro, the software updater, or the Avira Scout browser. Hmmm, I don't really mind the launcher so far. I will try to live with it for a week and see how it goes. I don't really plan on keeping the Scout browser or the software updater, however. I do have a Windows uninstall entry for the launcher. Also, I installed everything using Revo, so I should be able to remove what I don't want pretty effectively.
From my recent experience with Avira Pro, you can custom install everything except the Avira Launcher (click the "Change" button when you have selected the Avira Antivirus uninstaller). I only use the real-time protection and the web protection, but no browser protection. The Avira Launcher doesn't bother me, but I don't know why they bother putting in that Windows uninstall entry. If you run it with Avira Antivirus installed, it pops up and says that it is required by application: Avira Pro. I guess you can use that uninstaller AFTER you have removed Avira Antivirus.
I tested out uninstalling the various Avira "add-on" programs and the launcher using Revo Uninstaller. The Scout browser and software updater uninstalled easily. I rebooted after uninstalling those two programs and the launcher was there but now just showed Avira Pro. When I started to uninstall the launcher itself from within Revo, the Avira uninstall process popped up the message you mentioned. It said the launcher couldn't be uninstalled because it is required by Avira Pro. I exited that process and then just used Revo to brute force uninstall it. The launcher install had added a large amount of registry entries and files but Revo seems to have completely uninstalled it. After a reboot, the launcher is gone and I am back to just having Avira Pro. The tray icon now directly starts up the Avira Pro interface. I am not noticing any ill effects on my computer so it seems as if all is well. I ran a CCleaner registry check and it didn't find any errors. Anyway, I am probably going to reload the software updater and end up with the launcher again. I don't think it bothers me that much and I would like to check out their updater a bit. I think software updaters can be an important security tool but I never had much luck with the Secunia updater. It never worked well for me. The Avira one seems to be focused on software that is more prone to being exploited, so maybe it will be a decent product.
I agree with you. You think they could program the thing so that if you only have one of their apps installed, then it would launch directly into that app. I guess they would lose out on some marketing opportunities in that case. Anyway, I agree the launcher is frustrating/silly/unneeded for single app installations. I still love Avira Pro, however.
As I wrote here many times, the fair solution is only one: The installation of the launcher must be optional (especially in paid versions). The mandatory installation serves the Avira (desperately try by all means to sell additional apps) not the customer.
by all means? lol xD A lot of people like the launcher and find it useful. I wonder what would you call what other vendors includes in the free version of their av's
OK then ... hamlet, guest for starters! Surely there are more :-D I'm probably with them too, but I'm not using it for any additional apps, so hard to call it useful yet. But it's not bugging me or popping ads up, at least, so I'm not finding it an annoyance. Doesn't consume much PC resources either, so I leave it be.
In the last three years Avira has become one of the best products available. I remember some people even suggesting that the company wasn’t going to survive a period of average results (that was the time of the Avira ProActiv debacle). Lately the program is virtually flawless and tops most detection tests, the company offers a free version which in its core is the same as the paid one, and rather than showing some polite criticism if required, some people always treat them as if they were funded with tax payers’ money… It is a private company, if you dislike their choices it is very simple, there are plenty of other possibilities free and paid.
I reinstalled Avira to dump the traffic for tcp:80 (curiosity got the better of me) only to realize that process is part of the launcher...so I reinstalled again with the launcher, but I'm not seeing avira.servicehost.exe connecting to anything tcp:80, just tcp:443. PC in question has been up for over 24hrs at this point, and I still only have a single persistent https connection. Is it possible something might have blocked https connectivity from that process, leading it to fallback to http on your machine?
I use the Sphinx-Soft Windows Firewall Control. I had all Avira services set to "OutgoingOnly". I tried changing them to "EnableAll", then disabled/enabled my NIC to force the connections to reset. Interesting thing happened, I got three ServiceHost instances, one of which connects to port 443, the rest to port 80. Then all drop, except for one ServiceHost that stays connected to port 80. I have repeated this several times and get the same result. I have rebooted several times since my earlier post about this, so whatever it is persists across system restarts. Right now I show only connections for Avira Systray and ServiceHost and each are connected to port 80.
I did install this Windows update on 5/30/16 https://support.microsoft.com/en-us/kb/3140245 Update to enable TLS 1.1 and TLS 1.2 as a default secure protocols in WinHTTP in Windows Seems to be an out-of-band optional update released in April. Didn't seem to have anything to do with "Get Windows 10", so I installed it. Do you have this update installed? More on the registry here : http://superuser.com/questions/1080317/how-to-set-tls-protocols-as-default-after-applying-kb3140245 Well it seems that this update merely enable the addition of a registry key. I checked and this new default key has not been added to my system.
Ah, might be because I'm running Win10. I don't generally use Avira because they still haven't fixed the whole "never updating" bug, and support felt content to tell me to just leave process protection off forever. I'll just take my PC out back and hose it off. Won't need it after that, either.
I am running Avira Product version 15.0.17.273 4/4/2016 with all product protection turned ON, and it updates just fine.
You would have a wet PC I think. Oh if you are concerned I think Linux Mint does have the ability to use Clam. Always. Wildman