AppGuard blocks Avira Launcher

Discussion in 'other anti-malware software' started by karad, Jan 29, 2016.

  1. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    Windows7-64

    AppGuard 4.2.8.1 blocks my recently installed Avira Launcher (Avira Free antivirus) no matter what i do:

    01/29/16 10:10:12 Prevented process <avira.exe | c:\programdata\avira\launcher\temp\avira.exe> from launching from <c:\programdata\avira\launcher\temp>.


    I've put in Power Application: avgnt.exe
    avupgsvc.exe
    update.exe

    and also run Avira Launcher in Guarded Applications with everything off,

    but this is not enough.

    I'm reluctant to run anything Temp in Power Applications or choose 'ignore', so,please, what can I do?
     
  2. LucentWarrior

    LucentWarrior Registered Member

    Joined:
    Mar 29, 2014
    Posts:
    71
    Location:
    US
    With Avira free anti virus the program executable is "avguard.exe", you will need to place it in power apps.

    The path: C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    I would remove it from guarded apps.
     
    Last edited: Jan 29, 2016
  3. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    70
    karad,

    I think AppGuard is doing what it should do and preventing an executable launching from what it considers User Space (Program Data in this instance) so having something in Power apps may be the only solution. I don't use AVs at all never mind Avira so don't know which would be nest but I see Illumination has suggested the exe to add.

    I'm seeing more and more applications launching executables or DLLs from User Space (particularly AppData). Most don't cause issues when blocked but some do. I don't like using Power Apps at all so I try to find alternatives if that's the case. Not always possible I know and I see AppGuard as primary protection but I know others use it as a secondary layer.

    Cheers
     
  4. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    @illumination thanks for pinpointing the right file, I'll add that to Power Applications and hope it works.

    @Elwe Singollo I dont understand why Avira are using this method of starting/finishing updates from a Temp file, as this was not the case in the past.
    The only problem caused by this block was the two hourly update not always was working properly,it did it at random-not a small one if
    you depend on signatures.
    I used to run without any heuristics ,doing only a scan once in a while + Malwarebytes scans and relying on the power of AppGuard,Sandboxie
    and Shadow Defender and this combo worked well for a long time and still works,but ,having decided to make Windows updates only once
    every 6 months or so-due to the fact I dont want the Windows10 hassle- I felt psychologically better with Avira heuristics on.
    cheers

    karad
     
  5. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    I would exclude c:\programdata\avira\ from user space and make it a private folder. This way everything can launch from there but guarded applications cannot drop payloads at this location.
     
  6. Elwe Singollo

    Elwe Singollo Registered Member

    Joined:
    Oct 30, 2015
    Posts:
    70
    Nice solution :shifty:.

    Cheers
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I am having the same problem. Added the above recommended Avira .exe's to Power Applications and still have a problem with the update. The computer restart is needed for Avira and I am not sure if that is the problem. Any other ideas? It appears there is a limited number of .exe files that can be placed in Power Apps on Appguard for me and Avira has several.
     
  8. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Have you tried the solution which I posted?
     
  9. hjlbx

    hjlbx Guest

    Did you add Avira to the Publisher's List: Customize > User Space > Publisher List > Add ?

    BRN states that even with an app added to Power Apps, sometimes it is necessary to add the digital signature to the Publisher's list.
     
  10. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    This would only work for guarded applications that have the privacy flag set to On. The more general method is to exclude the folder from user space and make it a protected folder by setting the type flag to Read Only.
     
  11. FleischmannTV

    FleischmannTV Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,071
    Location:
    Germany
    Thank you, pegr. That is exactly what I meant, but I did not express properly.
     
  12. hjlbx

    hjlbx Guest

    @Barb_C

    Had to disable Memory Protection for two security applications to function properly - Quarri (light virtualization with built-in SRP) and IT Hurrican Power Tool (rootkit remover).

    Please don't remove the Memory Protection settings.

    LOL... I just knew it would come in handy someday.
     
  13. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,279
    Location:
    UK
    You're welcome, FleischmannTV.

    Best wishes
    pegr
     
  14. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    yes, that didn't help.

    I have done the above suggestions and am going to see what happens. Before doing the above I kept getting the following message from the activity report on Appguard -
    02/19/16 23:28:19 Prevented process <Avira Launcher> from writing to <c:\windows\temp\setup_20160219232643_failed.txt>.
     
  15. Impet

    Impet Registered Member

    Joined:
    May 5, 2013
    Posts:
    894
    Well done AppGuard. :argh:
     
  16. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    Sorry for the delay in replying ,especially to FleischmannTV,who i thank very much for his suggestions.
    The point is that most of the advice dont work at all with Avira and I had not seen what Pegr or Barb C wrote when
    I took the decision to get rid of Avira altogether.
    I went back to Comodo Antivirus.
    No more problems now as without
    the HIPS and sandbox it fits very well with AppGuard and Sandboxie ,which are my basic programs.

    I didnt want to believe it ,but I've found out that ,on top of the said problems,Avira slows down considerably a pc: not so much this one we are talking about which has got 4Gyga of RAM and Windows7, but in another pc of mine with only a RAM of 2G (Windows 8.1) I also removed Avira and installed BitDefender free and the gain in speed was noticeable.

    I also was not very happy about the ads.
    It's a pity because Avira was great and very light until 8-10 years ago.
    I remember that my first computer, a notebook,in 1999,was running Norton and when I began to understand a few basics I realised it was as heavy as a mountain and I gathered all my courage and after a lot of study about uninstalling Norton I finally did it and placed AVG instead,which was better and light as a plume,then,a few years after I began to use Avira which was Number 1 in detections and also very light.
    Unfortunately things do change,not always for the better...
     
Loading...