Avira + Virus getting through webguard

Discussion in 'other anti-virus software' started by Anth-Unit, Apr 11, 2009.

Thread Status:
Not open for further replies.
  1. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    This happens to me periodically with infected files:

    From Webguard
    When accessing data from the URL, ...
    a virus or unwanted program 'HEUR/Crypted' [heuristic] was found.
    Action taken: Blocked file

    Now a couple of seconds later from Guard:
    Virus or unwanted program 'HEUR/Crypted [heuristic]'
    detected in file 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\WEBGUARD\00001201.exe.
    Action performed: Deny access

    So it seems that occasionally guard is detecting a portion of webguard as a virus when something is detected? I'm not sure if this is a correct assessment, but I'm never able to replicate this consistently -- not even with the same files/websites. I'm running Vista 64. Any idea what's going on here?
     
  2. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    its not detecting the webguard as a virus, its detecting the temp file of the .exe that was infected, its nothing to worry about since Avira caught it
     
  3. progress

    progress Guest

    But if it is an exploit it could be too late? :rolleyes:
     
  4. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    On the contrairy, Avira nailed it before it could even think of doing anything at all to your system. :D
     
  5. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Action taken: Blocked file

    Action performed: Deny access

    Hardly too late when one action it's blocked and in the other it's deny. It did it's job!!
     
  6. progress

    progress Guest

    I see :)
     
  7. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    the webguard should block it. it would seem that a file got past the webscanner but the guard blocked it. with some malware that would be to late.

    hmm how did the file get in that avira temp directory?
    the webguard says it blocked the file from being downloaded yet it download anyway?
    submit the bug to avira.
     
  8. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    I might submit a bug, but I cant even re-create it using the same file and website. It just happens randomly and I have no idea what to tell them.
     
  9. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    tell them that sometimes the webguard says malware is blocked but a few seconds later the guard blocks the same file.
    this means the webguard isnt acually blocking the file so the guard catchs the file after its downloaded.
    definatly a bug and if im sure it can be found out and fixed.

    make sure you show them an example with screenshots of malware name location and time of both webguard and guard.
     
  10. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    Do I post this on their support forums or is there an official support email?
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    Hello,
    I cant seem to find any bug reporting email address.
    I would post on the avira forums and also PM Stefan
    Send a friendly message and point to this thread.
     
  12. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    It's very strange. Did you modify program's default settings at installation? what version of avira are you using? for heuristic detections with the webguard you should get a 'deny access' option as first choice, you shouldn't be bothered by the guard again. Vista 64? yes, it may be a bug.
     
  13. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    Vista 64 bit here: don't have this. Works like it should.
     
  14. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    It's downloaded to the temp directory because webguard is a proxy! This is not a bug. I assume up to a certain limit things are kept in memory, but if files are too large, you don't want them to sit around in RAM while being downloaded now, do you? That doesn't mean the data reached any app other than webguard.
     
  15. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    why would the guard detect files in its own temporary directory?
    surely the file should of been blocked from downloading?
    it says it was blocked from downloading yet it still got on the HD.
     
  16. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    INTERNET -> WBGUARD IN -> (download to webguard temp or keeping in memory if size is small) -> SCAN -> WEBGUARD OUT -> SEND TO BROWSER

    Simplified at least. Usually the On-Access Guard should not alert on files saved by webguard, that much is correct. Maybe it couldn't properly "attach" itself due to some other system software blocking the 'authentication and exception from scan' of the webguard process. Dunno,the log might provide more detail on that.

    Still, stuff ending up on your HD in the webguard temp directory is not an indication of failure by webguard. You want it to keep a 4GB DVD ISO fully in RAM to be able to scan it? That'd be pretty idiotic :) After the download gets scanned and pased to the browser, the temp file of course will be deleted.

    The issue here, at least to me, seems to be only that guard caught a write operation by webguard, which it normally shouldn't. As i tried explaining, probably some issue caused by other applications preventing the webguard from 'authenticating' itself to the on access scanner.

    Reasons for that could be other protection software/mechanisms or a bug, which seems less likely since its the first time i've heard of such an issue described with the AV9 release.
    We'll never know without an error log or thorough analysis, so please don't jump to conclusions prematurely :)
     
  17. Anth-Unit

    Anth-Unit Registered Member

    Joined:
    Oct 13, 2006
    Posts:
    108
    It used to happen in version 8 as well. The strange thing is, it doesn't happen all the time, not even with the same file/website. I have no other resident av/as running in memory.
     
  18. Arup

    Arup Guest

    Funny I have Avira premium here on couple of PCs and none exhibit this behavior, of course I have no other security apps along with it. Just LUA, full DEP and Avira.
     
  19. BJStone

    BJStone Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    139
    Here too, no problems at all.
     
Loading...
Thread Status:
Not open for further replies.