Avira's sched.exe and windows updates

Discussion in 'other anti-virus software' started by innerpeace, Nov 4, 2010.

Thread Status:
Not open for further replies.
  1. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I'm running Avira free ver. 9.0.0.442 on XP Home SP3. I only update Avira manually as well and Windows. I also don't have any jobs scheduled within Avira. On occasion sched.exe asks for internet access and then it connects to Windows updates. During the past week it's happening daily. Why is this happening and why is connecting to Windows updates?

    I did get a notice that Avira needs a program update but I have not done that yet. I would like to stay with version 9 and I'm afraid that it will update to version 10. I'll have to experiment later with Returnil's Session Lock enabled.
     
  2. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    I updated Avira manually and now have version 9.0.0.429. I'm also still seeing sched.exe wanting to connect to Windows updates at boot up. Automatic updates are disabled and I only have WGA Validation installed and not WGA Notification. I thought the latter may be my problem.

    Does anyone have any idea what is going on? I'll even entertain wild guesses at this point.

    Thanks

    Edit: Here is my firewall log while booting.

    12/11/10 00:37:52 [TDI] ICMP, Listen, 0.0.0.0 <- 0.0.0.0, System(4/212)
    [TDI] Passed by rule.
    12/11/10 00:37:52 [TDI] RAW, Connect, 0.0.0.0 -> 0.0.0.0, System(4/212)
    [TDI] Passed by rule.
    12/11/10 00:37:52 [TDI] UDP, Connect, 0.0.0.0:50019 -> 192.168.1.1:53, C:\Program Files\Avira\AntiVir Desktop\sched.exe(1512/2724)
    [TDI] Blocked by rule.
    12/11/10 00:38:07 [TDI] UDP, Listen, 192.168.1.4:68 <- 0.0.0.0:0, C:\WINDOWS\system32\svchost.exe(916/1012)
    [TDI] Passed by rule: "UDP, <-- svchost.exe, [68], +(*)"
    12/11/10 00:38:07 [TDI] UDP, Connect, 0.0.0.0:65075 -> 192.168.1.1:53, C:\Program Files\Avira\AntiVir Desktop\sched.exe(1512/2724)
    [TDI] Passed by rule: "UDP, --> sched.exe, [53], +(*), (session)"
    12/11/10 00:38:22 [TDI] UDP, Connect, 0.0.0.0:56785 -> 192.168.1.1:53, C:\Program Files\Avira\AntiVir Desktop\sched.exe(1512/2724)
    [TDI] Passed by rule: "UDP, --> sched.exe, [53], +(*), (session)"
    12/11/10 00:38:22 [TDI] TCP, Connect, 0.0.0.0:1026 -> 65.54.81.184:80, C:\Program Files\Avira\AntiVir Desktop\sched.exe(1512/2724)
    [TDI] Passed by rule: TCP, --> sched.exe, [80], +(*)
     
    Last edited: Nov 12, 2010
  3. qwerty12345

    qwerty12345 Registered Member

    Joined:
    Nov 2, 2010
    Posts:
    32
    I'm experiencing the same behaviour, although I am using Avira 10 and it occured after the installation of SP1.

    Have you tried in the Avira forum? I have started a thread there asking the same question as you (I've yet to get a response so far though).

    This is my post at Avira - http://forum.avira.com/wbb/index.php?page=Thread&threadID=121735 - if you would like to add your concerns to that thread, you're more than welcome. Maybe if more people ask this question, we'll be more likely to get a response.
     
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  5. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Last edited: Nov 16, 2010
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Thank you very much Stefan. At least that partially explains why I have been getting errors like the one below in my event viewer. Now I have to figure out why the list isn't updating or do away with it.


    Event Type: Error
    Event Source: crypt32
    Event Category: None
    Event ID: 8
    Date: 11/16/2010
    Time: 11:13:52 PM
    User: N/A
    Computer: NAME
    Description:
    Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
     
  7. qwerty12345

    qwerty12345 Registered Member

    Joined:
    Nov 2, 2010
    Posts:
    32
    Stefan, do you work on Avira? If so, it's nice to see you post, even if it isn't at your own forum. I posted the following on the Avira forum, but got no response, would you (or anyone reading this who works on Avira AntiVir) care to comment?

     
Loading...
Thread Status:
Not open for further replies.