404 Tech Support

Avira antivirus impairs Windows PCs when service pack blocks core executables

Antivirus vendor Avira ran into problems earlier this week when it rolled out Service Pack 0 for its Avira 2012 products. Reportedly, the situation is now resolved. Through May 14th and 15th, Avira Professional Security, Avira Internet Security 2012, and Avira Antivirus Premium 2012 blocked legitimate applications from being able to run after Service Pack 0 was applied.

Avira released a statement on the issue and says current versions on Windows desktops are now running smoothly.

We deeply regret any difficulties this has caused you. Thank you for your patience and understanding.

Any users still experiencing problems should update Avira to the latest version by going to Avira Control Center and clicking Update -> Start product update.

The problem stemmed from the real-time protection element of the security software known as ProActiv. In the statement, Avira recommends disabling ProActiv in the case that a similar problem like this should arise in the future.

A thread on Avira’s support forums shows users reporting applications like OpenOffice Writer, RunDLL32.exe, Notepad.exe, regedit.exe, cmd.exe, iexplore.exe and other applications on computers running Windows XP and Vista.

One user details the havoc the problem caused on his organization:

Our enterprise uses Avira’s Business Bundle extensively. We have 100 centrally managed users at this site alone, and a dozen users we support on the road.

This update has been pretty catastrophic. The whole company ground to a standstill.

Upon arriving at work this morning, users were greeted with an Avira update prompting them to restart their machines. Most users did so.

Unfortunately, upon reboot, most users could not log in, as Pro-Activ was blocking the login process. Some users managed to log in, but they could not open Outlook, Excel, or any other apps, due to them being blocked by Pro-Activ.

We quickly informed all users not to reboot, but most had done so already, or ignored our advisory.

After checking this forum and finding the cause of the problem (while waiting on hold with business support), we pushed out a configuration update to disable Pro-Activ. Upon rebooting, on-site users could then log in.

However, the off-site users received the update, but are now unable to connect to the VPN to receive the centrally-deployed configuration update. Trying to support a dozen off-site users who cannot even start their computers is not much fun, that’s for sure.

I’ve been a big proponent of Avira within our company, but I think that may change when it comes time to renew our license in a few months.

Avira’s quick solution was to remove ProActiv realtime protection from their products with a plan to analyze and fix the issue and reinstate ProActiv afterwards.

If you are running the latest version of Avira, you should not have this problem. For further details, consult the related KB article on the company’s support site.