W

Wave

Avira do have self-protection, please try re-installing the product and try again.

Use Process Explorer or Process Hacker , and check if you can terminate the service (if any).
Terminating the GUI doesn't matter if the service is still running.
The GUI process does matter because if it's not allowed to run then the user cannot modify any settings to enable protection if it's disabled, or respond to any potential alerts.

Process Explorer won't be able to terminate any Avira processes due to it being user-mode only, however Process Hacker will only succeed if and only if it relies on it's kernel-mode driver to bypass access checks (kprocesshacker.sys - which Avast actually blacklisted now haha).

Did you run Windows Task Manager with Admin privileges?
Elevation isn't a factor since Avira use a kernel-mode driver to use ObRegisterCallbacks which is system-wide (even for the kernel code execution), the only way to bypass it when it's working is from within kernel-mode using kernel-mode only functions such as ObOpenObjectByPointer.

----
To OP: submit a help ticket to Avira support in the case of a bug, but beforehand please reinstall the product and re-check if the process protection works - make sure it's enabled within the Avira settings though.
 

Pearl96

Level 5
Avira do have self-protection, please try re-installing the product and try again.


The GUI process does matter because if it's not allowed to run then the user cannot modify any settings to enable protection if it's disabled, or respond to any potential alerts.

Process Explorer won't be able to terminate any Avira processes due to it being user-mode only, however Process Hacker will only succeed if and only if it relies on it's kernel-mode driver to bypass access checks (kprocesshacker.sys - which Avast actually blacklisted now haha).


Elevation isn't a factor since Avira use a kernel-mode driver to use ObRegisterCallbacks which is system-wide (even for the kernel code execution), the only way to bypass it when it's working is from within kernel-mode using kernel-mode only functions such as ObOpenObjectByPointer.

----
To OP: submit a help ticket to Avira support in the case of a bug, but beforehand please reinstall the product and re-check if the process protection works - make sure it's enabled within the Avira settings though.
I am sure I am having an issue! As I remember Avira alerts you and pops up a notification if a virus is detected but I don't get any of these just a sound but not a notification! Have they changed such a thing in 2017 edition?
 
W

Wave

Have they changed such a thing in 2017 edition?
Doubt it.

Try downloading the Eicar Test (perfectly harmless test file that most vendors make a generic signature for so people can test if the protection is working properly): Download ° EICAR - European Expert Group for IT-Security - see what happens, Avira should detect it I believe.

Please try reinstalling the product and then check if the self-protection functionality is working properly. If it isn't after re-installing then contact Avira.
 
  • Like
Reactions: JM Safe

Pearl96

Level 5
Doubt it.

Try downloading the Eicar Test (perfectly harmless test file that most vendors make a generic signature for so people can test if the protection is working properly): Download ° EICAR - European Expert Group for IT-Security - see what happens, Avira should detect it I believe.

Please try reinstalling the product and then check if the self-protection functionality is working properly. If it isn't after re-installing then contact Avira.
I have downloaded EICAR test file and Avira successfully detected it but did not give any notifications just a sound
 
  • Like
Reactions: Wave

Pearl96

Level 5
Yes.. So uninstall -> restart -> install -> restart -> now check if everything works. :)
Now I am 100% sure that there is an issue with avira. I added the file cloudcar.exe manually to Avira's quarantine and it is detected in the quarantine but not when download the file or even scan it! See the screenshots for more details
Screenshot (3).png
cloudcar.PNG
 
  • Like
Reactions: Wave
W

Wave

Dont reinstall it.... if the gui is disabled no warnings are given...
He said the self protection isn't working, therefore unless his system is infected with malware which is causing Avira not to work correctly, reinstalling the product is his best bet next to requesting support.

If his system is already infected, it doesn't matter if he uninstalls it, since it didn't detect anything and it's been beaten already, so it wouldn't cause any additional harm.

If he reinstalls it and the issue persists then he can contact Avira, they can perform diagnostic info and if the system is really infected which is causing the problem then OP can request assistance on this forum if he'd like.

However if he reinstalls it and the issue persists and he believes his system is infected, best use another machine since malware can steal your information such as login credentials (e.g. banking).
 

Pearl96

Level 5
He said the self protection isn't working, therefore unless his system is infected with malware which is causing Avira not to work correctly, reinstalling the product is his best bet next to requesting support.

If his system is already infected, it doesn't matter if he uninstalls it, since it didn't detect anything and it's been beaten already, so it wouldn't cause any additional harm.

If he reinstalls it and the issue persists then he can contact Avira, they can perform diagnostic info and if the system is really infected which is causing the problem then OP can request assistance on this forum if he'd like.

However if he reinstalls it and the issue persists and he believes his system is infected, best use another machine since malware can steal your information such as login credentials (e.g. banking).
Hello! First of all my system isn't infected and it's a fresh install of windows 10. I have reinstalled Avira and it seems the issue has been resolved! I am not able to terminate Avira's processes but the GUI. When I click end process nothing happens to all avira's processes but the GUI one! I have one more question. Avira's cloud only work when the suspecious file is initiated? I mean isn't the scanner cloud-powered?
Thank you very much and I really appreciate your help from A to Z :)
 
  • Like
Reactions: Wave and RXZ6Q
W

Wave

When I click end process nothing happens to all avira's processes but the GUI one!
That isn't how it used to be when I reported a vulnerability to them (which actually evolved around the GUI), I think they removed protection from the GUI so my vulnerability would no longer matter hahaha :D funny...
 

Pearl96

Level 5
Avira's journey in my laptop has ended here :) I did not like it at all. Also its usage was increasing by time
 
  • Like
Reactions: RXZ6Q

RXZ6Q

Level 3
Avira's journey in my laptop has ended here :) I did not like it at all. Also its usage was increasing by time
Thanks for sharing your situation. What are going to switch to? I feel like Windows Defender is PRETTY GOOD in terms of protection + usage. I would say in detection it's like -10-20% worse than top AVs, but that's still pretty good.
 

spaceoctopus

Level 15
Verified
Content Creator
Avira is a very good and powerful product. In that case, there should be an issue, a bug or something like that. In General >Security you will find Product Protection, and every boxes should be ticked. If every boxes are ticked and the issue is the same, better contact their support.

 
Last edited:
  • Like
Reactions: Parsh

Parsh

Level 24
Verified
Trusted
Malware Hunter
I have one more question. Avira's cloud only work when the suspecious file is initiated? I mean isn't the scanner cloud-powered?
apc-infographic.png

So yes, any suspects detected due to reasons like suspicious behavior/ action sequence/ unrecognizable files... will be sent to cloud for confirmation.
However, all Avira cloud does is verify against their threat DB (possibly somewhat advanced than their offline protection, they say that this way attackers cannot analyse how their mechanism works) to identify file's safety flag.
I'm not sure how exactly it differs from other clouds out there. Panda uses classification method, applies analysis and flags the bad files, similar to HMP and the likes.
apc-bubbles.png

But that shouldn't be the case with eicar test files. It's detection is a defacto for most AVs.
 
Last edited:

Pearl96

Level 5
View attachment 142473
So yes, any suspects detected due to reasons like suspicious behavior/ action sequence/ unrecognizable files... will be sent to cloud for confirmation.
However, all Avira cloud does is verify against their threat DB (possibly somewhat advanced than their offline protection, they say that this way attackers cannot analyse how their mechanism works) to identify file's safety flag.
I'm not sure how exactly it differs from other clouds out there. Panda uses classification method, applies analysis and flags the bad files, similar to HMP and the likes.

But that shouldn't be the case with eicar test files. It's detection is a defacto for most AVs.
Thank you for the clarification (Y)