The GUI process does matter because if it's not allowed to run then the user cannot modify any settings to enable protection if it's disabled, or respond to any potential alerts.Use Process Explorer or Process Hacker , and check if you can terminate the service (if any).
Terminating the GUI doesn't matter if the service is still running.
Elevation isn't a factor since Avira use a kernel-mode driver to use ObRegisterCallbacks which is system-wide (even for the kernel code execution), the only way to bypass it when it's working is from within kernel-mode using kernel-mode only functions such as ObOpenObjectByPointer.Did you run Windows Task Manager with Admin privileges?
I am sure I am having an issue! As I remember Avira alerts you and pops up a notification if a virus is detected but I don't get any of these just a sound but not a notification! Have they changed such a thing in 2017 edition?Avira do have self-protection, please try re-installing the product and try again.
The GUI process does matter because if it's not allowed to run then the user cannot modify any settings to enable protection if it's disabled, or respond to any potential alerts.
Process Explorer won't be able to terminate any Avira processes due to it being user-mode only, however Process Hacker will only succeed if and only if it relies on it's kernel-mode driver to bypass access checks (kprocesshacker.sys - which Avast actually blacklisted now haha).
Elevation isn't a factor since Avira use a kernel-mode driver to use ObRegisterCallbacks which is system-wide (even for the kernel code execution), the only way to bypass it when it's working is from within kernel-mode using kernel-mode only functions such as ObOpenObjectByPointer.
To OP: submit a help ticket to Avira support in the case of a bug, but beforehand please reinstall the product and re-check if the process protection works - make sure it's enabled within the Avira settings though.
Doubt it.Have they changed such a thing in 2017 edition?
I have downloaded EICAR test file and Avira successfully detected it but did not give any notifications just a soundDoubt it.
Try downloading the Eicar Test (perfectly harmless test file that most vendors make a generic signature for so people can test if the protection is working properly): Download ° EICAR - European Expert Group for IT-Security - see what happens, Avira should detect it I believe.
Please try reinstalling the product and then check if the self-protection functionality is working properly. If it isn't after re-installing then contact Avira.
Now I am 100% sure that there is an issue with avira. I added the file cloudcar.exe manually to Avira's quarantine and it is detected in the quarantine but not when download the file or even scan it! See the screenshots for more detailsYes.. So uninstall -> restart -> install -> restart -> now check if everything works.
He said the self protection isn't working, therefore unless his system is infected with malware which is causing Avira not to work correctly, reinstalling the product is his best bet next to requesting support.Dont reinstall it.... if the gui is disabled no warnings are given...
Hello! First of all my system isn't infected and it's a fresh install of windows 10. I have reinstalled Avira and it seems the issue has been resolved! I am not able to terminate Avira's processes but the GUI. When I click end process nothing happens to all avira's processes but the GUI one! I have one more question. Avira's cloud only work when the suspecious file is initiated? I mean isn't the scanner cloud-powered?He said the self protection isn't working, therefore unless his system is infected with malware which is causing Avira not to work correctly, reinstalling the product is his best bet next to requesting support.
If his system is already infected, it doesn't matter if he uninstalls it, since it didn't detect anything and it's been beaten already, so it wouldn't cause any additional harm.
If he reinstalls it and the issue persists then he can contact Avira, they can perform diagnostic info and if the system is really infected which is causing the problem then OP can request assistance on this forum if he'd like.
However if he reinstalls it and the issue persists and he believes his system is infected, best use another machine since malware can steal your information such as login credentials (e.g. banking).
That isn't how it used to be when I reported a vulnerability to them (which actually evolved around the GUI), I think they removed protection from the GUI so my vulnerability would no longer matter hahaha funny...When I click end process nothing happens to all avira's processes but the GUI one!
Thanks for sharing your situation. What are going to switch to? I feel like Windows Defender is PRETTY GOOD in terms of protection + usage. I would say in detection it's like -10-20% worse than top AVs, but that's still pretty good.Avira's journey in my laptop has ended here I did not like it at all. Also its usage was increasing by time
I have one more question. Avira's cloud only work when the suspecious file is initiated? I mean isn't the scanner cloud-powered?
Thank you for the clarification (Y)View attachment 142473
So yes, any suspects detected due to reasons like suspicious behavior/ action sequence/ unrecognizable files... will be sent to cloud for confirmation.
However, all Avira cloud does is verify against their threat DB (possibly somewhat advanced than their offline protection, they say that this way attackers cannot analyse how their mechanism works) to identify file's safety flag.
I'm not sure how exactly it differs from other clouds out there. Panda uses classification method, applies analysis and flags the bad files, similar to HMP and the likes.
But that shouldn't be the case with eicar test files. It's detection is a defacto for most AVs.