Major Avast Problem! (build 12.2.3126.2)

From http://www.wilderssecurity.com/threads/avast-2016.381211/page-6#post-2605687

The digital signature of the UI [User Interface] process executable (AvastUI.exe) became corrupted during the release process, causing the self-defense driver to block the communication pipe with the service.

In essence, it was just a UI [reporting] problem (the protection service/shields weren't affected at all), but a very visible one.

---------------------------------------------------------------------------------

From https://forum.avast.com/?topic=189221.0

UPDATE:

This is now fixed. All fresh installations are OK from now on.
For existing affected users, if it doesn't update automatically, the fastest way to fix it is to run C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe and then reboot.

-----------------------------------------------------------------------------------

Remark:   I followed the suggested fix --- to manually run AvastEmUpdate and reboot --- and it worked for me.   However, the fixed version is still identified as 12.2.2276 - build 12.2.3126.2 , which is not particularly helpful to anyone looking at the version numbers

Thanks for your updates on this issue, ky331. I'm glad to see it is resolved.

This latest glitch from avast reminds me of a similar problem when a 2015 Panda update labelled some of its own files as malware. It didn't affect me, as I don't run on-demand scans regularly, and Panda fixed the update quickly. Which prompts me to ask: Would users of avast been aware of this problem if they did not run on-demand scans? Would subsequent avast updates have corrected the error without end-user action?

I mostly post these days about the results of independent AV tests from various sources. It has not escaped my notice that none of these tests takes into account the sporadic grief caused by bad updates, which all AV vendors seem susceptible to on occasion. But that is a topic for a new thread, which I'll get around to posting soon.

Would users of avast been aware of this problem if they did not run on-demand scans?

Absolutely... upon receiving this bad update --- which was pushed as an "emergency update" via a scheduled task --- users noted a big Red X on the avast icon in their system tray.   And if they clicked on the icon for details, they were immediately advised that  You are unprotected! Avast Background service is not running.  If anyone checked further, for example, going to the update status, they'd see that avast was not connected online, and could not recognize the presence of any database.   Clicking the FIX THIS button did NOT repair the situation.   So it was very scary for users, believing that avast left them unprotected.   That's why so many people posted online at the avast forum to complain.

Now, as VLK eventually wrote:  The digital signature of the UI [User Interface] process executable (AvastUI.exe) became corrupted during the release process, causing the self-defense driver to block the communication pipe with the service...  In essence, it was just a UI [reporting] problem (the protection service/shields weren't affected at all), but a very visible one.

Paraphrasing:   The User Interface (UI) was corrupted during the emergency update.   Avast's self-protection module "concluded" this as being some form of "attack", and so then blocked the UI from communicating with the remainder of avast's files.   Avast's other files were NOT damaged... they remained intact:   The avast service WAS running, the database WAS present, and avast WAS still protecting the user all the time!   The problem was, the UI "couldn't see" any of this, and so offered a glaringly erroneous report, alleging that avast wasn't working.   But users didn't know this:   they read the warning, believed they were unprotected, and panicked.

In that sense, it was very different from the Panda F/P you mentioned... in that case, Panda actually quarantined its own files!    In this case, NOTHING was quarantined.   We just had to wait until avast pushed another emergency update, correcting the problem [or the user "forced" the emergency update, as I did, after reading to do so].

Wow!  Thanks for the clarification.

As Cool Hand Luke said, "What we've got here is a failure to communicate". But at least it failed safe, even if users were not aware. Good on avast for posting a quick fix.

"What we've got here is a failure to communicate". But at least it failed safe

Technically, yes.   But I can only imagine the unnecessary complications... and hours of wasted time... by frantic avast users who THOUGHT they were unprotected, and so tried to repair, reinstall, and perhaps even remove avast in favor of another antivirus :emotion-7:

Full explanation and response from avast:  https://forum.avast.com/index.php?topic=189349.0

And the "fun" [sarcastic] continues:  Avast causes Blue Screen after Windows 10 Anniversary Update 
https://forum.avast.com/index.php?topic=189403.0

I have not personally experienced this, as I don't have any Win10 systems here.

Please note reply #61 https://forum.avast.com/index.php?topic=189403.msg1329994#msg1329994

"the issue really seems to occur only on the last generation of Intel CPUs.

• Previous generations of Intel Core CPUs are fine. Moreover, it did not show up during the testing on the Win 10 preview builds.
  
  We are already working on a fix and hopefully, we are going to deliver it via an emergency update. I will keep you posted.
  
  Thank you also for your patience. We are having a hard time with this update as well."

•  

• this issue occurs only on Intel Skylake CPUs when VT-x instructions are enabled in the BIOS. As a workaround, you can temporarily disable the VT-x in BIOS.
  

Full explanation and response from avast on the Win10 Bluescreen / Skylake problem:
https://forum.avast.com/index.php?topic=189503.0

I still like the idea of all the control avast gives the advanced user... so many settings available for customization/tweaking (for those who wish to do so).    And yes, it has its [reasonable] defaults, for those beginning users who don't want to get involved with anything complicated.

Unfortunately, avast --- like just about any product on the market --- thinks change is always good.   What used to be a tiny, effective product has grown/bloated immensely.   Fortunately, a customized install still allows the user much control over which modules to install, and you can narrow it down to just the file and web shields, if that's all you wish.

I'm surprised at avast buying AVG.   I hope that doesn't make things even worse.

Yes, I'm using Panda on several of my machines, including my 8.1 tablet.   Very simple (although it does offer A FEW options that can be tweaked).   And based on my experimental analysis, it seems to be highly effective, and light-weight.   I had been using Panda on my XP system, but it didn't seem to be working fully there (starting with the 2016 version), so I went back to avast.   I prefer to use avast on my Win7 laptop, and will continue to do so, unless/until avast becomes burdensome there.  [The latest build of avast forcibly disables WD on Win7, even for use as an on-demand scanner.   I don't understand why it's doing that.]

I kinda glad I walked away from the product a few years ago!

Windows Firewall, Panda AV, and MBAM Pro seem to get the job done...on the Vista computer.

Something "similar" happened again... albeit on a much smaller scale:   "A few" avast users were reporting that the avast background service was stopping, which disabled avast's active protection.   For those impacted, the problem has (allegedly) been fixed via the release of database 160908-2 [or later].

https://forum.avast.com/index.php?topic=190625.0

Remark:   I was NOT impacted by this issue.