Avira AV update hangs systems - Update
A faulty update for Avira's paid-for anti-virus software blocks harmless processes and may in some cases stop computers from booting. The update results in the ProActiv behavioural monitoring component becoming oversensitive in its treatment of executable files.
According to user reports, ProActiv blocks trusted system processes such as cmd.exe, rundll32.exe, taskeng.exe, wuauclt.exe, dllhost.exe, iexplore.exe, notepad.exe and regedit.exe. In some cases this results in Windows failing to boot properly. It also appears to be blocking non-OS applications such as Microsoft Office, the Opera web browser and Google's Updater program.
All versions which include the ProActiv behavioural monitoring component are affected, including Avira Antivirus Premium 2012 and the enterprise version; only 32-bit systems are affected, as ProActiv doesn't currently support 64-bit operating systems. On the Avira forum, an employee of a company which runs Avira on one hundred computers complains that, "This update has been pretty catastrophic. The whole company ground to a standstill."
In view of the arbitrariness with which the behavioural monitoring component is blocking files, users who have installed the update are advised to disable ProActiv. To do so, access Avira's settings, activate the Expert mode using the switch on the left and uncheck 'Enable Avira ProActiv' under 'Realtime Protection', 'ProActiv'. According to user reports, if Windows is having difficulty booting, this can be fixed in some cases by starting in safe mode and then deactivating ProActiv.
In a statement to The H's associates at heise Security, Avira confirmed the problem and said that its developers are currently working on an automatic update to resolve the bug. The potential scale of the bug is huge – according to Avira, the faulty update has already been downloaded more than 70 million times; this figure includes those running the free version of Avira which is not affected. The company has now stopped distributing the update.
Update: Avira recommends adding exceptions for the affected system processes to the ProActiv's Application filter. However, as the list of processes is rather long, it is still advised for the time being to disable ProActiv.
Update 16-05-12: Avira has released an update for its products that caused them to block legitimate Windows applications and system processes.