Author Topic: Avast detected Windows Update as malicious  (Read 23946 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #15 on: August 12, 2014, 08:14:33 PM »
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine

Thanks, dprout69!

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Avast detected Windows Update as malicious
« Reply #16 on: August 12, 2014, 08:15:13 PM »
Same issue here... which the avast team should easily be able to reproduce if necessary.

Windows Updates (I'm on Win7SP1x64) for DotNet Framework 3.5.1

I believe the specific update was kb2943357 (but it could have been kb 2937610).

The update was placing a plethora (20? 30? 40? who knows) of .TMP files on the hard drive, which were picked up as suspicious EVO-GEN.   Avast defs 14-08-12-0

There was no practical way to capture and upload all of these files for F/P testing.   There was also NO simple option to IGNORE these files, as I wanted to do (choices included fix, delete, repair, quarantine).   Since these were directly from Microsoft Update, I believed they were safe, and wanted to install them.

Basically, I believe/hope I x'd out each of the warning windows... and that doing so would "ignore" the warning, and allow the files to download/install.   I'm only hoping I didn't miss any... Windows Update indicates the installation was successful... but what if I clicked ignore on say, only 39 out of 40?  Could that still show as "successful"?   Would it be wise to try to re-install the update?
« Last Edit: August 12, 2014, 08:50:23 PM by ky331 »
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline CaptainLeonidas

  • Jr. Member
  • **
  • Posts: 75
  • Security rests between the display and the chair.
Re: Avast detected Windows Update as malicious
« Reply #17 on: August 12, 2014, 08:17:57 PM »
https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

PS: The update is rated "Important" according to: https://technet.microsoft.com/library/security/ms14-aug
« Last Edit: August 12, 2014, 08:24:27 PM by CaptainLeonidas »
OS's used: Windows 10 Pro (x64) 1607 <-> Windows 7 Ult (x64) <-> Windows 8.1 Ult (x64) <-> Windows 2012 Essentials R2 (x64)
Avast Internet Security (sub for 10 PC's), HPM.Alert, Malwarebytes, Asus-x99 Deluxe/U3.1 (Intel Core i7 X980 EE - 64Gb Ram - NVidia Geforce x980 - Samsung PCI-e 950Pro 512 SSD), Microsoft Surface Pro 4 (6th Gen Intel Core i7 CPU - 16Gb Ram - 512 SSD)
When installing Avast! be sure to use the custom install... never the default!

REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #18 on: August 12, 2014, 08:21:05 PM »
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine... you should actually be able to just take your computer offline, turn off avast, hit try again on windows update (the files have already downloaded) and it should install correct?

Just read your edit. I didn't realize the update file had already been downloaded, I've just been rerunning the Windows Update. I'll try your suggestion.

REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #19 on: August 12, 2014, 08:25:50 PM »
https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

Mine shows that kb2943344 is the problem; maybe it varies depending on the computer?

Offline CaptainLeonidas

  • Jr. Member
  • **
  • Posts: 75
  • Security rests between the display and the chair.
Re: Avast detected Windows Update as malicious
« Reply #20 on: August 12, 2014, 08:27:33 PM »
Vista? > update if not mistaken Microsoft .NET Framework 3.0 Service Pack 2 (2943344) (Important)

I run Windows 7 (x64)
« Last Edit: August 12, 2014, 08:29:11 PM by CaptainLeonidas »
OS's used: Windows 10 Pro (x64) 1607 <-> Windows 7 Ult (x64) <-> Windows 8.1 Ult (x64) <-> Windows 2012 Essentials R2 (x64)
Avast Internet Security (sub for 10 PC's), HPM.Alert, Malwarebytes, Asus-x99 Deluxe/U3.1 (Intel Core i7 X980 EE - 64Gb Ram - NVidia Geforce x980 - Samsung PCI-e 950Pro 512 SSD), Microsoft Surface Pro 4 (6th Gen Intel Core i7 CPU - 16Gb Ram - 512 SSD)
When installing Avast! be sure to use the custom install... never the default!

REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #21 on: August 12, 2014, 08:28:23 PM »
Yes.

REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #22 on: August 12, 2014, 08:29:45 PM »
I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)
i would say yes ..... Microsoft could have waited with the release and you would not have known about them

HUH ?
Are you saying MS should change their Patch Tuesday update schedule based on Avast definition updates ?
 ??? 

Offline CaptainLeonidas

  • Jr. Member
  • **
  • Posts: 75
  • Security rests between the display and the chair.
Re: Avast detected Windows Update as malicious
« Reply #23 on: August 12, 2014, 08:30:35 PM »
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug
OS's used: Windows 10 Pro (x64) 1607 <-> Windows 7 Ult (x64) <-> Windows 8.1 Ult (x64) <-> Windows 2012 Essentials R2 (x64)
Avast Internet Security (sub for 10 PC's), HPM.Alert, Malwarebytes, Asus-x99 Deluxe/U3.1 (Intel Core i7 X980 EE - 64Gb Ram - NVidia Geforce x980 - Samsung PCI-e 950Pro 512 SSD), Microsoft Surface Pro 4 (6th Gen Intel Core i7 CPU - 16Gb Ram - 512 SSD)
When installing Avast! be sure to use the custom install... never the default!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37161
  • Not a avast user
Re: Avast detected Windows Update as malicious
« Reply #24 on: August 12, 2014, 08:31:32 PM »
Quote
HUH ?
Are you saying MS should change their Patch Tuesday update schedule based on Avast definition updates ?
No that is not what i am saying.....


REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #25 on: August 12, 2014, 08:35:42 PM »
Then what are you saying ?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37161
  • Not a avast user
Re: Avast detected Windows Update as malicious
« Reply #26 on: August 12, 2014, 08:37:08 PM »
Then what are you saying ?
go back and read my post again .... edited

REDACTED

  • Guest
Re: Avast detected Windows Update as malicious
« Reply #27 on: August 12, 2014, 08:37:18 PM »
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly.  :)

Offline CaptainLeonidas

  • Jr. Member
  • **
  • Posts: 75
  • Security rests between the display and the chair.
Re: Avast detected Windows Update as malicious
« Reply #28 on: August 12, 2014, 08:41:31 PM »
Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly.  :)

I will monitor the update though. The link for the KB2943344 following: This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.

Same for the Windows 7 version I had issue's with. I just hope EMET 5.0 mitigates this issue till the patch becomes installable.
Avast is not flagging the updates for Windows 8.1 Pro (x64) Tested this on a Microsoft Surface Pro tablet PC.

For the record the .NET updates for Windows 2012 Essentials without Avast runs just fine. So it is Avast issue for sure.
« Last Edit: August 12, 2014, 08:47:28 PM by CaptainLeonidas »
OS's used: Windows 10 Pro (x64) 1607 <-> Windows 7 Ult (x64) <-> Windows 8.1 Ult (x64) <-> Windows 2012 Essentials R2 (x64)
Avast Internet Security (sub for 10 PC's), HPM.Alert, Malwarebytes, Asus-x99 Deluxe/U3.1 (Intel Core i7 X980 EE - 64Gb Ram - NVidia Geforce x980 - Samsung PCI-e 950Pro 512 SSD), Microsoft Surface Pro 4 (6th Gen Intel Core i7 CPU - 16Gb Ram - 512 SSD)
When installing Avast! be sure to use the custom install... never the default!

Offline abruptum

  • Massive Poster
  • ****
  • Posts: 2460
Re: Avast detected Windows Update as malicious
« Reply #29 on: August 12, 2014, 08:47:55 PM »
After this FP warning I was not able to install KB2937610 (update for NET framework 3.5.1).
Finally,after fifth attempt,update was installed successfully.Of course I had to disable Avast during WU installation.
Thank you Avast.