Avast detected Windows Update as malicious

[REDACTED]

I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine

Thanks, dprout69!

[ky331]

Same issue here... which the avast team should easily be able to reproduce if necessary.

Windows Updates (I'm on Win7SP1x64) for DotNet Framework 3.5.1

I believe the specific update was kb2943357 (but it could have been kb 2937610).

The update was placing a plethora (20? 30? 40? who knows) of .TMP files on the hard drive, which were picked up as suspicious EVO-GEN.   Avast defs 14-08-12-0

There was no practical way to capture and upload all of these files for F/P testing.   There was also NO simple option to IGNORE these files, as I wanted to do (choices included fix, delete, repair, quarantine).   Since these were directly from Microsoft Update, I believed they were safe, and wanted to install them.

Basically, I believe/hope I x'd out each of the warning windows... and that doing so would "ignore" the warning, and allow the files to download/install.   I'm only hoping I didn't miss any... Windows Update indicates the installation was successful... but what if I clicked ignore on say, only 39 out of 40?  Could that still show as "successful"?   Would it be wise to try to re-install the update?

[CaptainLeonidas]

https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

PS: The update is rated "Important" according to: https://technet.microsoft.com/library/security/ms14-aug

[REDACTED]

I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

You're fine... you should actually be able to just take your computer offline, turn off avast, hit try again on windows update (the files have already downloaded) and it should install correct?

Just read your edit. I didn't realize the update file had already been downloaded, I've just been rerunning the Windows Update. I'll try your suggestion.

[REDACTED]

https://support.microsoft.com/kb/2943357 is the update that is flagged yes.

Guess we could always suspend Avast for 30 minutes and install the update.

Mine shows that kb2943344 is the problem; maybe it varies depending on the computer?

[CaptainLeonidas]

Vista? > update if not mistaken Microsoft .NET Framework 3.0 Service Pack 2 (2943344) (Important)

I run Windows 7 (x64)

[REDACTED]

Yes.

[REDACTED]

I'll wait for the definitions update...but, apologies if this is a silly question, is it okay to be online without the failed Windows Update? (All the others installed successfully.)

i would say yes ..... Microsoft could have waited with the release and you would not have known about them

HUH ?
Are you saying MS should change their Patch Tuesday update schedule based on Avast definition updates ?
  

[CaptainLeonidas]

Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

[Pondus]

HUH ?
Are you saying MS should change their Patch Tuesday update schedule based on Avast definition updates ?

No that is not what i am saying.....

[REDACTED]

Then what are you saying ?

[Pondus]

Then what are you saying ?

go back and read my post again .... edited

[REDACTED]

Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly. 

[CaptainLeonidas]

Yes.

Guess I got it correct. Take a look at the technet link I posted earlier. It states which KB is for which OS.

From previous post: https://technet.microsoft.com/library/security/ms14-aug

As long as everything is fixed once the definitions have been updated, I'll try not to worry too much over which Windows update is causing the issue (it seems to be more or less the same problem for everyone). All the other updates installed smoothly. 

I will monitor the update though. The link for the KB2943344 following: This update resolves a vulnerability in the Microsoft .NET Framework that could bypass the Address Space Layout Randomization (ASLR) security feature if a user goes to a specially crafted website.

Same for the Windows 7 version I had issue's with. I just hope EMET 5.0 mitigates this issue till the patch becomes installable.
Avast is not flagging the updates for Windows 8.1 Pro (x64) Tested this on a Microsoft Surface Pro tablet PC.

For the record the .NET updates for Windows 2012 Essentials without Avast runs just fine. So it is Avast issue for sure.

[abruptum]

After this FP warning I was not able to install KB2937610 (update for NET framework 3.5.1).
Finally,after fifth attempt,update was installed successfully.Of course I had to disable Avast during WU installation.
Thank you Avast.