What happened?
On Friday, July 29, Avast released a hotfix for the Avast user-interface (UI) component via the emergency update channel for Avast version 12.2.2276. This hotfix contained a bug which disrupted communication between the Avast Service and the Avast UI. Thus, the warning message "You are unprotected! Avast Background service is not running." was incorrectly displayed in the Avast UI. Despite this, the Avast service was running and you continued to be protected.
Why did it happen?
The emergency update channel is one of our regular update channels. We use it to release critical fixes and security updates between major version updates such as the above mentioned emergency update which rectified a troublesome behavior of the Avast UI. All hotfixes are subject to automated and manual testing by our QA engineers before being released via this channel. In this particular case, however, a slight difference between the testing environment and the production environment made it possible for this defective hotfix to enter production.
When did everything return to normal?
On Saturday afternoon at 2pm, a fix for the issue was released via the emergency update channel. This immediately resolved the issue for those who performed a clean installation after this time. For others, the fix took effect later, however, a reboot was still required to apply it. If you’re an existing user, and you’re yet to receive the fix, the fastest way to rectify the situation is to run the C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe file then reboot your PC.
Why won’t it happen again?
Over the weekend, we worked very hard to enhance the release, improve our quality assurance process, and resolve the bug. Despite this, I understand that it was even worse for some of you who endured a sleepless night trying to understand what was wrong while waiting patiently for Avast to release a meaningful explanation. At Avast, it is my responsibility to ensure bugs like this never make it to production. On this occasion, I obviously failed, and I sincerely apologize for such an error on my part. But apologies will not provide you with a better security product, so please let me share some of the changes we’ve made today and what we plan to change in the near future:
- Our rollback process for released emergency updates has been simplified and now takes just a few minutes to stop the distribution of an emergency update.
- Manual tests now include assessments within a production-like environment and automated tests are being improved in similar way.
- Monitoring of the production environment is being improved and we’re implementing immediate escalation to responsible personnel.
- The Avast UI will be improved to recognize whether there really is an issue with the protection or just a problem with the service <-> UI communication.
Last but not least, so that we are always available to respond to and rectify errors of this nature in a timely manner, we will ensure that releases are never performed in the evenings or before weekends unless absolutely critical.
Have a good day,
Petr