Author Topic: Windows Update is not trustworthy? Says Avast.  (Read 9924 times)

0 Members and 1 Guest are viewing this topic.

Offline LonelyPixel

  • Newbie
  • *
  • Posts: 5
Windows Update is not trustworthy? Says Avast.
« on: December 30, 2011, 07:28:44 PM »
Avast Free Antivirus (self-updated just moments before) asked me whether some unidentified application should be allowed to run. No activity was on that Windows 7 system other than the Windows Update I had just started. The updates progress hang so I thought the warning might be about one of the updates. As soon as I accepted (which was not the default option), the updates went on just fine.

This is not a big deal for me, but I usually like to recommend this product to friends that would have failed and possibly messed up their updates with this stupid warning message.

See attached screenshot (edited for smaller file size).

Offline ky331

  • Sr. Member
  • ****
  • Posts: 303
Re: Windows Update is not trustworthy? Says Avast.
« Reply #1 on: December 30, 2011, 07:53:30 PM »
(While I don't follow the German text...)

I've found that Avast's BEHAVIOR SHIELD often questions some of the Microsoft Updates... particularly those related to .NET.

If you'll notice in your screen shot, the file being downloaded is a .TMP ("temporary") file.   Sometimes, malware will disguise itself as a .TMP file to bypass detection, only to rename itself later as an executable.  Given this, the reponse by avast is understandable.

As such, whenever I see that Windows Update is including anything for .NET, I make it a point to (temporarily) DISABLE avast's BEHAVIOR shield for the duration of the download/installation (RE-enabling it immediately thereafter).

You may also find that a similar phenomenon occurs with other programs (perhaps the Visual Studio 2010 that appears in your photo, which I don't have installed on my system).
Lenovo T530 laptop, Intel Core i5-3320M @ 2.60 GHz, 8GB RAM, Windows 7 Pro SP1 (64-bit), avast! 17 Free, MBAM3 Pro, Windows Firewall, MVPS HOSTS file, OpenDNS Family Shield, Zemana AntiLogger Free, SpywareBlaster, IE11 & Firefox [both using WOT (IE set to WARN, FF set to BLOCK)], WinPatrol PLUS, uBlock Origin, MBAE, MCShield, CryptoPrevent, SAS (on-demand scanner). 
[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

Offline ady4um

  • Massive Poster
  • ****
  • Posts: 2667
Re: Windows Update is not trustworthy? Says Avast.
« Reply #2 on: December 30, 2011, 08:40:25 PM »
The behavior is not different from other tools. For example, Windows Defender would ask for your permission to let some new (or updated) driver to modify the registry.

Of course, Avast Team should always take note of this type of issues so to improve the reactions.
ADD/REMOVE PROGS -> avast -> CHANGE/REMOVE -> REPAIR & REBOOT
Avast! 7 FAQ | FAQ & KB | Docs | Removal Utils | Configure Mail Shield | report FP | License Registration | UNSECURED?

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Windows Update is not trustworthy? Says Avast.
« Reply #3 on: December 30, 2011, 10:23:17 PM »
I have never seen this Win Update behavior on my WIN 7 x64 installation since I have had Avast 6 installed - 9 months.

I have all shields set to the highest level including behavior shield. In fact every Avast setting offered is set to its highest level. As such if anyone should be getting Avast alerts, it is me. Case in point, I such had two .Net 3.5 and 4.0 security Win Updates today.

Personally, I would research this further. I know from past experience with WIN XP updates, MS proxy servers have been hacked. Something MS doesn't want to talk about. 
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline LonelyPixel

  • Newbie
  • *
  • Posts: 5
Re: Windows Update is not trustworthy? Says Avast.
« Reply #4 on: December 31, 2011, 12:07:31 AM »
There is no proxy server here on my home internet connection. I have disabled automatic updates for anything on my notebook as I don't want it to download stuff when I'm on a mobile connection and software is not smart enough to figure that out, so today was the day I updated things again. The Windows/Microsoft update in question could be a few weeks old.

I always hoped that Windows can verify the integrity of the updates it downloads. At least that's what I expect from any software update feature that's not a simple desktop application. So a virus scanner shouldn't need to watch those executables only to find suspicious activity and then have the user mess up something. Software installation and updating usually comes with such suspicious activity so it's not that interesting after all.

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Windows Update is not trustworthy? Says Avast.
« Reply #5 on: December 31, 2011, 12:38:04 AM »
Quote
There is no proxy server here on my home internet connection.
I was referring to the servers Microsoft uses for hosting it's updates. Here in the US it is primarily Alkami.
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline YoKenny

  • Serious Graphoman
  • **
  • Posts: 8788
Re: Windows Update is not trustworthy? Says Avast.
« Reply #6 on: December 31, 2011, 01:50:03 AM »
No problem on my Windows 7 system.

Maybe you should go to:
avast!WEBforum > avast! support forums > Non-english zone > Deutsch
http://forum.avast.com/index.php?board=24.0
E5200 2.5GHZ, 4GB RAM, 320GB HD, Windows 7 Home Premium 64bit, avast! V9.0 Free, IE10
P4 2.8GHZ, 1.5GB RAM, 40GB HD, XP Pro SP3 32bit, avast! V9.0 Free, Google Chrome
with hpHosts, MVPS HOSTS files, SpeedFan, WinPatrol PLUS

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7467
  • No soporte por PM.
Re: Windows Update is not trustworthy? Says Avast.
« Reply #7 on: December 31, 2011, 04:22:37 AM »
Well it does not happen in all systems but it surely does happen in XP if Behavior Shield is set to ask.

http://forum.avast.com/index.php?topic=86573.0

I said I was going to report back if setting Behavior Shield to auto-decide was not a good idea in case the installment of .NET updates were not totally installed, I did November, and December Microsoft Updates without problems and these new .NET updates for 1.1, 2.0, 3.5 installed also without any problems. So, either way, if set to auto-decide or disable behavior shield during the duration of Windows update, will eliminate all alerts.

Unless someone fron Avast! team gives a definitive answer which way to go . So, what you say ?
« Last Edit: December 31, 2011, 02:20:54 PM by iroc9555 »
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline LonelyPixel

  • Newbie
  • *
  • Posts: 5
Re: Windows Update is not trustworthy? Says Avast.
« Reply #8 on: December 31, 2011, 12:07:34 PM »
So, either way, if set to auto-decide or disable behavior shield during the duration of Windows update will eliminate all alerts.

So in the end, for users who cannot operate AV software and need to have it set up by someone else, and who are strongly advised to install Windows updates (which goes on its own quite well, if not disturbed by AV software), the only option is NOT to use behavioural filtering in Avast at all, for now. Would you agree?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Windows Update is not trustworthy? Says Avast.
« Reply #9 on: December 31, 2011, 12:45:07 PM »
The only option is NOT to use behavioural filtering in Avast at all, for now. Would you agree?
I do not agree.
See, something very special happened to avast to trigger just yours Windows Update.
Did you change the Behavior Shield settings?
The best things in life are free.

Offline iroc9555

  • CCS, Vzla.
  • Avast Überevangelist
  • Starting Graphoman
  • *****
  • Posts: 7467
  • No soporte por PM.
Re: Windows Update is not trustworthy? Says Avast.
« Reply #10 on: December 31, 2011, 02:06:51 PM »
So in the end, for users who cannot operate AV software and need to have it set up by someone else,...

Why ? Do you not know or you are not an administrator ?

See, something very special happened to avast to trigger just yours Windows Update.
Did you change the Behavior Shield settings?

I agreed. For the alerts to come up Behavior Shield must be set to " Ask ". To see how the Behavior Shield is set:

Open Avast by clicking the Avast! icon go to Real-Time Shields an open it. Look for Behavior shield at the bottom of the list and click it. At your right you got Expert Settings, click it then change the option to auto-decide. See screenshot for references.

Regards.
Hernan.
Dim 9200. C2D E6600; 2.40GHz. 4GB DDR2RAM. XP Pro_86. Spk3. IE8 & FF41. Avast FREE 2015. CIS 5.12(FW/D+). MBAM Premium. MCShield. WinPatrol +. SpywareBlasterOpenDNS. uBlock. WOT. Sandboxie

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Windows Update is not trustworthy? Says Avast.
« Reply #11 on: December 31, 2011, 03:50:46 PM »
I checked my Avast behavior shield history last night since I had applied four WIN 7 updates yesterday afternoon. Behavior shield had a count of over 400 all recorded at the time the WIN 7 updates had been downloaded and applied. Now behavior shield normally show a counts of 20 or less a day.

I personally feel Avast behavior shield is of minimal usefullness. I do find it very interesting though that it appears to be scanning Win Updates in detail whereas I have never seen it perform this throughly on anything else. Appears to me it is designed to examine changes in OS files for the most part hence the increased activity when Win Updates occur.

As far as the originally poster issue is concerned, I beleive that he might have had an existing OS file that is possibly infected or corrupted. When the corresponding Win Update was applied to that file, it caused Avast behavior shield to detect an anomoly and hence trigger an alert?
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83276
  • No support PMs thanks
Re: Windows Update is not trustworthy? Says Avast.
« Reply #12 on: December 31, 2011, 05:22:22 PM »
If you feel the behavior shield is of minimal usefulness, then uninstall it. But I would say that you are wrong, you only need to look at the expert settings to see why it is monitoring the windows update activity.

In the Main settings, one of the three options, Monitor the system for unauthorised modifications. Each windows update item will be changing many system settings, properties (namely registry and files) and this is no doubt the one that is going to be working overtime.

With the behavior shield on Auto (default option) you are probably less likely to get many pop-ups, however when it is set to Ask, be prepared to get lots of questions on if something should be allowed or not. personally I have that option unchecked as I have WinPatrol Plus installed to monitor such system changes.

The recent .net framework updates are even more intrusive as .net gets into a lot of applications, because of the applications that I have on XP that require .NET I actually had 3 .net updates, 2.x, 3.0 and 4.0.

So there are other choices than completely removing/disabling it, your system your choice.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.4.2410 (build 20.4.5312.561) UI-1.0.522/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline DonZ63

  • Poster
  • *
  • Posts: 469
Re: Windows Update is not trustworthy? Says Avast.
« Reply #13 on: December 31, 2011, 08:25:11 PM »
Quote
With the behavior shield on Auto (default option) you are probably less likely to get many pop-ups
I do have it set to auto. I will set it to ask and see if that will at least show some alerts. Under auto mode, I have never once received an alert from behavior shield.

However, since I installed Avast I have had a total of 4194 events analyzed in 9 months with 0 suspicious events. I also beleive the bulk of those 4194 events were the result of Win Update activity. In fact 1274 occuring on one day last August. That same day I installed ten WIN 7 updates. See attached Behavior Shield usage graph for the last year.

Here is a link to a uTube video test of the .1289 Behavior Shield: http://www.youtube.com/watch?v=fnudlBZ9BDY. It didn't do well at all in this test.

The devil is in the detail as the saying goes. :-\
« Last Edit: December 31, 2011, 09:27:12 PM by DonZ63 »
AMD QUAD 945, 8 GB, NVidia GTS 450, 3 HDDs
Dual boot, MBAM Pro - both OSes, WIN 7 x64 SP1, NAV 2012, IE9; XP SP3, NIS 2011, IE8

Offline LonelyPixel

  • Newbie
  • *
  • Posts: 5
Re: Windows Update is not trustworthy? Says Avast.
« Reply #14 on: January 01, 2012, 01:48:44 PM »
Oh, I know how to configure Avast or any other AV software. My concern is when other people (see my first post) see such messages and don't know what to do. While it's merely bugging me, it's actually harming those people.

Disabling those questions means leaving the decision to Avast. Given its preset response, that would probably have meant a failed update.

I have always been sceptical about those behavioural stuff. After trying any of them, I eventually disabled them all as they rendered totally useless and annoying. And so seems to be Avast's solution.

Happy new year! :-)