How to make Avira Antivirus Free less vulnerable to shutdown
So we have a new version of Avira – Avira Free Antivirus 2012. It works fine until somethings bad happens.*
Each time you kill avguard.exe (and all it’s child objects) it’ll respawn and sched.exe will start avshadow.exe which will be ‘pinned’ to avguard.exe
But there’s a simply method – kill avguard.exe & sched.exe at the same time, ofc. sched.exe will reborn, but it’ll be ‘naked’ and easy to kill, for good this time. As a result we have turned off Avira (until the restart, but God knows what registry entries will be changed to that time ;) ) and yeah – you don’t have to be worry about some libraries/drivers that may still be present in the memmory – they’re ‘not functional’ witout C&C.
So where’s the problem ? – look at this:
The Avira services is by default configured to simply ‘stop’ after two reborns – WTF.?! – let’s try to fixt that… set ‘Subsequent failures’ to : ‘Restart Service’.
ERROR – bummer…
the registry seems to be readonly** (so the ‘self-protection’ works ^^), ok, run the Avira from your Start / Program menu, go to ‘PC Protection / Realtime Protection’ and enable it in right panel, and there will be a gear on the right from switch – click to go to ‘Configuration menu’. Ok, now we’ll be going to ‘General / Security’ – at the right section of it uncheck ‘Protect files and registry entries from manipulation’ and to go services and set it to restart after subsequent failures then re-enable the AV files & registry protection.
and now we’ll test it again…
OK, it died like the earlier versions… but… wait a minute (exactly minute) – it’ll wake up… and vuala’ :)
Ohh… and do you know what damages can be done in minute ? imagine a minigun aimed at your desk. Now imagine it fairing non-stop for 60 seconds… so how does your desk looks after that ? exactly… But don’t panic, the AV should scan all new files / reg entries right after it’ll restart so it’s not the end of the world ;)
/
*This also apply to earlier version of ‘Avira Antivirus Free’
** The ‘Self-Protection’ as I call it isn’t turn on by default.!
No trackbacks yet.