Avast Emergency Update Feature is Broken

I have a serious problem with the Avast Emergency Update from 23.11.2013.

I’ve seen the 373b212d-da9.exe process run twice on my system this week, and every time it has run, it has almost completely frozen my system. Almost all programs became unusable, all browsers freeze, skype freezes, I cannot shut down or restart, and cannot kill the 373b212d-da9 process, which also happens to be digitally signed by Avast Software. I used the reset button the first time, and today it has happened again and I realized I can just disable avast self protection module and kill the process. The moment it is ended, everything is normal again.

Something is seriously wrong with this emergency update feature, as I didn’t have this problem before updating to Avast 2014.9.0.2008. It cannot be uninstalled either from avast setup. I am using Vista 32 bit.

Edited:

My original post detailed an issue I had with the SSD drive no longer being stable and a repair tech blamed it on Avast. After talking to him, I attributed the issue to an emergency update that was running at the time of the first crash. I’ve since come to learn that Avast DID NOT cause the issue. The problem and fix ended up being a bit more expensive than simply uninstalling Avast… needed a new motherboard. The machine’s running great now and I will be reinstalling Avast.

Just wanted to make sure to let others know that in my case, Avast wasn’t at fault!

I have used Avast for years also. Since version 4. I am still on version 8 because it works and I like it. But I refuse to “upgrade” to the newest version. Honestly Avast is not what is used to be. I have stopped recommending it and no longer install it on computers I fix or build. It was much better when it was a simple Av solution instead of trying to be everything I don’t need or want.

I have used Avast for years also. Since version 4. I am still on version 8 because it works and I like it. But I refuse to "upgrade" to the newest version. Honestly Avast is not what is used to be. I have stopped recommending it and no longer install it on computers I fix or build. It was much better when it was a simple Av solution instead of trying to be everything I don't need or want.
No, avast is not the same, and will never be, I'm old avast 4.5 customer, the good old reliable and non trouble antivirus. Some times the "improvements" companies make to their product hurt their customers directly, but also indirectly the company itself, it just a matter of time. I know this is not the topic nor place but any of you remember the good old Nero 5 or 6 even 7, that was the best multimedia software, I've used it for over 10 years until version 8, that's when the fiasco started. Look on the net and Nero rating, by old and new customers, horrible. Nero is straggling now and seeking bell out from going under, avast might be heading the same route. Good luck.
  • comment deleted – no longer relevant

I encountered the same problem like Doomer. I opened an support ticket on this and they gave me some try-and-error-tips which did not solve the problem. After three months and further own analysis, I found a workaround and gave up on the Avast support.

The cause of the problem are changes in the so-called Avast “emergency updates”. Since December 2013, for each update a new .exe file with another name is run (see files in the Program Files\AVAST Software\Avast\setup\emupdate directoryx) and fetches data from some Google servers. This interferes with my Personal Firewall (I use Commodo), which will prompt the user if any unknown .exe file tries to access the internet. Obviously the prompt failes when it occurs at system logon time.

The “emergency updates” are run through different cuncurring mechanisms:

  • regulary through the Avast software, probably by running AvastEmUpdate.exe in the interval specified in the update settings
  • once a day through the Windows task scheduler by running AvastEmUpdate.exe
  • upon each Windows logon by running AvastEmUpdate.exe
  • when a new update was found, once upon next login through a temporary registry setting at HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce, which directly runs a file in Avast\setup\emupdate.

The latter two are problematic regarding personal firewalls.

I solved this using the following workarounds:

  1. Grant full Internet access to Program Files\AVAST Software\Avast\setup\emupdate*.exe, by defining a program group for this in the Commodo Defense+ settings (see http://help.comodo.com/topic-72-1-284-3031-Protected-Files-and-Folders.html) and then adding a rule in the Commodo Firewall settings which gives full internet access to this group. This will reduce the hanging on login from several minuts to 10…20 seconds.

2a. I disabled the Avast emergency updates on logon in the windows task scheduler (this actually was a tip from the Avast support team, which however is not sufficient)

2b. I wrote some own tool which regularly deletes all Avast emupdate entries from HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce. Here is the C code to do this:

void vDeleteAvastEmupdateRunOnce()
{
char cVname[16384];
DWORD nNamelen, nDatalen;
DWORD nType;
char cData[16384];
HKEY hKey;
DWORD n = 0;

if (RegOpenKey(HKEY_LOCAL_MACHINE,“SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce”, &hKey) == ERROR_SUCCESS)
{
nNamelen = sizeof(cVname);
nDatalen = sizeof(cData);
while (RegEnumValue(hKey, n++, (LPSTR)&cVname, &nNamelen, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
if (RegQueryValueEx(hKey, cVname, 0, &nType, (LPBYTE) cData, &nDatalen) == ERROR_SUCCESS)
if (nType == REG_SZ && strstr(cData, “\Avast\setup\emupdate\”) != NULL)
{
RegDeleteValue(hKey, cVname);
break;
}
nNamelen = sizeof(cVname);
nDatalen = sizeof(cData);
}
RegCloseKey(hKey);
}
}

Now emupdate runs completely silent without bothering me, as it was in ealier Avast versions befor the ominous December’13 update.

Another option would be blocking Internet access by emupdate in the PF, which probably will disable the emergency updates. Not long ago (still in January '14) there was an Avast setting to disable the emergency updates. No idea why they removed it, especially after the reports about this problems.