I encountered the same problem like Doomer. I opened an support ticket on this and they gave me some try-and-error-tips which did not solve the problem. After three months and further own analysis, I found a workaround and gave up on the Avast support.
The cause of the problem are changes in the so-called Avast “emergency updates”. Since December 2013, for each update a new .exe file with another name is run (see files in the Program Files\AVAST Software\Avast\setup\emupdate directoryx) and fetches data from some Google servers. This interferes with my Personal Firewall (I use Commodo), which will prompt the user if any unknown .exe file tries to access the internet. Obviously the prompt failes when it occurs at system logon time.
The “emergency updates” are run through different cuncurring mechanisms:
- regulary through the Avast software, probably by running AvastEmUpdate.exe in the interval specified in the update settings
- once a day through the Windows task scheduler by running AvastEmUpdate.exe
- upon each Windows logon by running AvastEmUpdate.exe
- when a new update was found, once upon next login through a temporary registry setting at HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce, which directly runs a file in Avast\setup\emupdate.
The latter two are problematic regarding personal firewalls.
I solved this using the following workarounds:
- Grant full Internet access to Program Files\AVAST Software\Avast\setup\emupdate*.exe, by defining a program group for this in the Commodo Defense+ settings (see http://help.comodo.com/topic-72-1-284-3031-Protected-Files-and-Folders.html) and then adding a rule in the Commodo Firewall settings which gives full internet access to this group. This will reduce the hanging on login from several minuts to 10…20 seconds.
2a. I disabled the Avast emergency updates on logon in the windows task scheduler (this actually was a tip from the Avast support team, which however is not sufficient)
2b. I wrote some own tool which regularly deletes all Avast emupdate entries from HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce. Here is the C code to do this:
void vDeleteAvastEmupdateRunOnce()
{
char cVname[16384];
DWORD nNamelen, nDatalen;
DWORD nType;
char cData[16384];
HKEY hKey;
DWORD n = 0;
if (RegOpenKey(HKEY_LOCAL_MACHINE,“SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce”, &hKey) == ERROR_SUCCESS)
{
nNamelen = sizeof(cVname);
nDatalen = sizeof(cData);
while (RegEnumValue(hKey, n++, (LPSTR)&cVname, &nNamelen, NULL, NULL, NULL, NULL) == ERROR_SUCCESS)
{
if (RegQueryValueEx(hKey, cVname, 0, &nType, (LPBYTE) cData, &nDatalen) == ERROR_SUCCESS)
if (nType == REG_SZ && strstr(cData, “\Avast\setup\emupdate\”) != NULL)
{
RegDeleteValue(hKey, cVname);
break;
}
nNamelen = sizeof(cVname);
nDatalen = sizeof(cData);
}
RegCloseKey(hKey);
}
}
Now emupdate runs completely silent without bothering me, as it was in ealier Avast versions befor the ominous December’13 update.
Another option would be blocking Internet access by emupdate in the PF, which probably will disable the emergency updates. Not long ago (still in January '14) there was an Avast setting to disable the emergency updates. No idea why they removed it, especially after the reports about this problems.