Widnows user account blocked by Avast

Since a couple of days a local (Windows10) user account is blocked by Avast. Instead I can log in with a temporary account. Deinstallation of Avast solves the problem. Reinstallation of Avast reintroduces the problem. I tried to report the bug, but the emailbax bugs@avast.com is closed.
The only solution for me was installing Avira, but I suppose it is not a solution for “Avast”.

The latest update (3-5-2017) is blocking my Windows applications (cleanmgr, updates, etc.). The problem seems to be the Behavior Shield (when turned off, the problem disappears). I’ve contacted Avast support through customer.care@avast.com (so far, no answer). If enough people report the problem, maybe they will issue a fix.

b60,
ofcourse you get no answer because that is not the way to contact avast.

Bram,
is it a roaming profile ?
Dit you use avastclear and removed all leftovers when uninstalling avast ?

http://support.avast.com/support/home
or
http://support.avast.com/support/tickets/new

I am using this address because when I opened a support ticket some time ago, it was with this address that they answered me.

I just found this, so it looks like they’re aware of the issue.

How can I resolve Behavior Shield issues?

Behavior Shield monitors the programs installed on your PC for suspicious behavior that may indicate the presence of malicious code. If this component blocks a program that you believe is safe, ensure that the latest version of the program is installed on your PC. Behavior Shield may treat outdated software as a potential security threat.

In some cases, Behavior Shield may display the error message The application was unable to start correctly (0xC00000e5) or stop an application from running and freeze your PC.

We are investigating these issues and working on a permanent solution. If necessary, temporarily disable Behavior Shield in Settings ▸ Components.
We strongly discourage permanently disabling Behavior Shield. When enabled, this protection component provides vital security for your PC.

The profile on my computer was no roaming profile. It was just the user account of my wife on my home computer. I didn’t use Avastclear. I just uninstalled Avast and the problem disappeared, reinstalling Avast reintroduced the (mis)behavior several times. I saw no other possibility as to install another antivirus program.

Was there any chance that the use of Avastclear (after uninstalling and before reinstallation of Avast) prevented the misbehavior?

It’s a strange problem. There is nothing special on the account of my wife. It’s a local Windows10 (user)account without administrator rights. the only special thing is her very unsafe password. I did not install any programs in the last days that could cause the problem (I did not check which other programs could be evildoer in cooperation with Avast). I suppose Avast is not the only wrongdoer, otherwise the problem will arise on every Windows 10 computer.

avastclear can make that little difference that is needed.

The issue apparently is with the behavior Shield–when I turn it off, the blockages disappear. But turning it off reduces protection. Hopefully they wll fix this.

Don’t turn it off. Exclude the file instead.

http://screencast-o-matic.com/screenshots/u/Lh/1489082319159-28144.png

We use Avast for Business in our organization of 200+ computers and use Windows roaming profiles. Since the program version update over the weekend (2017-03-04) we have had several problems. Most seem to have updated correctly on their own, but the problems should be reported.

Computers that are updated but not restarted. Several users got temp profiles upon login. Restarting the computer fixed some of these.

Computers that are restarted after Avast program update. Some users got temporary profiles. The NTUSER.DAT, NTUSER.INI, NTUSER.POL did not get synchronized to the server. Replaced these files from server copy of roaming profile into local computer copy of profile and user could login and receive profile with all of their files. Still had the following issue…

Most users (roaming profiles) had a problem with receiving temporary profiles. Apparently users’ AppData\Avast Software folder is now locked by Avast program. When users login, server copy of roaming profile fails synchronization because of this (see Windows Application log files), and user is presented with a temporary profile. Resolved this by creating a GPO to exclude AppData\Avast Software from roaming profiles. Also had to delete AppData\Avast Software folder in each user’s server copy of roaming profile. The GPO blocks copying the folder to the server, but if the AppData\Avast Software folder still exists in server copy of profile then it will attempt to write it to local computer profile upon user login, but AppData\Avast Software folder on local computer is now protected by Avast program. Because local AppData\Avast Software folder cannot be overwritten, roaming profile synchronization will fail unless the folder does not exist in the server copy.

I also noticed that deleting the local profile completely is now impossible. AppData\Avast Software is locked by Avast as well as formerly mentioned files (NTUSER…), so profile now cannot be completely deleted and new profiles receive names with extra characters appended. I checked Windows ACL’s and I am a member of local Admin group with ownership, but attempting to reset ACL’s again returns error that I am only allowed to view ownership and I am not allowed to change it. Doesn’t matter to most people, but we have lab computers that delete the profiles upon logout, and GPO’s to restart computers. End result is numerous mostly-deleted profiles.

Hope this helps some, hope Avast can add these to bugfixes.


Bram14, if you want to resolve your problem, check your Windows Application event logs. Recommend having Avast installed, logging in with problem account, then checking Windows Application event logs, you should be able to see what is failing and why you are receiving a temporary profile.

That’s what I was looking for. It solved installed programs, but not the windows applications.