Blocking the Avira In Product Marketing Popups.
Avira Free Antivirus includes a component called the In-Product Marketing GUI (IPMGUI.exe
) which shows a popup telling users of about all the viruses out there in the wild and that they should purchase a copy of Avira. This nag message occurs mostly once a day when the user logs in.
Blocking these popups aren't as straight forward as it may seem, as Avira seem to have quite a few countermeasures to prevent people blocking the ads. Here are the methods that do not work:
- Using Avira Antivirus to quarantine
IPMGUI.exe
results in a warning message that this cannot occur when the Avira Self-Protection feature is enabled. This feature is rather important to protecting Avira itself and is not recommended to be disabled. - Deleting
IPMGUI.exe
(in Safe Mode) results in Avira restoring the file automatically. - Denying execute permissions to
IPMGUI.exe
(in Safe Mode) results in an error message box showing up as execute permissions are denied. - Replacing
IPMGUI.exe
(in Safe Mode) with another dummy binary works only once and then Avira restores the originalIPMGUI.exe
, renaming the bad binary toIPMGUI.exe.tmp
. - Adding invalid entries in the windows
hosts
file to prevent the successful name resolution does not work as Avira temporarily removes the offending entries whileIPMGUI.exe
requires them and restores the entries afterwards. - Denying network access using the Basic Windows Firewall located in Control Panel does not work as Avira will just enable access.
Working Solution
A currently working solution is to prevent TCP connections to the servers responsible for serving the marketing/notifications.
DNS Queries:
- ipm.avira.com
- notifier.avira.com
IP Addresses:
- 185.123.227.12
- 185.123.227.13
This can be achieved using the Windows Firewall with Advanced Security management console.
wf.msc
- Outbound Rules
- New Rule
- Custom Rule
- All Programs
- Any Protocol
- Remote IPs should be set to the ones listed above
- Action: Block the connection
- Profile: All
- Name: "Avira IPMGUI Outbound"
The following command can be used to create the rule:
netsh advfirewall firewall add rule name="Avira IPMGUI Outbound" dir=out action=block remoteip=185.123.227.12,185.123.227.13