Blocking the Avira In Product Marketing Popups.
Avira Free Antivirus includes a component called the In-Product Marketing GUI (IPMGUI.exe) which shows a popup telling users of about all the viruses out there in the wild and that they should purchase a copy of Avira. This nag message occurs mostly once a day when the user logs in.
Blocking these popups aren't as straight forward as it may seem, as Avira seem to have quite a few countermeasures to prevent people blocking the ads. Here are the methods that do not work:
- Using Avira Antivirus to quarantine
IPMGUI.exeresults in a warning message that this cannot occur when the Avira Self-Protection feature is enabled. This feature is rather important to protecting Avira itself and is not recommended to be disabled. - Deleting
IPMGUI.exe(in Safe Mode) results in Avira restoring the file automatically. - Denying execute permissions to
IPMGUI.exe(in Safe Mode) results in an error message box showing up as execute permissions are denied. - Replacing
IPMGUI.exe(in Safe Mode) with another dummy binary works only once and then Avira restores the originalIPMGUI.exe, renaming the bad binary toIPMGUI.exe.tmp. - Adding invalid entries in the windows
hostsfile to prevent the successful name resolution does not work as Avira temporarily removes the offending entries whileIPMGUI.exerequires them and restores the entries afterwards. - Denying network access using the Basic Windows Firewall located in Control Panel does not work as Avira will just enable access.
Working Solution
A currently working solution is to prevent TCP connections to the servers responsible for serving the marketing/notifications.
DNS Queries:
- ipm.avira.com
- notifier.avira.com
IP Addresses:
- 185.123.227.12
- 185.123.227.13
This can be achieved using the Windows Firewall with Advanced Security management console.
wf.msc- Outbound Rules
- New Rule
- Custom Rule
- All Programs
- Any Protocol
- Remote IPs should be set to the ones listed above
- Action: Block the connection
- Profile: All
- Name: "Avira IPMGUI Outbound"
The following command can be used to create the rule:
netsh advfirewall firewall add rule name="Avira IPMGUI Outbound" dir=out action=block remoteip=185.123.227.12,185.123.227.13