Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: wizzlbang on May 07, 2015, 04:06:45 AM

Title: web shield anomaly?
Post by: wizzlbang on May 07, 2015, 04:06:45 AM
I was on omegle today and I'd just closed my browser and switched users on my comp because I had to leave, when I got back some omegle urls were the most recent things scanned in my realtime data, showing up after the points where I had closed my browser switched off and logged back in. I've managed to replicate it twice so far

Is this a glitch with avast, or is my computer somehow connecting to omegle when logged off?
Title: Re: web shield anomaly?
Post by: Cast on May 07, 2015, 07:55:18 AM
Does it show the times that it was scanned at? Maybe its just from when it was signed in before you signed off that account?
Title: Re: web shield anomaly?
Post by: wizzlbang on May 07, 2015, 08:12:46 AM
It definitely happened while I was signed off, I could tell because logonui.exe, which comes up when I sign off, was scanned before the url
Title: Re: web shield anomaly?
Post by: wizzlbang on May 08, 2015, 01:16:20 AM
Managed to catch it in the act without switching out this time

First screenshot taken right after I closed my browser

Second was a short while later after I'd saved the first screenshot
Title: Re: web shield anomaly?
Post by: wizzlbang on May 09, 2015, 05:29:18 AM
.. so does just like, nobody know, or?
Title: Re: web shield anomaly?
Post by: DavidR on May 09, 2015, 03:01:23 PM
I don't see this as a web shield anomaly as it is doing what it should, scan connections to the internet. What we don't know is the program responsible for making the connection.

The anomaly as I see it lies with the program responsible for this connection and that is what people don't know.

Does the omegle.com site ring any bells ?

A google search for that domain turns up many hits relating to chat services, etc.
Title: Re: web shield anomaly?
Post by: wizzlbang on May 09, 2015, 10:19:42 PM
Like I said, i was on omegle on by browser, but somehow a connection was made to it after the browser was closed
Title: Re: web shield anomaly?
Post by: DavidR on May 10, 2015, 12:30:27 AM
Well there has to be something on your system making that connection, it doesn't necessarily have to open the browser to do it.

What that is we can't say from the information here, that is I believe was why you hadn't received any replies.

Monitoring avast won't help as it isn't reporting the process responsible for the connection to the site (just that the web shield will still be monitoring). I don't know what firewall you have or whether it has detailed logs in which you can see the outgoing process connecting to the site.
Title: Re: web shield anomaly?
Post by: wizzlbang on May 10, 2015, 01:28:49 AM
Just using windows firewall

What else besides my browser would make a connection to omegle like this after i was visiting it? is there a way to see a log?
Title: Re: web shield anomaly?
Post by: DavidR on May 10, 2015, 03:53:35 PM
Many programs connect to the internet without having to use a browser to do so.

Just your starter for 10, avast gets its vps updates without using a browser, many other programs will connect to get updates, etc.

The windows firewall depending on operating system (?) either don't have outbound protection or it is disabled by default. In either case it either keeps no logs or they aren't very user friendly.
Title: Re: web shield anomaly?
Post by: wizzlbang on May 10, 2015, 10:31:12 PM
Yeah I get that, but this is such a weirdly specific instance. So far I've only been able to replicate it with omegle