Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jaje on June 29, 2020, 10:59:53 AM

Title: Avast troubles again?
Post by: jaje on June 29, 2020, 10:59:53 AM

Today I saw this post to Reddit about Avast

https://www.reddit.com/r/sysadmin/comments/hht8jb/should_i_report_avast_to_the_australian_cyber/

I might be over reacting with this but I really don't like these types of business practices so just looking for an outside opinion with this one.

I manage the IT department at a large school in Australia, I've recently setup a Honeypot on the BYOD wireless network to identify if any students are doing something they shouldn't. Within about 20 minutes I got two hits; Something was scanning the entire network and accessing ports 80, 443, 445, 1900, 2869 and 3389.

Not only were they scanning, they were actively probing for vulnerabilities and delivering malicious payloads to the Honeypot server. In one instance CVE-2012-0152 was used in an attempted RDP DDoS attack.

After some panic and investigation I discovered that Avast has a "feature" called Wi-Fi Inspector. This basically scans the users wireless network and tests for vulnerabilities, this feature is on by default but can be disabled.

We have over 3000 students with BYOD devices, many with Avast installed scanning the network at least once per day. This is creating a huge overhead on our wireless network and seems like Avast is acting like a virus itself, especially seeing that the thing is crafting payloads and actively accessing resources it's not authorised to access.

IMO this is a malicious practice and constitutes as a cyber security incident. I have no idea what Avast is doing with this collected data or what the purpose of the scan is as the end user received no notification that a vulnerability was even found!

I called Australian Cyber Security Centre and they said I could report the activity and start an investigation. What do you guys think, is it worth the effort of reporting this?

Title: Re: Avast troubles again?
Post by: bob3160 on June 29, 2020, 03:31:52 PM

Quote from: jaje on June 29, 2020, 10:59:53 AM

Today I saw this post to Reddit about Avast

https://www.reddit.com/r/sysadmin/comments/hht8jb/should_i_report_avast_to_the_australian_cyber/ (https://www.reddit.com/r/sysadmin/comments/hht8jb/should_i_report_avast_to_the_australian_cyber/)

I might be over reacting with this but I really don't like these types of business practices so just looking for an outside opinion with this one.

I manage the IT department at a large school in Australia, I've recently setup a Honeypot on the BYOD wireless network to identify if any students are doing something they shouldn't. Within about 20 minutes I got two hits; Something was scanning the entire network and accessing ports 80, 443, 445, 1900, 2869 and 3389.

Not only were they scanning, they were actively probing for vulnerabilities and delivering malicious payloads to the Honeypot server. In one instance CVE-2012-0152 was used in an attempted RDP DDoS attack.

After some panic and investigation I discovered that Avast has a "feature" called Wi-Fi Inspector. This basically scans the users wireless network and tests for vulnerabilities, this feature is on by default but can be disabled.

We have over 3000 students with BYOD devices, many with Avast installed scanning the network at least once per day. This is creating a huge overhead on our wireless network and seems like Avast is acting like a virus itself, especially seeing that the thing is crafting payloads and actively accessing resources it's not authorised to access.

IMO this is a malicious practice and constitutes as a cyber security incident. I have no idea what Avast is doing with this collected data or what the purpose of the scan is as the end user received no notification that a vulnerability was even found!

I called Australian Cyber Security Centre and they said I could report the activity and start an investigation. What do you guys think, is it worth the effort of reporting this?

My question is why is the IT guy upset that the student uses an AV that protects him from possible network vulnerabilities? I'd also like to know if Avast discovered any vulnerabilities. :)

Title: Re: Avast troubles again?
Post by: RejZoR on June 29, 2020, 05:14:53 PM

"Not only were they scanning, they were actively probing for vulnerabilities and delivering malicious payloads to the Honeypot server."

That sounds like utter nonsense.