Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Dohn Joe on April 09, 2021, 06:22:51 PM

Title: Unwanted Avast DNS traffic [update 2021]
Post by: Dohn Joe on April 09, 2021, 06:22:51 PM

Hello everyone,

this is a follow-up to an older thread: https://forum.avast.com/index.php?topic=184959.0

I use Avast Free Antivirus 21.2.2455 (compilation 212.6096.651) without SecureDNS, WebShield etc. installed, and I can see a lot of traffic coming out of my network to a weird set of DNS servers. Sample traffic:

Source           Destination      Prot.    Length    Info
192.168.1.101    37.120.144.66    DNS      81        Standard query 0xd357 TXT 2.sEcuRedns.AvaST.COm
37.120.144.66    192.168.1.101    DNS      218       Standard query response 0xd357 TXT 2.sEcuRedns.AvaST.COm TXT
192.168.1.101    37.120.144.66    DNS      160       Unknown operation (13) response 0x5de9 Unknown error (15)[Malformed Packet]
37.120.144.66    192.168.1.101    DNS      405       Unknown operation (12) 0x7236[Malformed Packet]
192.168.1.101    37.120.144.66    DNS      81        Standard query 0x06ee TXT 2.sECUrEdns.avASt.Com
192.168.1.101    156.146.38.142   DNS      81        Standard query 0x49d1 TXT 2.SEcUREdnS.AvAst.com
192.168.1.101    84.17.55.14      DNS      81        Standard query 0x3989 TXT 2.SeCUReDNS.AVASt.cOM
37.120.144.66    192.168.1.101    DNS      218       Standard query response 0x06ee TXT 2.sECUrEdns.avASt.Com TXT
84.17.55.14      192.168.1.101    DNS      218       Standard query response 0x3989 TXT 2.SeCUReDNS.AVASt.cOM TXT
192.168.1.101    37.120.144.66    DNS      160       Unknown operation (13) response 0x5de9 Unknown error (15)[Malformed Packet]
192.168.1.101    84.17.55.14      DNS      160       Unknown operation (11) response 0x5566 RRset does not exist[Malformed Packet]
37.120.144.66    192.168.1.101    DNS      346       Unknown operation (12) 0x7236[Malformed Packet]
84.17.55.14      192.168.1.101    DNS      218       Unknown operation (12) 0x7236[Malformed Packet]
156.146.38.142   192.168.1.101    DNS      218       Standard query response 0x49d1 TXT 2.SEcUREdnS.AvAst.com TXT
192.168.1.101    156.146.38.142   DNS      160       Unknown operation (9) 0x1caf[Malformed Packet]
156.146.38.142   192.168.1.101    DNS      346       Unknown operation (12) 0x7236[Malformed Packet]
192.168.1.101    37.120.144.66    DNS      81        Standard query 0xcaeb TXT 2.seCurEDNS.avAST.com
37.120.144.66    192.168.1.101    DNS      218       Standard query response 0xcaeb TXT 2.seCurEDNS.avAST.com TXT
192.168.1.101    37.120.144.66    DNS      160       Unknown operation (13) response 0x5de9 Unknown error (15)[Malformed Packet]
37.120.144.66    192.168.1.101    DNS      346       Unknown operation (12) 0x7236[Malformed Packet]
192.168.1.101    37.120.144.66    DNS      81        Standard query 0x4615 TXT 2.SeCUREdNs.aVAsT.com


On the contrary to the last post in the old thread I don't think that's "useful" at all and therefore I would like to:

1) know how to permanently disable the DNS flood traffic on the program level or
2) obtain a full list with the IP range blocks which Avast talks to so then I would block them on my network devices. Whenever I block a single IP address, new ones appear later in the traffic.

Thanks
KR

Title: Re: Unwanted Avast DNS traffic [update 2021]
Post by: Asyn on April 10, 2021, 09:25:07 AM

Hi, are you running ASL and/or ASB..?

Title: Re: Unwanted Avast DNS traffic [update 2021]
Post by: Dohn Joe on April 12, 2021, 10:01:29 PM

Hello,

no, I don't use the browser nor the vpn.

KR

Title: Re: Unwanted Avast DNS traffic [update 2021]
Post by: Asyn on April 13, 2021, 09:03:34 AM

Beats me, wait for one of the devs...

Title: Re: Unwanted Avast DNS traffic [update 2021]
Post by: Dohn Joe on April 23, 2021, 06:41:05 PM

Has any dev already taken a look?