Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: jraju on August 21, 2021, 07:43:18 AM
-
Hi, I bought a dlilnk 2750u router and after configuring with the wizard, scanned with avast wifi inspector. I was shown alert of dns hijack and on the solution page, I was asked to uncheck enable ddns in advanced settings , which i did it. On the second scan, it shows no alett and i did not get any alert on any vulnerability in the wifi inspector scan.
But I went and looked at the ddns again, the same was enabled again with pppoe connection to a dlink server. I again, selected ----- , in the drop down box instead of pppoe, and then uncheck the enable and save and reboot the router.
The subsequent scan with wifi inspector showed no vulnerable with green tick.
My query is Why on the first scan, it showed as dns hijack vulnerability beore unchecking and showed as no vulnerability on subsequent scans, even when the same was checked in the router settings.
could some one clarify
I wish to state that I have used the dlink wizard to configure the router for getting my ISP configurations thro its wizard
-
Hi, I enclose the actual position of router on ddns after unchecking and rebooting the router for the first time
-
Hi, Why servers default other than googld dns ,open dens, etc are showing as vulnerable servers. Are they really infected servers or avast has programmed that to be.
When I changed my ISP server to opendns, the vulnerability alert has gone in to wind.
Are other servers except these servers are vulnerable or is a false positive alert
-
Hi,
Can you please provide us with a screenshot of the Avast interface showing the detection?
Can you also provide us with a support file id?
Please follow these steps:
1. Open - Avast Premium Security > Click on - Menu > Settings > General > Troubleshooting > Select - Enable debug logging (at the bottom)
2. Run a new Wi-Fi Inspector scan
3.Generate the support file
To generate the support file, please see this link.
https://support.avast.com/en-ww/article/Submit-support-file
4. Disable debug logging
-
hI, rAVAST,
Please see the screen shots
1. scan result by changing to my ISP dns, audo detect vulnerability dns hijack
2. scan after disabling ddns, and then change to public dns no vulnerability
3. scan result after again reverted to my Isp vulnerability found dns hijack
4. scanned result after again unchecking ddns and change to public dns
-
hI, RAVAST, SENT THE DATA, WHEN THE RESULT IS NO VULNERABILILTY. will send afte changing the dns to get vulnerability data .
or you will get it from the support file I sent already in this ID THZTQ
-
Hi, Ravast, seen the message.
I have enabled the log .
I again created the dns hijack alert and resend the support file
the file id is TJ1PA
I hope that this time , the details are correcly captured.
Only one thing, that i could not fill, and that is the ticket no.
Hope that you received the file. Now, the avast shows the alert of vulnerability
This I edited later
Now I have changed to public dns and the scan show no vulnerabililty.
dlink has stopped providing ddns service previous year itself
the support file id for this no vulnerability was sent via
support file id U9642
please see and say, that barring public dns all the dns have been having compromized or My ISP server is affected with something
-
hI, rAVast,
i received this message from avast support
We have received a diagnostic report related to this e-mail address that does not contain a description. There is no case related to this e-mail address in our database therefore we are not quite sure how we can help. Could you please provide us with a description of the issue itself or a previous case number? Please bear in mind that any information might be helpful and can speed up the resolution.
Best regards,
But I saw the support files were sent to avast only and the file id has also be the same.
what else Avast want in this regard. Is this message a alert to supply more details
The request numbers that were given to me in my email receipt are 13887460 13887226
-
hi, ravast,
please tell me if the analysis started on my support logs.
have they found out anything
-
hi, ravast,
please tell me if the analysis started on my support logs.
have they found out anything
Hi,
It seems that you should not have received these messages. Our devs are still looking into this.
-
Thanks ravast.
expecting.
Everybody say that google dns is not intrusive. But in one of my analysis found that the actual dns it gave me does not belong to my country, where there may be many servers, but to the neighbouring countries. I stopped using this public dns and switched back to my ISP dns.
But most software, yellows the dns, that they did not include in their software, as yellow flag, to use those cautiously other than the google and one or two public dns. It seems. Let me hear from your people on this
-
Hi, Ravast,
Is there any progress in the logs I submitted.
-
Hi, there is no reply to my queries from avast team on the logs submitted. Why it is taking time to analyse my logs. I expected a reply from the team. But since nothing came, I want to remind once again.
Is that only some servers known have been included as secured servers and all others are vulnerable.
I was open in my queries .
-
Hi,
The detection should have been suppressed and not visible to you when located in India.
The reported situation is not a threat, it is caused by the traffic being redirected by Indian ISPs acting on government mandate: https://www.reuters.com/article/us-india-china-apps-idUSKBN29U2GJ
-
Hi, R(a)vast,
Read the contents of the linked article. It is understood that some apps have been banned. I did not see anything that alerts that denotes about dns hijack as alerted by avast wifi inspector scan.
As you said, that it should have been suppressed for indian avast users, has anything made to the program of late to suppress the warning of dns hijacks?
Will you give some more details on this?
Assuming that i would have not correctly configured the new router, I went to my nearest service provider office and configured the router.
The same procedure has been followed by the official and I rechecked that the dns servers are configured to automatic obtaining mode, ie, my service provider Dns.
all other parameters are checked and it was the same as before, except , my changing the dns to google dns previously on the advice of the avast suggestions after the alert .
now, when I scan with the wifi inspector, with my ISP dns, i do not get any vulnerability warning after its scan.
Moreover, I had not visited any mentioned website nor do I have uc browder as my default, I am using firefox, and chrome only.
Now i do not get any vulnerability on wifi inspector test
See this enclosed report.
The server is set to auto detect and the dns servers are provided by my ISP
-
Hi, some family members have configured the internet option , dns survey as google dns.
I suppose, that eventhough, dns is configured automatically from my ISP, the setting in the windows ipv4 properties, dns server overtakes the ISP servers and acting as router dns server.
Yes, again removing the google dns in the ipv4 settings, to auto detect, then it shows the router has been hijacked dns alert.
So, means that if any body uses their own ISPs dns server, would receive this alert is it correct.
I do not know, why it cannot suppress and show as not a threat or dns hijack
It seems that it is false positive ok.
give me ideas.
-
Hi, So many persons would be using avast antivirus free for longtime and if any one of them scan with wifi inspector, then the scan result is false positive dns hijack.
I do not know, how then one could use avast free antivirus without these bugs.
I hope some avast staff would do the needful in the matter.
I am a long lover of this antivirus as it gives me alerts as it promised.
can I expect a reply in this regard.
Hi, R(a)avast, ofcourse, I tried tracert on some of the scan alert websites.
Yes, the tracert is redirected. I understand.
So, if you use google dns, in the place, then you do not have dns hijack alert, this is because, google dns does not redirect such.
So, if you use ISPs dns, which redirects, then, your dns is hijacked and you need to change the dns to public dns.
what is the logic behind this kind of alerts.
As a regular user of this vastly secured and improved av, May I get a detailed reply
-
Hi,
Are you using a VPN, by any chance?
-
I was shown alert of dns hijack and on the solution page, I was asked to uncheck enable ddns in advanced settings , which i did it. On the second scan, it shows no alert
it seems like it was that simple, that you needed to disable "DDNS."
DDNS is disabled by default on my linksys router.
-
So, if you use ISPs dns, which redirects, then, your dns is hijacked and you need to change the dns to public dns
i don't think that it has anything to do with which DNS servers you use. rather, it has to do with whether or not "DDNS" is enabled.
if you need to have DDNS enabled, i imagine that there is an option to set the avast program to ignore the issue, where it will not generate an alert about DDNS being enabled.
-
Hi, R(a)vast,
I do not use any vpn . I only use firefox for most of the time.
could you let me tell how could I check it , if any vpn is used by me or made to used by me.
I never use vpn.
Could I know, why I am asked this.
i checked my ext. ip in whatismyproxy website and the result is
"Do Not Track" Setting:
Do not track is not enabled in your browser
-
Hi, redwolfe,
I already tried to uncheck the enable button on my ddns page in router.
Even when i unchecked , it is getting checked i.e enabled on reboot of router.
Moreover, when I bought this to my dlink ccexecutive, he says, that ddns is not configured in my router, as there is no entry in the down portion of the page, I enclose herewith.
Since the connection of pppoe1 is the mode, it is there in the box. I could not see, any other entries in the down portion, as I have not enabled anything.
You say that is disabled in your router.
But what that has to do with my alerts , please say..
your quote:
f you need to have DDNS enabled, i imagine that there is an option to set the avast program to ignore the issue, where it will not generate an alert about DDNS being enabled.
Do you mean to say, that alert from avast is for the ddns and not dns.
If it is already enabled, which i think, is not up to now, how to disable my ddns.
-
Hi, R(a)vast,
I do not use any vpn . I only use firefox for most of the time.
Hi,
Thank you for the clarification. This is a bug and our developers are working on a fix.
-
Hi, red wolf,
Do I have enabled the ddns? from the above picture please tell.
I do not have any dlink free ddns account and I never use
But I could not just remove the enabled tick permanently from the page, as it comes back on reboot of router.
Expecting your reply on this ddns matter.
Moreover, Dlink stops the ddns service in the year 2020 june or july I suppose,
-
Hi,
has the bug been fixed in avast software. Could the avast team say, what is the bug in connection with this subject on wifi inspector? would be glad to know the technical details.
-
Hi,
Is it that the wifi inspector scan scans some selected suspicious sites as avast things as suspicious and if any secured redirects are there, then it flags it as a compromised website, as it redirects, and flag it as dns hijacked?
If you have a secured dns server for some security purposes, then , it will alert as dns hijack otherwise, it will not?
If there is no secured redirect and if the websites are not redirecting , then it is showing as no vulnerability? like public dns , google dns, opendns etc..
So, the websites that avast chooses only gets scanned in wifi inspector? is it not correct? Probably users would have sent the list of websites .
I expect a clear and detailed reply on the above, as it is not only affecting a single individual but so many users.
-
Hi,
has the bug been fixed in avast software. Could the avast team say, what is the bug in connection with this subject on wifi inspector? would be glad to know the technical details.
Hi,
The issue has been fixed and will be realised in the next AV program update (version 21.9).
-
Hi, r@vast,
Thanks . But you could have given something about the bug.usually avast users log gives the clue to the bug.
can I presume that now genuine and secured dns redirects will be exempted from dns hijack alerts. Believe me, that I thought of discontinuing avast for good when it was said to be compromized with a security lapse years back but avast wouldn't leave me, as I am familiar with most of the individual menus that this av has.The quick fix of avast , as promised a re-look and I am reporting any issue.
please give clue about the bug. Happy that avast looks at user concern and acknowledging the issues.