Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Charlie132 on October 12, 2021, 11:40:49 PM

Title: Rogue SSH requests from Wi-Fi Inspector on Avast Free
Post by: Charlie132 on October 12, 2021, 11:40:49 PM

Noticed 40+ SSH attempts to a FreeNas server from a PC running Avast Free.  Assuming the worse and that the PC had been compromised I air gaped the PC from the network to see if it could be recovered.

After a couple of hours of frantic digging and antivirus scans it looks like the Avast Wi-Fi inspector is basically preforming a dictionary attack of default passwords on all network devices. Has anyone else noticed this before?

Information on the Avast website is vague with what security checks the scanner does but within seconds of starting the scan manually I can see SSH attempts again so reasonably sure this is Avast.

Any info on this would be great. 

Title: Re: Rogue SSH requests from Wi-Fi Inspector on Avast Free
Post by: NON on October 13, 2021, 03:28:48 AM

Hello Charlie132, welcome to the forums.

What you described is how Wi-Fi inspector works, checking all devices within the network for known vulnerability, open ports, port availability from the Internet, Wi-Fi encryption and so on.

I suppose these checking include port scanning and a kind of proof-of-concept attacks to check vulnerabilities, so I don't surprise some security measures installed on the network flag these activities as potentially malicious.