Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: aleksazr on December 02, 2011, 01:57:44 AM
-
I'm new to avast, using the free version.
Besides avast, I also have comodo firewall.
Comodo shows which program is downloading something.
At one time, my connection was used by avast, and I thought
it was getting the update, but avast was actually downloading
http://download.windowsupdate.com/msdownload/update/software/defu/2011/11/mpas-fe_c9ad2bd3cb949ade45f511b81906118f21677160.exe
That file belongs to Windows Defender - why was avast downloading it?
Yes, at that time windows defender was enabled (it is disabled now),
but it was avast downloading it, not defender (or so says comodo)
Is that normal?
edit: I got the link by viewing avast's real-time shields->web shield, last page scanned
-
Well, the Web Shield works as a local proxy....so you will see that it looks like Avast! is downloading it simply because it is being picked up by the Web Shield first.
edit:though you are referring to the Network Shield, same thing applies, as it is scanning all network traffic.
-
Avast isn't downloading it, it is going through the avast localhost proxy the web shield (controlled by avastSvc.exe) intercepts http traffic and routes it through the localhost proxy so that it can be scanned.
So I would examine your logs or post the content showing this activity.
-
The traffic is passing through Avast, so Avast can scan it. It is probably Windows Update that is downloading for Windows Defender, which was probably set to update itself before the daily Windows Defender scan.
Well, that's my guess.
You would probably see the same using other tools besides the firewall.
-
Well, the Web Shield works as a local proxy....so you will see that it looks like Avast! is downloading it simply because it is being picked up by the Web Shield first.
edit:though you are referring to the Network Shield, same thing applies, as it is scanning all network traffic.
My mistake, it was actually web shield, and I have now changed that in my first post..
-
It is probably Windows Update that is downloading for Windows Defender, which was probably set to update itself before the daily Windows Defender scan.
I had windows update disabled at that moment, only defender was enabled.
And I have defender now disabled as well.
-
Avast isn't downloading it, it is going through the avast localhost proxy
And that makes comodo firewall think that avast is downloading,
while it is actually defender. What if I wanted comodo to block defender?
I have comodo set on custom policy, which makes it
ask me for my approval for every net connection.
But it didn't ask me in this case.
Not sure if that was the case because avast was practically disguising defender,
or because I have c:\windows\system32\svchost.exe and system enabled
in comodo and defender was treated by comodo as system.
So I'm a bit confused now... what if some other app decides to download
something, and comodo sees avast - and not the real app?
BTW, this post is tightly connected to comodo firewall,
but I could be using any other firewall - and avast shouldn't
disguise any app, no matter which firewall used.
-
I guess it isn't smart enough to see the parent application that is using the localhost proxy.
I say guess as I have never used the Comodo firewall, mine Outpost has stood the test of time and I don't see anything like that.