Update: It appears as if each client is trying to reach this address, as I have 60,000 blocks on a 700+ client network, to this address in the past week. The clients are set to check the EAS server before connecting to the internet for updates and each machine is updating the virus definitions properly. I have nearly as many blocks to ui.ff.avast.com.