Author Topic: Avastui.exe is maintaining connection to Google.com on tcp ports 80 and 443(ssl)  (Read 3794 times)

0 Members and 1 Guest are viewing this topic.

Offline winndb

  • Jr. Member
  • **
  • Posts: 21
5:42 AM 5/13/2014
Avastui.exe is making and maintaining tcp connections to google.com.
Ipnetinfo.log

       74.125.224.94   Succeed   USA - California   GOOGLE   Google Inc.   74.125.0.0   
74.125.255.255   Yes   Google Inc.   arin-contact@google.com   arin-contact@google.com   
+1-650-253-0000          lax17s02-in-f30.1e100.net.   

   74.125.224.102   Succeed   USA - California   GOOGLE   Google Inc.   74.125.0.0   
74.125.255.255   Yes   Google Inc.   arin-contact@google.com   arin-contact@google.com   
+1-650-253-0000          lax02s19-in-f6.1e100.net   

CPorts.Log

AvastUI.exe   1976   TCP   5766      192.168.1.64:5766   443   https   
       74.125.224.94:443   lax17s02-in-f30.1e100.net:443   Established   C:\Program Files\AVAST
Software\Avast\AvastUI.exe   avast! Antivirus   avast! Antivirus   9.0.2018.391   
AVAST Software   5/11/2014 11:27:34 PM   A   5/13/2014 5:13:49 AM   
C:\WINDOWS\system32\WINHTTP.dll      Statistics   

AvastUI.exe   1976   TCP   5764      192.168.1.64:5764   80   http   
      74.125.224.102:80   lax02s19-in-f6.1e100.net:80   Established   C:\Program Files\AVAST
Software\Avast\AvastUI.exe   avast! Antivirus   avast! Antivirus   9.0.2018.391   
AVAST Software   5/11/2014 11:27:34 PM   A   5/13/2014 5:13:49 AM   
C:\WINDOWS\system32\WININET.dll      Statistics
=========
I do not understand why Avast would need to connect to google on port 80 and ssl port 443. 
Can someone explain this? What information is being supplied to Google? No, I do not use the Google Chrome Browser.   

« Last Edit: May 13, 2014, 03:59:51 PM by winndb »

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Port 80 is easy to understand. Are you logged-in to Google?
If you are that would explain port 443.
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6563
  • When you think you know, Think Again
Port 80> http connections\
Port 443> https connections\
***HP ENVY 15K LT W10 Pro 20H2 64Bit/750GB HD/16GB Ram/Avast Premium 20.10.2440b/Secureline VPN v.5.8.5262b/ADU v.20.2.921b/ASB v.87b/SANDBOXIE/Prey Project
**HP Compaq 8510p LT W10 Pro 20H2 64Bit/1TB HD/8GB Ram/Avast Premium 20.10.2440b/ADU v.20.2.921b/SANDBOXIE/Prey Project/HotSpot Shield VPN
     
*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2002)18.8.2356/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
LAYERED SECURITY SOFTWARE PROTECTION

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
@ schmidthouse  Thanks for explaining what the ports are for. My bad.  :-[

Port 80 is used for non-encrypted internet connections.
Port 443 is for encrypted internet connections.

That said, if you are logged into your Google account (encrypted) and visit YouTube your
YouTube connection is also encrypted.  :)
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.

Offline winndb

  • Jr. Member
  • **
  • Posts: 21
Thank you for the replies...you too schmidthouse.(chuckle)I know what the ports are. Me"newbie" not "newborn". :

I'm not logged into Google or Youtube. I have no Google pages or services in use at all. Google is not my search engine and it is not a search option on my home page. These connections are being made directly by the avastui while realtime shields are off. (If it were   a passthrough avast scanner connection it would be on port 12080). I am not using any safe-browsing options in my browser. In fact, these connections persist even when there is no browser active. I know they originate from Avastui.exe directly.
It just seems strange.  there must be a good reason for them.
Perhaps avast reports statistics to Google via the user interface?
well, so much for sluething. Just curious. ::)

Offline NoelC

  • Poster
  • *
  • Posts: 569
For what it's worth, I'm watching Resource Monitor and I don't see connections from AvastUI to anything.

For me AvastSvc.exe shows occasional connections to addresses that reverse-resolve to AVAST Software a.s., which seems reasonable given the software's online update facilities.

Note that I don't use anything but the 3 shields and the software updater.

Personally, if I saw my system maintaining a connection with Google I'd be concerned that Google has infected me with something.  That's certainly their goal.

Something related to consider, which blocks trackers etc.:  http://winhelp2002.mvps.org/hosts.htm

Also if you see applications accessing servers by name that you'd rather they didn't access, nothing keeps you from adding additional lines to your hosts file.

-Noel

Offline Para-Noid

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6712
  • Trust only what you test yourself!
Dell Inspiron, Win10x64--HP Envy Win10x64--Both systems Avast Free v17.9.2322, Comodo Firewall v8.2 w/D+, MalwareBytes v3.0, OpenDNS, Super Anti-Spyware, Spyware Blaster, MCShield, Unchecky, Vivaldi Browser and, various browser security tools.

"Look before you leap!" Use online scanners before you click on any link.