Author Topic: Massive Avast download traffic at 11:20am PST?  (Read 3501 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Massive Avast download traffic at 11:20am PST?
« on: May 11, 2016, 11:27:20 AM »
   We’ve been running Avast Endpoint Protection Suite for 3 years now and have never had a problem with it.  It’s simple, does a good job, and hasn’t been a problem.  However this Monday we started having serious issues in one of our branches.  We have approximately 160 client computers, all Windows 7.  We also have about 7 branch offices.  They generally have 10 mbit Internet connections.  We’ve never had a problem before.  This Monday, at approximately 11:20am PST, we noticed that one of our branches’ Internet connection was completely overloaded.  We noticed that all the computers in the branch were attempting to communicate with different Content Delivery Networks (CDN’s), like Akamai, etc. and downloading a ton of data.  In looking at the computers, it was the Avast program that was downloading the data.  All 31 computers were downloading as fast as they could and naturally plugging up our Internet connection.  This caused serious problems with the rest of our applications, since basically nothing else could get through.  After about 2 hours, they finished whatever they were downloading and the problem went away.  This did not happen in any of the other 6 branches.  When I arrived on-site and plugged in my laptop, it immediately started downloading data as well.  There were no messages in the Windows event log, and nothing I could see in Avast.  There was no notice of a new program version, or new virus definitions.  Nothing was logged in the Jobs History of our Small Office Administration server.
   Today (Tuesday), again around 11:20am, the problem occurred again, and again, only in this branch.  I used the Small Office Administration tool to Edit the group settings and first un-checked the “Mirror API – Update from Internet if mirror fails” option.  No change.  I then set the Engine and Virus Definitions and Program update settings to Manual Update.  This didn’t stop the behavior either.  I finally had to block the connections in our router to stop the network overload.
   I’m very confused by this behavior.  I understand that Avast and other virus scanners update their definitions all the time.  But those are usually small updates.  In this case all our computers were completely saturating the network.  We’ve had the same computers and same Internet connection with the same setting in this branch for over a year.  Nothing has changed.  It hasn’t been a problem for a year.  All of a sudden this Monday.  And no problems in our other branches.
   Do you have any idea as to what might be causing this or anyone at Avast that I can talk to?  Thank you for any help!!

Offline Avosec-UK

  • Avosec Technical Support
  • Avast Reseller
  • Sr. Member
  • *
  • Posts: 296
    • Avosec
Re: Massive Avast download traffic at 11:20am PST?
« Reply #1 on: May 11, 2016, 12:14:18 PM »
You could check the Setup.log on the Avast clients for clues: C:\ProgramData\AVAST Software\Avast\log.