Author Topic: Mac 13.9 and previous: Port Scan, too many connections to Avast servers  (Read 868 times)

0 Members and 1 Guest are viewing this topic.

Offline Slarti

  • Newbie
  • *
  • Posts: 4
Hi there,

I have two mac with Avast installed, but only one computer is making a vast amount of connections to Avast servers. My Firewall classifies that as port scans and is pulluting my alerts till it reaches the threshold. So this is very annoying.

So anyone has an idea about how to stop this and why is this not having on my other mac?

Find picture to demonstrate this.

Thank you in advance
Slarti

Offline ondrej.kolacek

  • Avast team
  • Jr. Member
  • *
  • Posts: 89
Hello,

some of the servers contacted are our unified backend infrastructure, so it is difficult to say why the traffic takes place; the frequency seems to me quite excessive.

Please could you send us Support package from the problematic machine? When GUI is active, from menu, Help->Avast Technical Support->Generate Support Package, please describe it so that we can pair it with this post. And if you could somehow find out which processes these connections originate from, it would be beneficial to pinpoint the issue.

Kind regards,
Ondrej Kolacek

Offline Slarti

  • Newbie
  • *
  • Posts: 4
Re: Mac 13.9 and previous: Port Scan, too many connections to Avast servers
« Reply #2 on: August 08, 2018, 08:28:20 AM »
Hi Ondrej,

thanks for this. I have sent you the support package.

Looks like the /Library/Application Support/Avast/run/scan.sock does all the damage ;)

But let's see what you can find out with the support package.

Thanks,
Slarti

Offline ondrej.kolacek

  • Avast team
  • Jr. Member
  • *
  • Posts: 89
Re: Mac 13.9 and previous: Port Scan, too many connections to Avast servers
« Reply #3 on: August 08, 2018, 12:44:38 PM »
Hello,

based on the package, there does not seem to be anything obviously wrong. I can not say anything more with current information. /Library/Application Support/Avast/run/scan.sock is a unix pipe and as such irrelevant.

You could install Wireshark app, run Capture->Options, select your interface to the internet (probably eth0), click Start, and capture the traffic on that interface for a while (ideally while your firewall cries about port spam). After that select Capture->Stop, use File->Save As to save the log and send it to me (ondrej.kolacek at avast.com). You will probably have to send me a link to dropbox or google drive or something like that, as the file will be huge. This will allow me to possibly identify more about the traffic, and hopefully tell me more about the issue.

Kind regards,
Ondrej Kolacek

Offline Slarti

  • Newbie
  • *
  • Posts: 4
Re: Mac 13.9 and previous: Port Scan, too many connections to Avast servers
« Reply #4 on: August 08, 2018, 12:58:21 PM »
Thanks Ondrej. I will do once I have a minute.