Author Topic: Strange Avast DNS requests  (Read 2281 times)

0 Members and 1 Guest are viewing this topic.

Offline Joe_42

  • Newbie
  • *
  • Posts: 2
Strange Avast DNS requests
« on: January 22, 2019, 08:26:49 PM »
I run Avast Free AV on my home PCs. I also run a PiHole DNS server for logging / monitoring / blocking traffic. I noticed a couple of weeks ago that one of my machines was making weird DNS requests over the period of about 3 minutes every day. The time of day of the requests started around 5AM and slowly migrated 10 - 12 minutes a day until it was running around 6:30 AM. I finally tracked this behavior down to being caused by Avast (determined this by uninstalling Avast, causing the requests to stop). The requests were to about 40 different websites - roughly 50% of which are well known banks (e.g. Citi, Wells Fargo, USBank, Santander, etc.) and the others well known search / mail providers (e.g. Yandex, Mail.ru, & Wordpress.com).

I believe I have figured out that this is caused by the Avast Home Network Security feature which checks for DNS compromise / redirection to unrelated sites (see this topic board: https://forum.avast.com/index.php?topic=163825.0). My understanding is that these IPs are pulled from the Alexa Top 1000 sites.

What's causing me some concern however is I have Avast running on a second computer with the same setup & I'm not getting any of these strange requests? Can anyone confirm if these requests are being made by Avast? Why would my second PC not be making these requests if it's setup is the same?

My next thought on how to test further would be to reinstall Avast on the PC that was making the strange requests and a) see if they start up again & b) turn off the home network security feature & see if they stop. Any better ideas?

Offline Joe_42

  • Newbie
  • *
  • Posts: 2
Re: Strange Avast DNS requests
« Reply #1 on: January 28, 2019, 04:05:53 PM »
A bit disappointed that no one wanted to comment on this issue - eve n to ask clarifying questions?  :'(

In case anyone else comes across this issue - I ended up uninstalling Avast, confirming that the strange DNS requests stopped, and then reinstalled Avast. Strangely - the DNS requests have not resurfaced since doing so? It's been a couple of days now and nothing unusual coming from this machine. I will continue to monitor however it seems to have resolved itself.

So far as I know, I didn't change any settings or installed modules.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 75480
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Strange Avast DNS requests
« Reply #2 on: January 28, 2019, 04:25:08 PM »
A bit disappointed that no one wanted to comment on this issue - eve n to ask clarifying questions?  :'(
Well, that would have been something for the devs to answer, but thanks for the feedback.
W8.1 [x64] - Avast PremSec 22.5.7253.B [UI.706] - Firefox ESR 91.9.1 [NS/uBO/PB] - Thunderbird 91.9.1
Avast-Tools: Secure Browser 101.0 - Cleanup 22.2 - SecureLine 5.18 - Driver Updater 22.2 - CCleaner 6.0
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline arghy

  • Newbie
  • *
  • Posts: 1
Re: Strange Avast DNS requests
« Reply #3 on: October 28, 2021, 07:17:16 PM »
I lost a day dealing with this.

Thanks for the information.