Author Topic: Avast scans my local web servers  (Read 2072 times)

0 Members and 1 Guest are viewing this topic.

Offline toastman

  • Jr. Member
  • **
  • Posts: 23
Avast scans my local web servers
« on: October 29, 2021, 02:37:38 AM »
I have several local machines on my network.

1. Laptop running Ubuntu 20.04 LTS
2. VMWare virtual machine (2) running CentOS 7

All three machines are running Apache HTTPD to support both work and learning. While looking at my access logs, I find the following entries (examples below):

192.168.254.229 - - [28/Oct/2021:12:55:40 -0700] "GET / HTTP/1.1" 200 710 "-" "Avast Antivirus"
192.168.254.229 - - [28/Oct/2021:12:55:40 -0700] "GET /HNAP1/ HTTP/1.1" 404 204 "-" "Avast Antivirus"

More disturbing:

192.168.254.229 - - [19/Oct/2021:17:47:25 -0700] "GET /cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard HTTP/1.1" 404 213 "-" "Avast Antivirus"

and:

192.168.254.229 - - [19/Oct/2021:17:47:25 -0700] "GET /cgi-bin/webproc?getpage=/../../etc/passwd&var:language=en_us&var:page=* HTTP/1.1" 404 213 "-" "Avast Antivirus"

192.168.254.229 is my Windows 10 Professional desktop (latest patches) running Avast! 21.8.2487 (build 21.8.6586.697) and virus definitions 211028-4.

Why is Avast! probing other machines on my network? What other probes does it make? There are several systems on this home network that are not mine. Is Avast! probing them as well?

Why?!

This is truly not acceptable, and could be viewed by other members of the household as malicious.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast scans my local web servers
« Reply #1 on: October 29, 2021, 09:15:08 AM »
Hi, you can turn it off in the settings, see screenshot.
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline toastman

  • Jr. Member
  • **
  • Posts: 23
Re: Avast scans my local web servers
« Reply #2 on: November 18, 2021, 02:06:38 AM »
I did that, went to San Francisco on a business trip, and came back to "13 unsuccessful logins" on one of my Linux machines.

When I looked at the log, they were all coming from my Windows machine with Avast! installed.

Here's the screen shot of my configuration:


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast scans my local web servers
« Reply #3 on: November 18, 2021, 09:05:18 AM »
- Which Avast..? (Free/Premium/One)
- Which version/build of Avast..?
- OS..? (32/64 Bit..? - which SP/Build..?)
- Other security related software installed..?
- Which AV(s) did you use before Avast..?
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline toastman

  • Jr. Member
  • **
  • Posts: 23
Re: Avast scans my local web servers
« Reply #4 on: November 18, 2021, 05:55:05 PM »
- Which Avast..? Free
- Which version/build of Avast..? 21.9.2494 (build 21.9.6698.703)
- OS..? (32/64 Bit..? - which SP/Build..?) Windows 10 Pro 64 bit, 21H1, 19043.1348, WFE 120.2212.3920.0
- Other security related software installed..? None
- Which AV(s) did you use before Avast..? None

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76115
  • Urlaub/Vacation
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Avast scans my local web servers
« Reply #5 on: November 19, 2021, 08:47:33 AM »
You can submit a bug report in "About Avast". (Add a link to this thread)
W8.1 [x64] - Avast PremSec 22.7.7366.BC [UI.713] - Firefox ESR 91.11 [NS/uBO/PB] - Thunderbird 91.11
Avast-Tools: Secure Browser 103.0 - Cleanup 22.2 - SecureLine 5.18 - DriverUpdater 22.2 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline prokopes_

  • Avast team
  • Full Member
  • *
  • Posts: 132
Re: Avast scans my local web servers
« Reply #6 on: November 22, 2021, 02:47:49 PM »
Hi toastman, thank you for reaching out.

First of all, I can confirm that these scans are from Avast Wi-Fi Inspector. I suspect you may have marked your network as a "private" network, which may lead to some periodic scanning. The scan can also be initiated by other Avast features, such as Smart Scan.

The best way to prevent this from happening is by uninstalling the Wi-Fi Inspector component. This article describes how you can do that: Add or remove Avast components.

We apologize for the confusion. We're working on improvements for our network scanning features. We'll try to give users more control and provide a better explanation.

Offline beppe2

  • Newbie
  • *
  • Posts: 1
Re: Avast scans my local web servers
« Reply #7 on: September 13, 2022, 09:28:55 AM »
Hi,
I found Avast free antivirus not only scan the ports of my private network server, but it try to login, too, via ssh brute force attack (ten times x second). I found this behavior unacceptable, expecially because you can move with your laptop on others private network of work, school etc and is not so polite you are attemp to go inside other servers.

Moreover, I left a router with a monitor account w/o password, and it found it and enter but no related messages were reported to me.

I was running Win 7, Avast free V 22.7.6025
« Last Edit: September 13, 2022, 09:33:27 AM by beppe2 »