To protect my home network of 3-5 computers (depends on the day) I use an
IPCop firewall which is set up so as to only allow authorised outbound connections in addition to blocking inbound traffic. After Avast was installed to one machine on the network, I rapidly learned how Avast pings home at regular intervals, and I adjusted my firewall to permit this.
However, since installing Avast on my own PC, I have been seeing hundreds of firewall log entries every day (every few minutes) which, with irrelevant details omitted, look like this:
NEW not SYN? TCP 800(MDBS_DAEMON)
So far as I can determine, these are not direct connection attempts to the internet, but are attempts to connect to a (non-existent) database service on the firewall itself. Or it simply happens to be using that port for some reason, as despite extensive googling, I have not been able to find any explanation of just what a MDBS_DAEMON actually
IS.
Regardless, after some checking with
Microsoft's PortReporter tool, I found that the offending process turned out to be ashWebSv.exe which was listed as the avast! Web Scanner service. From what I see in the PortReporter logs, this same service has no problem establishing other connections to the internet, so what I want to know is:
Why is ashWebSv.exe so determined to connect to port 800 on my firewall?