Avast Site Blocked

[tonynace]

I have the latest Avast Internet Security Suite installed. I also have Malwarebytes installed. This program keeps blocking access to various web addresses by the avastsvc.exe process. Is this a legitimate Avast process and why are the web addresses such as the latest this process tried to contact, 208.73.210.29 being reported both by Malwarebytes and McAfee Site Advisor as being security risks?

[DavidR]

You are confused in how avast works, the Web Shield redirects all http traffic so that it can scan it, so if during browsing you click to visit a site avast redirects it through the web shield proxy and MBAM is checking that IP address against its malware IP list.

The avastSvc.exe is the main scanning engine of avast and controls all of the avast Shields.

It isn't avast that is initiating these connections, it is just redirecting them through its proxy.

[tonynace]

You are confused in how avast works, the Web Shield redirects all http traffic so that it can scan it, so if during browsing you click to visit a site avast redirects it through the web shield proxy and MBAM is checking that IP address against its malware IP list.

The avastSvc.exe is the main scanning engine of avast and controls all of the avast Shields.

It isn't avast that is initiating these connections, it is just redirecting them through its proxy.

I don't recall visiting or initiating contact with the address in question. The log from MBAM shows "IP-BLOCK   208.73.210.29 (Type: outgoing, Port: 63329, Process: avastsvc.exe)
Since it was an outgoing request, I assumed Avast was initiating the request. I don't think it's any program I have installed that is doing this or virus either, as I was finally able to do a boot-time scan on my 64bit Windows 7 system with your latest update and found the win32:fun web virus on there. Getting rid of that really sped up my system. Do I need to do a regular scan or would the boot-time scan have found everything? Lastly, doesn't Avast have any record of potentially malicious sites or do I still need MBAB to do this for me?

[DavidR]

The boot-time scan is quite thorough, so you should be OK as presumably you have also run avast & MBAM scans in normal mode.

The win32:funweb is adware and that is what was likely to have been initiating the connection with that IP (Oversee.net), though that can't be confirmed.

The avast network shield has its own list of malicious sites, but that won't go into the same depth as MBAM's IP block as that also look at adware/reputation, where avast is specifically about blocking known malicious sites.

[tonynace]

I haven't run the Avast scan in normal mode, as I thought the boot time scan should find everything, but you seem to be saying that I should do a normal scan as well, which I will do, as this alert popped up after I had removed the aforementioned virus.

[DavidR]

It won't hurt to do one, in case what you found could have been hiding things from view in normal mode.