Author Topic: Avast IP contacts  (Read 6571 times)

0 Members and 1 Guest are viewing this topic.

joburg

  • Guest
Avast IP contacts
« on: January 26, 2011, 12:09:09 PM »
Running the current Avast Free on W7 Pro 64-bit.
I've always given Avast total right of way with all its requests and settings but my firewall indicates various IP connections and indicates Avast as the originator.

The warning always reads - 'C:\Program Files\Alwil Software\Avast5\Setup\avast.setup' plus 'outgoing TCP (6)S packet' and these are examples of IPs being connected:
67.19.11.74
67.228.112.195
74.52.200.82
74.54.19.82
75.125.223.226
87.248.203.253 (Limelight???)
208.43.153.3_80

Mostly after boot up. Are these all legit update connections or are they other progs making contact with home through/via Avast?
For the rest Avast running super, no problems at all.
« Last Edit: January 26, 2011, 12:13:54 PM by joburg »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast IP contacts
« Reply #1 on: January 26, 2011, 12:28:00 PM »
All the IPs connected by avast.setup are legit ones.
You can see a list in the setup.def file.
The best things in life are free.

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: Avast IP contacts
« Reply #2 on: January 26, 2011, 01:33:39 PM »
All the IPs connected by avast.setup are legit ones.
You can see a list in the setup.def file.

Do you mean servers.def?  That file contains a list of avast servers.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

stxNTrm06

  • Guest
Re: Avast IP contacts
« Reply #3 on: January 26, 2011, 04:20:14 PM »
Quote
"...The warning always reads - 'C:\Program Files\Alwil Software\Avast5\Setup\avast.setup..."

avast.setup (~ 8,2 MB) is a temporary process which loads and exists in memory (can be noticed in Task Manager) only during Avast definitions and program updates (can be pre-set to manually or automatically). It is an updater process establishing connections to diferent hosts - Avast update servers.

It is a strange way for updating Avast program by using secret "phantom" processes which is not so clear to Avast users as it seems.

Thanks.  :-[

joburg

  • Guest
Re: Avast IP contacts
« Reply #4 on: January 27, 2011, 08:23:33 PM »
Thanks folk, I found all I required in the servers.def file, these update IPs of do vary. Have to agree with you stxNTrm06.

I sometimes block a range of IPs only to discover that Avast complains it can not update. Will have to make special rules seeing that I now know the specific Avast IPs.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Avast IP contacts
« Reply #5 on: January 27, 2011, 08:37:02 PM »
The IPs in the servers.def fie are subject to change, there are constantly new servers added to the list to support the updates of over 130 million users.

So I wouldn't base any special rule on IPs as at some point it will fail again. I can remember when there were only around 100 update servers now it is 369.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Avast IP contacts
« Reply #6 on: January 27, 2011, 08:42:39 PM »
The IP into servers.def changes a lot.
The "strange" way of updating is, afaik, due to antipiracy needs.
The best things in life are free.

joburg

  • Guest
Re: Avast IP contacts
« Reply #7 on: January 30, 2011, 11:27:57 AM »
 369 IPs???, okay I'll not fiddle. Avast never failed in its task on my puter and I'll let it be.
 Currently I have this notification regarding Avast and I suppose it is normal?
 
 Registry entry "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswRdr\Parameters\WSIgnoreLSPDefault" (nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll) :
Entry was changed to <nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll>

Would this also be due to its IP dancing?

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89329
  • No support PMs thanks
Re: Avast IP contacts
« Reply #8 on: January 30, 2011, 05:48:34 PM »
Sorry, that one is beyond my knowledge as an avast user.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.5.6116 (build 24.5.9153.762) UI 1.0.808/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

stxNTrm06

  • Guest
Re: Avast IP contacts
« Reply #9 on: January 30, 2011, 10:02:21 PM »
...Currently I have this notification regarding Avast...

This registry change was probably applied everywhere Avast is installed but it is noticed only by those who have some notification application installed on their systems. On my system it was registerd and notified yesterday by Tiny Watcher after restart:

The following registry value:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswRdr\Parameters
"WSIgnoreLSPDefault"= "nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll"

was changed to:

"WSIgnoreLSPDefault"="nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll"

This key is for Avast! TDI Redirect driver:

C:\WINDOWS\system32\drivers\aswrdr.sys

and the file winsflt.dll was added to all those suspicious .dll files. It is related to PureSight Internet Content Filter (part of an application for preventing children from watching porn sites):

http://www.puresight.com/

and it is known by its acting as a Winsock layer to filter the network trafic and is usually seen as a HijackThis item to be fixed:

O10 - Unknown file in Winsock LSP: c:\windows\system32\winsflt.dll

Thanks.  :-[
« Last Edit: January 30, 2011, 10:06:54 PM by stxNTrm06 »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Re: Avast IP contacts
« Reply #10 on: January 30, 2011, 10:08:50 PM »
This has nothing to do with IPs of avast! servers (why would you think so?)
Just interoperability improvement.

joburg

  • Guest
Re: Avast IP contacts
« Reply #11 on: January 31, 2011, 10:51:06 PM »
igor - when I noticed "aswRdr" I noticed 'redirect' and thought W7 OS involved. This also happened directly after boot up (or reboot) and that is when Avast always checks for updating. With hindsight...

stxNTrm06 - you are spot on! I very happy to discover another Tiny Watcher user. It is fading as XP is fading and I'm still using it although I'm on W7.
It is still assisting me with remarks even though I can not always make correct deductions from it. I have tried to make contact with the author but only silence, Abandonware? Thanks for yr advice.

Thanks to all the folk who joined it, I rest my case, long live Avast.