Author Topic: Many tcp connections established by AvastSvc.exe  (Read 19621 times)

0 Members and 1 Guest are viewing this topic.

mbitsa

  • Guest
Many tcp connections established by AvastSvc.exe
« on: June 21, 2011, 04:31:47 PM »
I found I can't connect to websites (partial files weren't downloaded.), including the control panel of local router.

I knew that AvastSvc.exe create some TCP for proxy.

When I typed netstat -b

netstat -b :
There are about 1000 TCP connections with status ESTABLISHED, for example
Code: [Select]
TCP    127.0.0.1:12080        MyPCName:SomePort          ESTABLISHED   x ~500
 [AvastSvc.exe]

TCP    127.0.0.1:SomePort        Feather:12080          ESTABLISHED    x ~500
[System]

1.What did it happen? and how not to happen again?
2.Do flash games (IE) causes this? (I saw my brother opened some flash games and then can access no web(Error: Connection reset(firefox))
3.Is 1000 the max limit of concurrent TCP connection? (I can't access CP of router)
  I think this limit is different from the limit of TCP half-open.

OS: Windows 7 Home Pre (Chinese)

It seems fine after reboot...
« Last Edit: June 21, 2011, 04:39:56 PM by mbitsa »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Many tcp connections established by AvastSvc.exe
« Reply #1 on: June 21, 2011, 04:54:51 PM »
It is the web shield proxy, your browser http traffic is redirected through the localhost proxy so that inbound traffic can be scanned.

The avastsvc.exe isn't initiating the connection, but acting on the part of your browser.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mbitsa

  • Guest
Re: Many tcp connections established by AvastSvc.exe
« Reply #2 on: June 21, 2011, 06:05:57 PM »
First of all, thank for your reply.


Other tools (ping, tracert, nslookup) work. (avast just scan http/https)
I have a doubt that firefox opened a few connections (19) compared to 1000 avast did.

Is there too many TCP connections so no new connection is able to be established?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Many tcp connections established by AvastSvc.exe
« Reply #3 on: June 21, 2011, 06:33:58 PM »
Avast doesn't monitor https traffic.

As I said avast isn't initiating these connections, that would otherwise be down to your browser if the web shield wasn't being used. A single web page can be made up of many, many connections, all the images, links to off-page/site scripts, etc.

I don't know what other connections you want to establish ?

This would appear to be an associate firefox request coming back in through the proxy to your browser:
[firefox.exe]
  TCP    127.0.0.1:64751        MyPCName:12080

I have no idea what these are:
[¨t²Î]
  TCP    127.0.0.1:65405        MyPCName:12080          ESTABLISHED

Whilst they use port 12080 they aren't directly associated to the avastsvc.exe. Have you got some sort of local network and do you use any other proxy ?
As this would appear to be monitoring local traffic.

This isn't an area I'm familiar with at all as I don't use a network.

Have you changed any of the avast settings in relation to redirection as local communication is meant to be ignored ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mbitsa

  • Guest
Re: Many tcp connections established by AvastSvc.exe
« Reply #4 on: June 22, 2011, 08:48:17 AM »
"Ignore local community" is enabled.

This problem has be the only one since I used avast free.
This rare issue wasn't caused by firefox but ie/flash, which connections remain after IE/Flash is closed?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Many tcp connections established by AvastSvc.exe
« Reply #5 on: June 22, 2011, 02:26:34 PM »
I never said it was caused by firefox as all browser http connections are treated in the same way.

I'm at a loss as to what else to suggest as these are all local connections. The same netstat -b on my XP Pro system doesn't turn up anything like this and you will see mose are in a closed wait state.

Quote
Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    MyPC:1052               localhost:1053         ESTABLISHED     2452  [thunderbird.exe]
  TCP    MyPC:1053               localhost:1052         ESTABLISHED     2452  [thunderbird.exe]
  TCP    MyPC:1054               localhost:1055         ESTABLISHED     2452  [thunderbird.exe]
  TCP    MyPC:1055               localhost:1054         ESTABLISHED     2452  [thunderbird.exe]
  TCP    MyPC:1066               localhost:1067         ESTABLISHED     3096  [firefox.exe]
  TCP    MyPC:1067               localhost:1066         ESTABLISHED     3096  [firefox.exe]
  TCP    MyPC:1068               localhost:1069         ESTABLISHED     3096  [firefox.exe]
  TCP    MyPC:1069               localhost:1068         ESTABLISHED     3096  [firefox.exe]
  TCP    MyPC:2875               xml.weather.com:http   ESTABLISHED     2132  [YahooWidgets.exe]
  TCP    MyPC:7007               localhost:2787         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1556         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2788         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2484         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2468         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1557         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2467         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1555         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1558         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1462         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1550         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1548         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2758         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2482         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2791         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1560         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2760         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2792         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1561         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2777         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2466         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1554         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2465         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1553         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1562         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2778         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2762         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1563         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1547         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2475         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2779         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2752         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2480         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1552         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2479         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2781         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2477         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2749         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2751         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1551         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1559         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:1549         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2750         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2780         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2748         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7007               localhost:2470         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7008               localhost:2485         CLOSE_WAIT      400  [MailWasherProApp.exe]
  TCP    MyPC:7008               localhost:2481         CLOSE_WAIT      400  [MailWasherProApp.exe]

The results on my wun7 netbook are even less:
Quote
Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    127.0.0.1:1074         Netbook1:1075          ESTABLISHED [thunderbird.exe]
  TCP    127.0.0.1:1075         Netbook1:1074          ESTABLISHED [thunderbird.exe]
  TCP    127.0.0.1:1076         Netbook1:1077          ESTABLISHED [thunderbird.exe]
  TCP    127.0.0.1:1077         Netbook1:1076          ESTABLISHED [thunderbird.exe]
  TCP    127.0.0.1:1078         Netbook1:1079          ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1079         Netbook1:1078          ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1080         Netbook1:1081          ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1081         Netbook1:1080          ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1096         Netbook1:12080         ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1098         Netbook1:12080         ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1099         Netbook1:12080         ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1101         Netbook1:12080         ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1117         Netbook1:12080         ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:1126         Netbook1:12080         ESTABLISHED [firefox.exe]
  TCP    127.0.0.1:12080        Netbook1:1096          ESTABLISHED [AvastSvc.exe]
  TCP    127.0.0.1:12080        Netbook1:1098          ESTABLISHED [AvastSvc.exe]
  TCP    127.0.0.1:12080        Netbook1:1099          ESTABLISHED [AvastSvc.exe]
  TCP    127.0.0.1:12080        Netbook1:1101          ESTABLISHED [AvastSvc.exe]
  TCP    127.0.0.1:12080        Netbook1:1117          ESTABLISHED [AvastSvc.exe]
  TCP    127.0.0.1:12080        Netbook1:1126          ESTABLISHED [AvastSvc.exe]
  TCP    192.168.1.65:1100      l3:http                CLOSE_WAIT [AvastSvc.exe]
  TCP    192.168.1.65:1102      l3:http                CLOSE_WAIT [AvastSvc.exe]
  TCP    192.168.1.65:1103      l3:http                CLOSE_WAIT [AvastSvc.exe]
  TCP    192.168.1.65:1104      l3:http                CLOSE_WAIT [AvastSvc.exe]
  TCP    192.168.1.65:1119      wy-in-f132:http        ESTABLISHED [AvastSvc.exe]
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

mbitsa

  • Guest
Re: Many tcp connections established by AvastSvc.exe
« Reply #6 on: June 22, 2011, 03:09:46 PM »
I don't what it is.   :(

Normally, my computer have a few "ESTABLISHED" connections being like to yours.

Hope someone else had similar experiences.

com155

  • Guest
Re: Many tcp connections established by AvastSvc.exe
« Reply #7 on: June 23, 2011, 06:49:44 AM »
wht firewall do u use?

do u have many computers using the same network?may be i can help u....

mbitsa

  • Guest
Re: Many tcp connections established by AvastSvc.exe
« Reply #8 on: June 23, 2011, 07:05:44 AM »
Windows 7 firewall.

This computer is connected to a router directly.
No other computers in the network were powered on.

com155

  • Guest
Re: Many tcp connections established by AvastSvc.exe
« Reply #9 on: June 23, 2011, 07:32:17 AM »
i recommend comodo firewall intall it and wait for it to give alerts of any unknown connections and if it does so tell it to block it and if comodo gives no alerts then everything is fine then it must just happening because u use too browsers to surf the web or u use the same network connection for many computers[i dont specify whether u use them together or not]....