I have all avast! analytics disabled with only first option enabled (for cloud detections) under Privacy menu. avast! Premium Security v19.7, activated with license.

Why avast! keeps connecting to:
analytics.ff.avast.com
ipm-provider.ff.avast.com
v7.stats.avast.com
v7event.stats.avast.com
ip-info.ff.avast.com

The gateway filter I have doesn’t seem to like these as a lot of block lists are blocking all of them. Are some part of cloud by any chance, but I’m fairly certain “analytics”, “stats” and “ip-info” ones aren’t.

+1.

AVG IS and Avast Premier: same result on both. Fishy if you ask me… ???

+2

Wonder if it’s still secretly sending data to those urls even when unchecked by users…hmmms Should be if a user wants to opt out of all but first option, those urls shouldn’t be trying to connect anymore in my eyes in the matter. I know on the internet there is no privacy, but still trying to keep amount of data sent down isn’t bad thing I feel either, do have a Comcast Xfinity Data cap, with 3 Machines used in the household, it may add up

If you are so concerned, why are you still using the product? You do have a choice.

Well, that’s where we’re gonna disagree with your argument. When you disable these things and product does them anyway, it’s not a “well then just use something else”. The thing needs to be addressed by the company. Unless they want mass loss of users because of it coz they will do what you suggest. I’ve already seen tons of them leaving for Windows Defender after last test results spread over internet like wildfire. And they already say avast! is a spyware…

The user is speculating. “Wonder if”. Naturally if you selected no then that needs to happen.

I surely read this somewhere on the forum some time ago: VPS update does send some information about software versions or like that and this cannot be disabled.

My own testing confirms what the OP says is correct.
Not good.

Sending what exactly? Thanks

A lot of it is encrypted, so who knows what. Can assume too much.
And it isn’t only for VPS updates. At startup, and various execution of programs and various
other triggers.

AFAIK ipm-provider is part of Avast GUI so if you open AvastUI then some connection to them will occur…

Things like this should be more transparent with appropriate non-cryptic domains connecting. If you name domain stupid names, we’ll assume stupid things. Name them self explanatory and we won’t.

Getting no response by anyone to this inquiry for days is a bit worrying…

Hi RejZor, sorry for delay we posted an asnwer to this topic in different thread. These domains are used for our own internal analytics and it’s not possible to opt out from them. There are necessary for the AV functionality.

RejZoR,
What happened? Avast is not an offline AV, it still provides quite a lot of functions with the help of our backends, and the list is getting bigger every day.

For example, ip-info.ff.avast.com provides the client with information about its wan IP address, such as ISP and ASN, and it’s used it several places, such as displaying ISP in Wifi-inspector scans network detail. No connection with any 3rd party (or 1st party) analytics here.

Avast uses v7.stats.avast.com when downloading a new VPS (afaik the only usage I know), v7event records the result of VPS update – success/failure/old-program, AFAIK you can not receive VPS updates without accessing these two - unless you would be downloading the updates manually.

“ipm-provider” is hosting parts of our UI, so again, no possibility to use the product without accessing this one.

And the last one - analytics - well, as the name suggests, its the source of all our data for all data analysis and AI, from detections to error reports. With cloud detections, there will for sure be several accesses to this guy, CyberCapture connects here and many other components. Again, the same domain is used for other products if the submits are on, but it is also essential for the core AV product.

RejzoR, sorry to have kept you waiting for a response. None of this is very new. It has been like this for many years, didn’t expect that someone so seasoned would be surprised and worried. While Avast works better when connected to our backends, fully offline setups are also possible, several of our enterprise customers are using Avast like that. You would have to resort to blocking *.avast.com on the firewall and then providing the AV with VPS updates manually.

One last thing, you mentioned that a couple of blacklists are blocking some or all of Avast core domains? Can you give me an example of such a list or a product that does that? We are facing complains (from time to time) from users about not getting the latest version of VPS, or mismatched versions of the UI and the scanning service - I’d like to know more. If anyone is deliberately blocking these - we might at least stop hunting for it as a bug and let the support team be aware.

Thanks a lot.
Lukas.

It seems to be the Energized lists that do this. https://energized.pro

I’m gonna send them a message about it…

These are a few examples. Many people use StevenBlack and Adguard

1hosts
https://1hos.cf/

Stevenblack’s hosts
http://sbc.io/hosts/hosts

someonewhocares (Dan Pollock)
https://someonewhocares.org/hosts/

HostsVN
https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts

adguard DNS and adguard desktop
https://raw.githubusercontent.com/r-a-y/mobile-hosts/master/AdguardDNS.txt
https://filters.adtidy.org/extension/chromium/filters/15.txt

So, basically all of them. Well, there’s your problem avast! team. It would be helpful if you stated all this info clearly somewhere on privacy pages or something what addresses are and what they are used for, so people don’t just blindly block them coz they look suspicious…

Can I just add - my lads laptop is STILL calling home to places like ip-info.ff.avast.com and emupdate.avcdn.net and ipm-provider.ff.avast.com

AVAST is uninstalled completely - even used the Avast removal tool !

Why and how is avast STILL calling home?

Ive added a rule to the firewall to block it but this is really bad