Avast doingn PEN testing?

Hi all,

Recently I upgraded my VisualSVN [1] server (which is a modified Apache webserver), and in the course of diagnosing a setup failure, I discovered that Avast seems to be “penetration” testing

[1] https://www.visualsvn.com/server/

Did you run any scan…?

Yes. I accidentally hit return and this !@#$ing site sent the unfinished message. Then wouldn’t let me modify it. What I had started to say was:

[i]Hi all,

Recently I upgraded the SVN server [1] (which is a modified Apache webserver) in my home office, and in the course of diagnosing a setup failure, I discovered that Avast seems to have been “penetration” testing the old server (at least) for months. The server’s event logs were full of failed logins from non-existent users … and all the attempts were from the same machine: MINE.

Naturally, I immediately exhaustively scanned for malware, but found nothing. So I set up a firewall rule to log attempts to contact the SVN. And to my surprise, the culprit was AvastSvc.exe. Approximately every 24 hours, it tries a long series of logins using typical admin user names.

This apparently has been going on for months (extent of the logs), but I hadn’t noticed because everything was running fine. The rogue login attempts have been happening in the (wee) early morning when [generally] no one is using the computer.

Attached are excerpts [last few days] from the server and firewall logs. The firewall log included known connections from TortoiseSVN (client) which were filtered. Those are not errors/failures in the SVN log anyway.
NOTE: the FWevents file is HTML (the software exports it that way). View it with a browser.

So what is going on here? And how to stop it filling up my logs? I’m running Avast Free 18.4.2338 (it’s my personal machine) and I have only the file, behavior, mail and web shields enabled. I figured it might be a periodic network/WiFi scan, but AFAIK you have to ask for that, and it’s not trying the same ports on any other machines (my firewall filter would have caught that).

Thanks,
George

[1] https://www.visualsvn.com/server/[/i]

Hmmm, sounds like WiFi-Inspector, but it shouldn’t run on its own.