Running the current Avast Free on W7 Pro 64-bit.
I’ve always given Avast total right of way with all its requests and settings but my firewall indicates various IP connections and indicates Avast as the originator.
The warning always reads - ‘C:\Program Files\Alwil Software\Avast5\Setup\avast.setup’ plus ‘outgoing TCP (6)S packet’ and these are examples of IPs being connected:
67.19.11.74
67.228.112.195
74.52.200.82
74.54.19.82
75.125.223.226
87.248.203.253 (Limelight???)
208.43.153.3_80
Mostly after boot up. Are these all legit update connections or are they other progs making contact with home through/via Avast?
For the rest Avast running super, no problems at all.
avast.setup (~ 8,2 MB) is a temporary process which loads and exists in memory (can be noticed in Task Manager) only during Avast definitions and program updates (can be pre-set to manually or automatically). It is an updater process establishing connections to diferent hosts - Avast update servers.
It is a strange way for updating Avast program by using secret “phantom” processes which is not so clear to Avast users as it seems.
Thanks folk, I found all I required in the servers.def file, these update IPs of do vary. Have to agree with you stxNTrm06.
I sometimes block a range of IPs only to discover that Avast complains it can not update. Will have to make special rules seeing that I now know the specific Avast IPs.
The IPs in the servers.def fie are subject to change, there are constantly new servers added to the list to support the updates of over 130 million users.
So I wouldn’t base any special rule on IPs as at some point it will fail again. I can remember when there were only around 100 update servers now it is 369.
369 IPs???, okay I’ll not fiddle. Avast never failed in its task on my puter and I’ll let it be.
Currently I have this notification regarding Avast and I suppose it is normal?
Registry entry “HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswRdr\Parameters\WSIgnoreLSPDefault” (nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll) :
Entry was changed to <nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll>
This registry change was probably applied everywhere Avast is installed but it is noticed only by those who have some notification application installed on their systems. On my system it was registerd and notified yesterday by Tiny Watcher after restart:
and the file winsflt.dll was added to all those suspicious .dll files. It is related to PureSight Internet Content Filter (part of an application for preventing children from watching porn sites):
igor - when I noticed “aswRdr” I noticed ‘redirect’ and thought W7 OS involved. This also happened directly after boot up (or reboot) and that is when Avast always checks for updating. With hindsight…
stxNTrm06 - you are spot on! I very happy to discover another Tiny Watcher user. It is fading as XP is fading and I’m still using it although I’m on W7.
It is still assisting me with remarks even though I can not always make correct deductions from it. I have tried to make contact with the author but only silence, Abandonware? Thanks for yr advice.
Thanks to all the folk who joined it, I rest my case, long live Avast.