com.avast.proxy connecting to pix.impdesk.com

Avast Mac Security
1

Hi, I noticed a lot of traffic on my firewall being blocked trying to get to pix.impdesk.com. After some searching I’ve found quite a few posts on it being a browser redirect etc. I downloaded little snitch and found com.avast.proxy was connecting to impdesk.com which in turn was connecting to pix.impdesk.com and eu.impdesk.com. Has my Avast been compromised somehow?

Richard

2

Info from TrendMicro site check: https://global.sitesafety.trendmicro.com/index.php

Web Advertisements:
Sites dedicated to displaying advertisements, including sites used to display banner or popup ads

3

OK, my firewall is blocking it telling me it’s dodgy but my question is why is com.avast.proxy trying to connect to it?

Thanks

4

have no idea, anyway it seems to be down >> http://downforeveryoneorjustme.com/pix.impdesk.com

5

Thanks for your responses on this Pondus, the site may be down but the fact that com.avast.proxy is trying to connect to it is a worry for me. Is anyone else seeing this kind of behaviour? I’ve attached (I hope) a screenshot of ‘Little Snitch’ showing the redirect.

6

@Richard315 - what AV version are you using?
Would you mind to turn off the Web shield? I assume that there will be the same requests appearing even without Avast’s web shield as there shouldn’t be any request going to impdesk.com at all.
Anyway, any logs, details are welcome!

7

Hi,

Yes I can try that. I am using Avast Business Antivirus (Mac)

Virus definitions 17117700

Program version 12.9

I’ll let you know what occurs.

Thanks,

Richard

8

I have turned it off, nothing in asl logs and Little Snitch is showing no activity for 10+ hours.

9

Hello,
proxy should only connect to the outside when filtering outgoing connections to specific ports which were originally initiated by other processes. It is in theory possible to use tools like wireshark to watch localhost (originating app-> proxy) and ethernet (proxy->target) interfaces and, by matching payload of tcp connections (with correlating time), to identify the originating application, however it may be tricky to do so. Currently there is no logging of such info AFAIK.