Excess traffic?

Avast Business Avast Distributed Network Manager
1

Hi,

We noticed in the firewall logs from the hardware firewall that a bunch [many?] of our workstations are checking in with Avast’s server for updates even though they all seem to be communicating with our server.

Any reason for this? Normal?
Can I reduce the frequency for checking?

Thanks

2

Hi,

I don’t know your system.
Is next help you?

avast Distribution Network Manager has two servers.

  1. avast! iAVS4 Mirror HTTP Server(Default Port 5033)
    This Server is for Client(VPS-Update) and Child-AMS(mirror.exe)
    If you chose autoupdate default update interval 30minutes.
    If you want to change this value,you can config Computer Catalog’s update section.

  2. avast! Management Server(Default Port 16111)
    This Server is managed NetClient.
    Default interval 10minutes. → If you want to change this value,You can config Computer Catalog’s communication section.
    And this Server is update mirror-folder by mirror.exe

Each Clients update log
Mirror(avast! iAVS4 Mirror HTTP Server 5033) ← NetClient
C:\Program Files\Alwil Software\Avast4\Setup\setup.log

23:19:45 min/gen Started: 19.04.2009, 23:19:45
23:19:45 min/gen Running setup_av_net-3ed (1005)
skip
23:19:45 min/gen Cmdline: /downloadpkgs /noreboot /updatevps /verysilent /limitcpu
23:19:45 vrb/gen DldSrc set to inet
23:19:45 vrb/gen Operation set to INST_OP_UPDATE_GET_PACKAGES
23:19:45 min/gen Old version: 3ed (1005)
23:19:45 vrb/reg Deleted registry: Software\Alwil Software\Avast\4.0\UpdateReady
skip
23:19:45 min/gen Mirror server pseudo definition loaded ashttp://192.168.10.84:5033’.
23:19:45 nrm/gen Server definition(s) loaded for ‘mirror’: 1 (maintenance:0)
23:19:45 nrm/gen SelectCurrent: selected server ‘temp_mirror’ from ‘mirror’
23:19:45 min/pkg GetPackages - set direct connection for mirror
23:19:45 nrm/int SYNCER: Type: no proxy
23:19:45 nrm/int SYNCER: Auth: no authentication
skip
23:20:08 nrm/pkg Transferred: files 11, bytes 406721, time 720 ms
23:20:08 nrm/pkg Retries: total 0, files 0, servers 2
23:20:08 nrm/pkg Submit: files 0, bytes 0, time 0 ms
23:20:08 nrm/pkg Submit success: files 0, bytes 0, time 0 ms
23:20:08 vrb/fil NeedReboot=false
23:20:08 min/gen Return code: 0x20000000 [Something done]
23:20:08 min/gen Stopped: 19.04.2009, 23:20:08

avast! Management Server update log (Alwil Download Servers ← AMS)
C:\Program Files\Alwil Software\Management Tools\mirror\logs\mirror.log

Thanks.

3

The problem, primarily, is that our clients [110 of them] occasionally are checking for updates from Avast’s own server instead of our own server.

[I “inherited” the server so I wasn’t the original installer.]

We don’t have a mirror server so I know that if the clients can’t communicate with the server they go on the 'net. That’s fine. But even my own PC checked with Avast’s server directly maybe 75 minutes ago [got a 0000274D error in my system’s Avast log]. Our AMS server has been up. No reboots or anything. Surely the server can handle 110 clients on it’s own.

4

do u have a AMS (mirror server) or not?

if u have AMS then u use a mirror server, if the clients dont contact that server then the setting is not correct anymore and u can
change that by goin to the ADNM console rightclick on the folder that ur computers are in and find the setting for which server to use for the updates…

ur a little bit confusing, u say u dont have a server but next u say u have a server… ? (no offense meant, just confused about ur setup)

5

Here we go again. We have our own AMS server [obviously] with 110 clients. We have no mirror to the server.

If [according to the manual] a single server can handle hundreds of clients [and our AMS is on a strong server] why do we need a mirror?

Does not explain why our Avast clients are accessing Alwil’s own servers?

6

sorry my bad reading for ur setup, i must have been thinking in my had with another thread or something where it was not clear how the setup was…

did u check what i said in: “goin to the ADNM console rightclick on the folder that ur computers are in and find the setting for which server to use for the updates…”

there is the server the clients will check with, if that is pointing to the wrong server then they will either look for the new ams or go to internet…

7

from what i understand, and i may be wrong so dont flame… but, this:

the ADNM (AMS) server keeps a registry of settings and computers and whatnot.

the MIRROR, also being the same adnm server as above, is not a mirror of your adnm, rather it is a mirror of avast’s own update definition servers.

SO, if you dont have a mirror - you have nothing for the clients to update with, and thus they go out to the internet and get the updates.

if you set up the mirror on your own adnm server, your clients will get the updates from your server and will not check-in with avast’s servers.

8

Found out the mirror stopped on it’s own. Started it up and it’s fine.