Program Version: 7.0.1456
Definition Version: 120814-1
Windows-7 Ultimate (64-bit)

Enclosed/Attached please find the following files:

-Avast_Version_Information.png – Screen-Shot
-Avast_UPdate_Settings.png – Screen-Shot

• Below are log entries evidencing Avast phoning home while the UPdate settings are set to manual.

We have our Avast set to ‘not’ automatically update, but rather , to ‘manually update’. Why is Avast continuing to reach out to the avast servers using both post and get methods while the program is set to ‘not’ automatically update?

We need Avast to not, (for any reason) contact the mother-ship(s) until we left click ‘update’ --without blocking the connection using a firewall. Please assist us in accomplishing our goal.

LOG ENTRIES:
No. Time Source Destination Protocol Info
32 08/14/2012 21:00:50 MY.IP 72.5.58.117 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

14859 08/15/2012 0:15:49 MY.IP 72.5.58.118 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

48681 08/15/2012 3:30:05 MY.IP 72.5.58.117 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

327098 08/15/2012 6:43:55 MY.IP 72.5.58.115 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

333037 08/15/2012 8:03:57 MY.IP 208.43.33.110 HTTP GET /files/emupdate/patches.ini HTTP/1.1

344541 08/15/2012 9:57:43 MY.IP 72.5.58.116 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

463639 08/15/2012 11:51:36 MY.IP 72.5.58.117 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

464810 08/15/2012 12:00:00 MY.IP 72.5.58.117 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

472347 08/15/2012 13:11:17 MY.IP 72.5.58.118 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

472688 08/15/2012 13:13:06 MY.IP 72.5.58.115 HTTP GET /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1

472726 08/15/2012 13:13:30 MY.IP 72.5.58.115 HTTP GET /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1

472812 08/15/2012 13:14:28 MY.IP 199.189.105.116 HTTP GET /files/emupdate/patches.ini HTTP/1.1

486891 08/15/2012 16:25:49 MY.IP 72.5.58.117 HTTP POST /F/AAEv_0jmugtO4JHHshJz2oaM HTTP/1.1 (application/x-enc)

Respectfully …

The interface have changeable information, the community options also, there are the streaming updates also…

I believe that the streaming updates require that the virus definitions updates are set to Auto, so that ‘shouldn’t’ be it. Though I’m at a loss as to what it might be.

Seriously, is this not a concern?

We can understand the ads may generate traffic when you have the UI open, but that is not the case. We have Avast minimized to the tray icon, with all updates off --and for whatever reason Free.Avast polls the Avast servers periodically with ‘GET’ and ‘POST’ transactions --without asking/prompting.

It is, but as an avast user I have no idea why this is happening if auto updates are off.

This is the file reputation (cloud scanning) system. It’s a key part of the innovations introduced in avast v7 (and, seriously, it is saving tens of thousands of our users from malware every day).

If you’re uncomfortable with it though, you’re of course free to disable it. Summary → Cloud Services → Settings → uncheck “Enable reputation services” (I’m not sure but the changes may not become effective until after the next reboot).

Thanks
Vlk

I am on Vlk’s side here.
I would strongly advise against disabling it,
as it forrms such a vital part of the user’s protection.
Plus the data that are exchanged are thoroughly encrypted.
Working a browser, you will find that what you exchange
with third parties is much more critical and often goes raw over the wire…
plus everyone accept this as a given fact, and no one complains…
One should trust an av-solution for what it does. No more no less.
Some in the States are blowing Privacy Protection out of proportion,
and not only in the States, and sometimes this gets blown up like a
“Great American Privacy Violators Hunt” i.m.h.o.

polonus

Thanks Vlk for remembering us how important are the cloud features.
Please, users, keep it on and help the community protection.

This is good information to know (Thank you). We will admit, We did not know what to search for in the Avast-7 help system or the forum(s) other than “phone home”, to find out what was allowing/triggering this traffic between Avast-7 and the Avast.Servers/hosts.

We will research further by disabling [Summary → Cloud Services → Settings → uncheck “Enable reputation services”], in addition to disabling ‘all’ updates --while continue to monitor the traffic between the Avast-7 client and the hosts its speaking with.

We will provide the results (here) for anyone who is interested.

Sure thing.

Thanks
Vlk

@End_User

I personally am interested in finding out how to get more protection. I’m not really interested in how to get less. :o
Turning off the cloud protection and auto-updates including the streaming updates seriously impacts the protection
we’ve finally gotten accustomed too.
It is however your computer so have fun.

Wow, I never understand people who want to cripple their AV service to the point where the AV can not do it’s job of complete protection. Using manual update leaves your computer much less protected in between those infrequent manual updates. Suppose you update manually each week, or for that matter, even daily. During that time between manual updates, your computer could easily become infected by new malware. Then, you will be blaming Avast for not protecting your computer. On the other hand, had you had automatic updating, which most often happens multiple times a day at various times adding new malware detections, your computer would most likely have been protected and would not have become infected.

And as Vlk also pointed out, file reputation is very much needed to protect your computer when surfing the web from site to site. And do not tell us you only visit safe sites. Because of today’s malware, there is no such thing as a completely safe web site. Those so called ‘safe web sites’ are easily injected with malware that can not be seen when you visit the sites. You do not even have to click on anything on that web site you thought was safe. All you have to do is visit the web page and you are infected when you have crippled your AV.

Sure, go ahead and disable all those services that “contact the mother-ship(s)” and let us see how long you last.

Something to keep in mind -

When on-line, if you can not trust your AV service, then you can not trust anyone on-line … nor should you be on-line at anytime.

There are people on the internet who do know how to change their own tire you know.

The analogy makes no sense at all.

I have my updates set to happen every 16440 minutes because I know what I’m doing when browsing the internet.

Anything that I do download is from someplace I trust, if I didn’t trust the site, I wouldn’t be there.
If I do have to visit a site that I may not trust, I’ll use Lynx.
I have reputation services disabled, and streaming updates disabled.
Despite that, I still find Avast blocking access to some really freshly made sites because the reputation of that site is untrusted, so apparently the status of the above is disregarded.

There is a difference between reputation and infection.
Since it’s impossible to tell by simply looking at a site which one is clean and which one is infected,
there is no such thing as “Safe Surfing”. That’s the job of your AV and if you cripple it, you’re the one who is putting
yourself at risk.
As I’ve already said, It’s Your Computer.

I don’t want to cripple it, I want it to update when I tell it to update, and that’s when I’m NOT using the computer.

Which would be anytime after I go to bed.

So I would rather have avast preform updates at, say, 2am?

Even if you know what you are doing, how does that apply to the case then a site, which you browse every day, gets hacked and infected, invisibly installing some malicious code on your computer via a 0-day exploit in the OS, browser, or any of its helpers? You can be the biggest expert in the world and it wouldn’t help you much here…

The reputation is used only to display those colored icons if you have WebRep enabled, certainly not for detection/blocking.
So if avast! blocks a site for you (or anyone else for that matter), it’s definitely unrelated to its reputation - it’s because the site has been found infected.

Well, I understand what you are saying, but I’m afraid it doesn’t make much sense for me - what’s the point of having an updated antivirus when you’re not using the computer?
The moments when you are using the computer, that’s when you need to have it updated.

Thank you Tech, Bob, & igor!