I run Avast Free AV on my home PCs. I also run a PiHole DNS server for logging / monitoring / blocking traffic. I noticed a couple of weeks ago that one of my machines was making weird DNS requests over the period of about 3 minutes every day. The time of day of the requests started around 5AM and slowly migrated 10 - 12 minutes a day until it was running around 6:30 AM. I finally tracked this behavior down to being caused by Avast (determined this by uninstalling Avast, causing the requests to stop). The requests were to about 40 different websites - roughly 50% of which are well known banks (e.g. Citi, Wells Fargo, USBank, Santander, etc.) and the others well known search / mail providers (e.g. Yandex, Mail.ru, & Wordpress.com).
I believe I have figured out that this is caused by the Avast Home Network Security feature which checks for DNS compromise / redirection to unrelated sites (see this topic board: https://forum.avast.com/index.php?topic=163825.0). My understanding is that these IPs are pulled from the Alexa Top 1000 sites.
What’s causing me some concern however is I have Avast running on a second computer with the same setup & I’m not getting any of these strange requests? Can anyone confirm if these requests are being made by Avast? Why would my second PC not be making these requests if it’s setup is the same?
My next thought on how to test further would be to reinstall Avast on the PC that was making the strange requests and a) see if they start up again & b) turn off the home network security feature & see if they stop. Any better ideas?
