Hi all,
I’ve been using the free version of avast for a while, new to these forums and have a question re the update facility of avast.

Recently (within the last week) most likely due to an update, avast is trying to access IP addresses I’ve never seen (or perhaps not noticed?) before. In the past I granted access to the web via zonealarm and never got asked again till the last week. Normally that happens when the exe file changes etc and I grant access again, however this time the ip addresses look peculiar and I’m getting multiple requests.

Avast is trying to access addresses I think are wrong: for example.
70.85.96.90, 178.63.99.4, 174.36.159.208 (may have been 207?), 74.86.126.236, 74.55.74.110

Is there an issue here or should I let zonelalarm grant access? When I reverse dns these they go back to softlayer and “the planet” etc

To be on the safe side I’ve uninstalled avast, ran the cleaner and re-installed 5.1.889 and I’ll see if that behaviour continues, but I’d like to know if there is a set ip range or set IP that avast should be accessing for updates.

thanks for your help

Greg

server.def file contain the servers accessed by avast during the installation.
Due to balancing the 140+ million users, the IP changes and also the server.def file.

Hello greg-au and welcome to the forum.

There have recently been Avast server changes, and depending on where you live may use a different server as well. Perhaps the recent changes are why you are seeing different activity. Thank you.

"...What IP addresses should avast be trying to access?..."

Avast Antivirus Free Connections

cmd command: netstat -aon

Avast User Interface Connections:

Process:
C:\Program Files\Alwil Software\Avast5\Avastui.exe

Proto Local Address Foreign Address State PID
TCP xx.xxx.xxx.xxx:1783 74.86.126.236:443 CLOSE_WAIT 344
TCP xx.xxx.xxx.xxx:1784 74.86.126.236:443 CLOSE_WAIT 344
TCP xx.xxx.xxx.xxx:1785 174.37.192.139:443 CLOSE_WAIT 344
TCP xx.xxx.xxx.xxx:1786 174.37.192.139:443 CLOSE_WAIT 344
TCP xx.xxx.xxx.xxx:1788 174.37.192.139:443 CLOSE_WAIT 344
TCP xx.xxx.xxx.xxx:1789 174.37.192.139:443 CLOSE_WAIT 344

Avast Service Listening Ports:

Process
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

Proto Local Address Foreign Address State PID
TCP 127.0.0.1:1192 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1193 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1194 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1195 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1196 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1197 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1198 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:1199 0.0.0.0:0 LISTENING 1836
TCP 127.0.0.1:12080 0.0.0.0:0 LISTENING 1836

Update Virus Definitions Connections (uses different addresses and ports):

Process:
C:\Program Files\Alwil Software\Avast5\Setup\Avast.Setup

Proto Local Address Foreign Address State PID
TCP xx.xxx.xxx.xxx:1790 174.120.185.26:80 ESTABLISHED 3004
TCP xx.xxx.xxx.xxx:1791 87.248.217.253:80 ESTABLISHED 3004

Update Program Connections (uses different addresses and ports):

Process:
C:\Program Files\Alwil Software\Avast5\Setup\Avast.Setup

Proto Local Address Foreign Address State PID
TCP xx.xxx.xxx.xxx:1793 74.52.200.114:80 ESTABLISHED 3396
TCP xx.xxx.xxx.xxx:1794 208.43.71.137:80 ESTABLISHED 3396

Note: Avast.Setup is a “phantom” process, it loads in memory and exists only during update, that’s why it appears in Firewall as an “Unidentified Flying Object”:

http://i381.photobucket.com/albums/oo253/mxtvmn271208/pic_04.jpg

Thanks. :-[

exactly, AvastUI, especially in the free version, accesses constantly tens and tens of IPs on misc servers for advertising purposes (including AIS promotion). Nothing to do with the setup process or upgrade as funnily mentioned by some of the posters above Block these IPs, and Avastfree will keep running properly with no restriction at all.