Why is AVAST reporting back every application I run?

I upgraded to Avast 7 and soon noticed a lag when I start up applications. So I ran a sniffer to see and got a shock! Avast was sending back whatever apps I start, here is a snippet:

Remote Host	vl.ff.avast.com 
Remote Port	80 
Service Name	http 
Capture Time	3/6/2012 11:58:36 AM


POST /F/...............snipped...............  HTTP/1.1
Accept: */*
Content-Type: application/octet-stream
Host: vl.ff.avast.com
Content-Length: 122

........snipped..........*;C:\Documents and Settings\Administrator\Desktop\h2testw.exe2.ign:...


This raises security and privacy concerns. My Windows account name, my folder structures, application name are all sent back to avast and it wasn’t even encrypted.

And I have disabled all cloud and community functions within avast’s settings beforehand.

Please, can Avast address this issue.

The sending of such information seems consistent with one or more avast features, but you say you disabled those. Have you gone back through all the settings and carefully double checked things to make sure for example that the avast community, WebRep, and FileRep (file reputation) features are disabled?

Is this happening a) for files you just downloaded/ran, b) for files that have been on your machine for awhile, c) both?

I checked again, under Settings, everything is unchecked in Cloud Services and Community.

I don’t see Webrep or Filerep, maybe because I chose a minimal install of v7.0.1407.

It sends back to Avast, all programs, new or old, for every new session of Windows; meaning, if I restart my Windows, it will log and send back the same programs I run again.

To me, its behaving like a keylogger or in this case a What-App-I-Use-logger.

I can understand if it needs to send back suspected malware infected file info but NOT every apps I run. And it is not encrypted, if someone is sniffing my traffic, he will have a very nice and complete profile of what I am doing on my computer.

That was a bug and should be fixed in the latest build.
http://forum.avast.com/index.php?topic=94790.0

Asyn, what was the bug? Since jamesc mentioned not seeing web or file reputation service settings… was the community feature checkbox not being honored?

Sorry, but only the devs can answer that.

Are you sure this has been mentioned as a bug? I mean checking the cloud when it’s supposedly disabled? I don’t recall seeing it anywhere…

http://forum.avast.com/index.php?topic=94926.msg757793#msg757793
http://forum.avast.com/index.php?topic=94145.msg749535#msg749535

Thanks for posting the links Gargamel. :slight_smile:

Np

  1. Yes, these are FileRep requests (on-exec).
  2. Yes, there was a bug in version 7.0.1407 that these requests were being made even if FileRep was disabled. This is now solved in build 7.0.1426.

Thanks
Vlk