Avast had implemented "streaming updates" using buzwords to make basic functionality seem impressive. Nevertheless, my ASG box appears to block some of the traffic coming from machines and I can't figure out why.
The machine in question:
A Win7-64 box running virtually on my Apple Laptop. [VMWare Fusion] 4.11
Network config on the VM is NAT to my laptop.
The firewall log shows this..
12:11:22 Default DROP TCP 10.1.2.3 : 49769 → 74.86.232.46 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49770 → 64.95.244.66 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49758 → 64.95.244.67 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49771 → 64.95.244.67 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49759 → 64.95.244.68 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
the 64.x.y.z address above resolves to... r-066-244-095-064.avast.com
Interestingly I can update the program using the Avast UI and have added a web exception allowing all traffic to all sites with avast.com in the domain. See Here:
![]()
![]()
AntiVirus[Avast]Skipping:Authentication / Caching / Extension blocking / MIME type blocking / URL Filter / Content Removal / Accessed page logging / Blocked page loggingMatching these URLs:
^https?://([A-Za-z0-9.-]*\.)?avast\.com/
^https?://([A-Za-z0-9.-]*\.)?sophos\.com/
208.43.71.147
I'm assuming the traffic is legitimate so at the least I'd like to get these packets flowing and clean up my firewall log.
Any thoughts?
Thanks,
Doug
The machine in question:
A Win7-64 box running virtually on my Apple Laptop. [VMWare Fusion] 4.11
Network config on the VM is NAT to my laptop.
The firewall log shows this..
12:11:22 Default DROP TCP 10.1.2.3 : 49769 → 74.86.232.46 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49770 → 64.95.244.66 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49758 → 64.95.244.67 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49771 → 64.95.244.67 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
12:11:25 Default DROP TCP 10.1.2.3 : 49759 → 64.95.244.68 : 80 [SYN] len=48 ttl=63 tos=0x00 srcmac=4:c:ce:dc:50:82 dstmac=0:c:29:67:ac:84
the 64.x.y.z address above resolves to... r-066-244-095-064.avast.com
Interestingly I can update the program using the Avast UI and have added a web exception allowing all traffic to all sites with avast.com in the domain. See Here:
AntiVirus[Avast]Skipping:Authentication / Caching / Extension blocking / MIME type blocking / URL Filter / Content Removal / Accessed page logging / Blocked page loggingMatching these URLs:^https?://([A-Za-z0-9.-]*\.)?avast\.com/
^https?://([A-Za-z0-9.-]*\.)?sophos\.com/
208.43.71.147
I'm assuming the traffic is legitimate so at the least I'd like to get these packets flowing and clean up my firewall log.
Any thoughts?
Thanks,
Doug