Jump to content

False positive on avastsvc.exe


wombat88

Recommended Posts

I use Avast for antivirus protection and it uses avastsvc.exe in the title to do updates, I think. I've set up a rule to ignore avastsvc.exe but MalwareBytes continues to block IP addresses used by Avast. I believe this is a false positive as I do not see any reason why these IPs would be blocked given the nature of the program (anti-virus). Here is a portion of my most recent log (replaced name with admin). MalwareBytes keeps blocking the same IP address, though the ports used change in each log file:

11:48:40 (admin) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60318, Process: avastsvc.exe)

11:48:40 (admin) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60319, Process: avastsvc.exe)

11:48:40 (admin) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60321, Process: avastsvc.exe)

11:48:40 (admin) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60322, Process: avastsvc.exe)

On another day, the log file was even worse and several different IP addresses were involved:

00:37:47 (ADMIN) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60111, Process: avastsvc.exe)

00:37:47 (ADMIN) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60112, Process: avastsvc.exe)

01:10:00 (ADMIN) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60673, Process: avastsvc.exe)

01:10:00 (ADMIN) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60676, Process: avastsvc.exe)

23:09:25 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59764, Process: avastsvc.exe)

23:09:25 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59765, Process: avastsvc.exe)

23:09:25 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59766, Process: avastsvc.exe)

23:09:25 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59767, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59773, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59775, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59774, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59776, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59780, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59781, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59783, Process: avastsvc.exe)

23:09:33 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59784, Process: avastsvc.exe)

23:09:49 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59787, Process: avastsvc.exe)

23:09:49 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59788, Process: avastsvc.exe)

23:09:49 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59796, Process: avastsvc.exe)

23:09:49 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59797, Process: avastsvc.exe)

23:10:21 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59860, Process: avastsvc.exe)

23:10:21 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59861, Process: avastsvc.exe)

23:10:21 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59862, Process: avastsvc.exe)

23:10:21 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59863, Process: avastsvc.exe)

23:10:29 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59866, Process: avastsvc.exe)

23:10:29 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59867, Process: avastsvc.exe)

23:10:53 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59869, Process: avastsvc.exe)

23:10:53 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59870, Process: avastsvc.exe)

23:11:01 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59872, Process: avastsvc.exe)

23:11:01 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59873, Process: avastsvc.exe)

23:11:01 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59875, Process: avastsvc.exe)

23:11:01 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59876, Process: avastsvc.exe)

23:11:10 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59879, Process: avastsvc.exe)

23:11:10 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59880, Process: avastsvc.exe)

23:13:36 (ADMIN) MESSAGE IP Protection stopped

23:13:37 (ADMIN) MESSAGE IP Protection started successfully

23:13:52 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59952, Process: avastsvc.exe)

23:13:52 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59953, Process: avastsvc.exe)

23:13:52 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59954, Process: avastsvc.exe)

23:13:52 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59955, Process: avastsvc.exe)

23:14:00 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59957, Process: avastsvc.exe)

23:14:00 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59958, Process: avastsvc.exe)

23:14:00 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59960, Process: avastsvc.exe)

23:14:00 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59961, Process: avastsvc.exe)

23:14:08 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59967, Process: avastsvc.exe)

23:14:08 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59968, Process: avastsvc.exe)

23:14:08 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59969, Process: avastsvc.exe)

23:14:08 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59970, Process: avastsvc.exe)

23:14:16 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59974, Process: avastsvc.exe)

23:14:16 (ADMIN) IP-BLOCK 89.111.176.226 (Type: outgoing, Port: 59975, Process: avastsvc.exe)

23:14:36 (ADMIN) MESSAGE Added 89.111.176.226 to ignore list

23:14:52 (ADMIN) MESSAGE IP Protection stopped

23:14:52 (ADMIN) MESSAGE IP Protection started successfully

23:15:08 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60025, Process: avastsvc.exe)

23:15:08 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60026, Process: avastsvc.exe)

23:15:08 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60036, Process: avastsvc.exe)

23:15:08 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60037, Process: avastsvc.exe)

23:18:04 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60223, Process: avastsvc.exe)

23:18:04 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60224, Process: avastsvc.exe)

23:18:04 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60250, Process: avastsvc.exe)

23:18:04 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60251, Process: avastsvc.exe)

23:18:12 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60263, Process: avastsvc.exe)

23:18:12 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60264, Process: avastsvc.exe)

23:20:28 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60303, Process: avastsvc.exe)

23:20:28 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60304, Process: avastsvc.exe)

23:20:28 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60316, Process: avastsvc.exe)

23:20:28 (ADMIN) IP-BLOCK 90.156.145.38 (Type: outgoing, Port: 60317, Process: avastsvc.exe)

23:21:25 (ADMIN) IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 60448, Process: avastsvc.exe)

23:21:25 (ADMIN) IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 60449, Process: avastsvc.exe)

23:21:33 (ADMIN) IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 60483, Process: avastsvc.exe)

23:21:33 (ADMIN) IP-BLOCK 208.87.149.250 (Type: outgoing, Port: 60484, Process: avastsvc.exe)

23:28:29 (ADMIN) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60856, Process: avastsvc.exe)

23:28:29 (ADMIN) IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 60857, Process: avastsvc.exe)

Link to post
Share on other sites

Greetings :)

Malwarebytes isn't actually blocking Avast!, those IP's are not Avast! update servers. Please refer to the section that says Why is Malwarebytes' blocking my antivirus? in Section G of our FAQ. It explains why this happens.

There is some other process attempting to access those IP addresses, but Windows reports the process that is connecting as being Avast! because Avast! intercepts all internet traffic to and from your computer to check it for malicious content and Malwarebytes gets its info on the process from Windows, so basically Windows tells Malwarebytes that the process is Avast! even when it is not.

A bit confusing I know, but hopefully this info will help to clarify the issue.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.