Results 1 to 10 of 15

Thread: Bug: Wrong IP in alert box (for avginet.exe)

Hybrid View

  1. #1
    kitchin Guest

    Default Bug: Wrong IP in alert box (for avginet.exe)

    Zone Alarm is giving me the wrong IP destination in the alert box telling me that one of my programs, AVG, wants to access the internet (avginet.exe). The alert says, for instance,

    Application: avginet.exe
    Destination IP: 64.233.179.104: DNS

    But that IP belongs to Google and just happens to be the last connection I made in my web browser. When I block it and go to ZoneAlarm's logs, I see "Destination DNS" is blank for the "avginet.exe" event.

    So it looks like a bug. The destination is empty for whatever reason, and ZA just uses the last non-empty value. If I visit another website and try updating AVG again, the ZA alert box shows an IP related to that web address.

    I was wondering why AVG wanted to access Google!

    Version info: ZA 6.5.737.000, "Firewall is up to date."

    Operating System:
    Windows XP Pro
    Product Name:
    ZoneAlarm (Free)
    Software Version:
    6.5

    Message Edited by kitchin on 12-07-200611:41 AM

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,283

    Default Re: Bug: Wrong IP in alert box (for avginet.exe)

    Hi,
    just guessing but probably your AV (AVG) is filtering/scanning HTTP calls by IE.So, ZA just see your antivirus trying to connect to the internet since AVG intercepts call by IE and
    scan your traffic for maliciuos code...
    Well, I never used AVG antivirus so I may be completely wrong...
    Nevertheless, the warning means that AVG has no permission to connect to the internet... shouldn't be allowed to connect?
    Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    kitchin Guest

    Default Re: Bug: Wrong IP in alert box (for avginet.exe)

    Good idea about AVG getting in the middle of HTTP connections. I don't know if it does that. When I look at ZA program control, I see I have not given any of AVG's programs automatic permission, so I would doubt AVG is the one making the connection to Google. I still think it is a bug in ZA.

    As for the AVG updater, it recently changed, so ZA asked me if it should be allowed to connect. That's when I noticed all this.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Bug: Wrong IP in alert box (for avginet.exe)

    Are the DHCP and DNS servers listed as Trusted in the Zones of the Firewall of the Zone Alarm?

    The avginet.exe is the updater for the AVG. Make sure that this one is an authentic AVG component- check the properties and file location to verfiy that this is a true AVG and not malware.

    To the best of my knowledge, the AVG does not offer any web scanner.

    Do you use Gmail? This may help explain the google connection?

    In the right click of the avginet.exe in the Program list, uncheck use other programs for internet access in the Options, if this is available in the ZAFree version. Also be sure there are no server rights allowed for this application.

    What has the AVG forum replied about this?

    http://forum.grisoft.cz/freeforum/

    Oldsod
    Best regards.
    oldsod

  5. #5
    kitchin Guest

    Default Re: Bug: Wrong IP in alert box (for avginet.exe)

    Thanks Oldsod, I have reviewed your info and my hard drive, and still think it is a bug in ZA. When avginet.exe requests internet access, for some reason the destination IP is not present or not detected by ZA. Whether that is right or wrong, I don't know. But it is *incorrect* for the ZA alerter to display the *previous* destination IP requested, for instance by my web browser, and unrelated to the current alert. The ZA log for the avginet.exe event shows a blank destination IP.

    Message Edited by kitchin on 12-07-200603:20 PM

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Bug: Wrong IP in alert box (for avginet.exe)

    The blank destination could actually be the avginet.exe communicating with the localhost or 127.0.0.1 In this case there would be no destination DNS available.

    Tried some netstat commands or the TCPView to see what could be the destination IP?

    Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •