AntiVir - Constantly accepting Internet Data

Discussion in 'other anti-virus software' started by pcontour, May 6, 2005.

Thread Status:
Not open for further replies.
  1. pcontour

    pcontour Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    29
    If you look at the attached picture, you can see a zone alarm screen showing the current activity. The two hand cursors at the top are pionting at missing icons. The two icons pointed to were flashing indicating that they are sending or recieving data from the internet. These two have been constantly flashing today. The two programs are Antivir Guard XP and the AntiVir Service. They are pointed to by the two cursors in the centre left of the picture. These two processes are constantly sending and recieving data from the internet.

    The hand pointer above the system tray is just above the internet activity meter of zone alarm. It is staying at that level.

    I've never seen this kind of activity from any other Virus scanner before. I uninstalled an reinstalled with the same result. Anyone know what they are really doing?

    I have turned off their access to the internet.
     

    Attached Files:

    • a032.gif
      a032.gif
      File size:
      23.4 KB
      Views:
      172
    Last edited: May 6, 2005
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    AntiVir uses TCP/IP protocol to comunicate between its components.
    Check the origin/target of communications and you should see that they are all under localhost (127.0.0.1).
     
  3. pcontour

    pcontour Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    29
    That sounds good, what tool can I use to check this out.


    Also since you are an Avast Guru you may be able to comment on this - I just replaced Avast with AntiVir, when I removed Avast compared to with AntiVir my computer started up in half the time. Is that normal with Avast?
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Pretty much depends on hardware you have. Also avast! appears to be a bit heavier than AntiVir and AVG since it supports more packers. And packers can take few CPU cycles more to complete scanning files. It's hard to say when i don't actaually see such PC in front of me.
     
  5. pcontour

    pcontour Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    29
    What tool can I use to monitor the TCP/IP communication.
     
  6. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    There's nothing wrong with your ZA or AntiVir and you don't need any tool.It's normal.You don't have to do anything more to allow the loopback than you have already done.If AntiVir wants to comunicate with his components and you have him allowed outbound to your trusted zone,that's the loopback as intended in ZA settings if i remember correctly.

    If you want to sleep more secure,you can use Active Ports(freeware) to verify that it comunicates to 127.0.0.1.The service is for the updates so it should connect to some german IP i suppose
     
  7. pcontour

    pcontour Registered Member

    Joined:
    Aug 18, 2004
    Posts:
    29
    I would like to become more familiar with what programs use various ports, and also in a similar situation in the future, where the firewall is running unexpected traffic, I would be able to figure out what is happening myself. With ZA you never become aquainted with any of the usual IP addresses and port numbers like in typical commercial firewalls. This tool you mentioned will help me gain another level of understanding.
     
  8. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    If you want to see ports and keep ZA,then download Active Ports.

    Even better,use Kerio 2.1.4.It's free and you can still find him in google and also the lightest firewall i ve seen (about 2mb ram) (what i use,has a remote administration hole,but i don't use it and it's more stable for me) or 2.1.5.Use Blitzen Zeus' default replacement rules from here:
    http://www.dslreports.com/forum/kerio

    And you ll have the possibility to see every connection,ports etc and you ll learn more about ports yourself (like pop3 is 110,smtp 25,netbios 137-139,445 etc)
     
Loading...
Thread Status:
Not open for further replies.