AVG Free question: avgtray.exe trying to access... something (ZA pop-up)

My stats: Windows XP SP2, ZoneAlarm 6.1.744.001, AVG Free 8.5.435

This has happened two times now about 10 days apart...

When I did my virus definition update via the "Check for updates" in the AVG Free program, the little ZA window popped up asking for permission for "AVG Tray" (avgtray.exe) to access something or other (see logs below). I never saw it before, so I let it just sit there while AVG updated. So then I finally just hit deny for it, and everything seemed to be fine. AVG Tray was added to the Program Control in ZA (with all ?'s) like any new program, but I removed it. Then I checked for updates to AVG again, just to see if it would pop up, and it didn't. And it didn't again until about ten das later (today) when it did it today.

avgtray.exe does always run in Task Manager (as far as I know), but I've never seen ZA ask permission to let it do something (and add it to the Program Control).

In Program Control, for AVG Free 8.5, I only have:

Product name AVG Internet Security
File name C:\Program Files\AVG\AVG8\avgemc.exe
Last policy update Not applicable
Version 8.5.0.401
Last modified date 8/17/2009 13:52:18
File size 886 KB

Product name AVG Internet Security
File name C:\Program Files\AVG\AVG8\avgupd.exe
Last policy update Not applicable
Version 8.5.0.427
Last modified date 1/7/2010 16:35:08
File size 1116 KB

Here's the info for avgtray.exe in Program Control, before I removed it:

Product name AVG Internet Security
File name C:\Program Files\AVG\AVG8\avgtray.exe
Last policy update Not applicable
Version 8.5.0.427
Last modified date 1/7/2010 16:35:30
File size 1995 KB

And here's the log stuff for when avgtray.exe was trying to do something the first time:

Description AVG Tray Monitor requested permission to access the internet.
Rating High
Date / Time 2010/02/18 08:13:08-8:00 GMT
Type New Program
Program C:\Program Files\AVG\AVG8\avgtray.exe
Source IP
Destination IP 208.67.222.222:53
Direction Outgoing (connect)
Action Taken Blocked (once)
Count 1
Source DNS
Destination DNS resolver1.opendns.com

Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.222.222NS).
Rating Medium
Date / Time 2010/02/18 08:14:58-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP
Direction Outgoing (connect)
Action Taken Blocked
Count 4
Source DNS
Destination DNS

Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (127.0.0.1ort 117.
Rating Medium
Date / Time 2010/02/18 08:14:58-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP 127.0.0.1:1178
Direction Outgoing (connect)
Action Taken Blocked
Count 1
Source DNS
Destination DNS Loopback

Description AVG Tray Monitor was temporarily blocked from connecting to the Internet (199.71.0.44NS).
Rating High
Date / Time 2010/02/18 08:14:58-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP 199.71.0.44:53
Direction Outgoing (connect)
Action Taken Blocked
Count 5
Source DNS
Destination DNS ws.arin.net
I think this was me looking up the IP address I saw at ReverseIPLookup.

Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.220.220NS).
Rating Medium
Date / Time 2010/02/18 08:15:00-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP 208.67.220.220:53
Direction Outgoing (connect)
Action Taken Blocked
Count 3
Source DNS
Destination DNS resolver2.opendns.com

Description AVG Tray Monitor was temporarily blocked from sending data to the local zone (208.67.222.222NS).
Rating Medium
Date / Time 2010/02/18 08:15:02-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP
Direction (data)
Action Taken Blocked
Count 1
Source DNS
Destination DNS


And here's the log stuff for when avgtray.exe was trying to do something the second time, which was today:

Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.222.222NS).
Rating Medium
Date / Time 2010/02/28 13:35:24-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP
Direction Outgoing (connect)
Action Taken Blocked
Count 4
Source DNS
Destination DNS

Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (127.0.0.1ort 1061).
Rating Medium
Date / Time 2010/02/28 13:35:24-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP 127.0.0.1:1061
Direction Outgoing (connect)
Action Taken Blocked
Count 1
Source DNS
Destination DNS Loopback

Description AVG Tray Monitor was temporarily blocked from connecting to the Internet (212.96.161.234NS).
Rating High
Date / Time 2010/02/28 13:35:24-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP 212.96.161.234:53
Direction Outgoing (connect)
Action Taken Blocked
Count 5
Source DNS
Destination DNS guru.avg.com

Description AVG Tray Monitor was temporarily blocked from sending data to the local zone (208.67.222.222NS).
Rating Medium
Date / Time 2010/02/28 13:35:26-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP
Direction (data)
Action Taken Blocked
Count 1
Source DNS
Destination DNS

Description AVG Tray Monitor was temporarily blocked from connecting to the local zone (208.67.220.220NS).
Rating Medium
Date / Time 2010/02/28 13:35:26-8:00 GMT
Type Program Access
Program avgtray.exe
Source IP
Destination IP 208.67.220.220:53
Direction Outgoing (connect)
Action Taken Blocked
Count 3
Source DNS
Destination DNS resolver2.opendns.com

Then, both instances, I finally chose "block" then just removed it from the Program Control (since it got added).

The first time, I ran scans with AVG and SuperAntiSpyware, just to be safe, and both came up okay. I don't *think* it seems like anything nefarious, but it is weird that it's just started doing this recently, and now it's two times (and it's not every time I try to update -- I updated virus definitions many times between the two incidents).

Any thoughts?

Thanks for the help!

 

I think it's just a usual AVG thing, when I used ZA and Avg it did the same thing and I just allowed it.

 

Thanks for the reply! Are you talking about avgtray.exe particularly?

I have these other two things normally in ZA:

Product name AVG Internet Security
File name C:\Program Files\AVG\AVG8\avgemc.exe
Last policy update Not applicable
Version 8.5.0.401
Last modified date 8/17/2009 13:52:18
File size 886 KB

Product name AVG Internet Security
File name C:\Program Files\AVG\AVG8\avgupd.exe
Last policy update Not applicable
Version 8.5.0.427
Last modified date 1/7/2010 16:35:08
File size 1116 KB

...but avgtray.exe has never asked for permission in the x-number of years I've been using AVG Free (so that's why I'm wondering).

 

I remember seeing AVG tray monitor connecting online, I have not used AVG in 6+ months but I am pretty sure it connected.

 

Thanks for the replies!

That's good to know. Next time it asks for permission, I'll be sure to allow it.

Do you think there's anything to worry about not having it allowed it these past two times?

Re: AVG Free 8.5/9.0 -- Yeah, I'm still holding out for the last minute. I'm hoping/assuming they'll post something on their site ahead of time that support is ending and not just end it. I keep checking this thread for updates -- which hasn't been updates since Nov. 2009. If you hear anything, please PM me and let me know!

(I put it off just because I have to set time aside to do it and hope nothing goes wrong! I am a bit fearful about the slowdowns with their computer, and hard drive always running, with AVG 9.0 with similar set-ups to mine, but those were old posts and hopefully that's not an issue any longer...)

Thanks again!