@Danilo,
thanks for posting this here!
Around the same time I have also been bruteforce "attacks" trying to access some of my home network devices. Firstly, my wifes notebook and then my son's & I was also able to trace it back to when AVG was running scans on their notebooks.
This is definately a feature was only just recently enabled by AVG. Plus, I see no need for this type of activity. We do not even know what AVG are doing with the data even if you were successful in gaining access to other devices.
So, on public networks it may seem that my notebook is trying to potentially brute "attack" other devices.
This is totally unacceptable.
regards,
Pal
Hello Danilo,
We are glad to look into this and help you.
AVG Internet Security has a remote desktop shield which will block the Brute force attack.
Remote Access shield prevents your computer from brute force attack. For more info, you can check this article (https://bit.ly/3hvEvWo).
Thank you.
Hello Dinesh,
Just for your information, I have discovered that is AVG to execute this kind of bruteforce when you do a network scanning using the "Network Inspector" feature. At present time I am very busy but in the past I have raised a legal issue to the producer of another security software that have integrated in his product a similar feature. Here in Italy (and may be in other countries) is illegal to execute a network scan and after that execute a brute force of the discovered services without to ask a written permission before to the owner, in Italy this is a criminal offence and if the activity create damages there is a increase of punishement.
I will suggest to AVG at least to warn the user before the network scanning and providing a report with all the "border line" actions at the end of the scan.
Regards
Danilo
UN-BE-LIEVABLE !!!
Danilo is absolutely right and I have just experienced the exact same behavior on my son's laptop. The same list of user accounts and brute-force hack attempts. Took me 2 hours to troubleshoot and try various virus and malware scanners.
It is clearly AVG that is triggering this network scan and brute-force attack. This is entirely unacceptable and in many countries ILLEGAL !!! As a result a NAS server that is part of my home network blacklisted the related IP. So because of this unacceptable scan any shares on that NAS can no longer be accessed from that laptop. Ridiculous.
What is the purpose of this? Well, given the user names that are tried here AVG is scanning the network to find any attached IP cameras which have their default logins enabled. Probably to then try and upsell a full license to address that. Sorry guys, that is not acceptable.
The fact that the initial responses dodged the very clear question but also tried to upsell does not make that better.
I STRONGLY advise your strategic and legal team to look at this and remove this practice immediately. For me, I will remove all your products immediately and will never install nay of them ever again.
Hello Hari,
from your answer "AVG is designed to protect your computer" but in my humble opinion it do not must try to damage the other computers/devices connected to my network without at least provide a clear information BEFORE to execute this kind of activity.
Regards
Danilo
Hello, two days ago my wife has updated her installation of AVG Internet Security product (subscribed one, not freeware or trial) and just few seconds after I have noticed a distributed brute force attack on all my devices with ssh enables (like Linux PC ones, commercial NAS, home automation devices, and so on) coming from her PC.
The bruteforce has used some account names like:
- root
- admin
- admin1
- 666666
- 888888
- supervisor
- guest
- Dinion
I have take an investigation on her PC but I have not find anythingc and before go deep I would like to know if this scanning is a feature of AVG… someone can let me know?
Thanks in advance
Danilo
@Danilo,
thanks for posting this here!
Around the same time I have also been bruteforce "attacks" trying to access some of my home network devices. Firstly, my wifes notebook and then my son's & I was also able to trace it back to when AVG was running scans on their notebooks.
This is definately a feature was only just recently enabled by AVG. Plus, I see no need for this type of activity. We do not even know what AVG are doing with the data even if you were successful in gaining access to other devices.
So, on public networks it may seem that my notebook is trying to potentially brute "attack" other devices.
This is totally unacceptable.
regards,
Pal
Hello Danilo,
We are glad to look into this and help you.
AVG Internet Security has a remote desktop shield which will block the Brute force attack.
Remote Access shield prevents your computer from brute force attack. For more info, you can check this article (https://bit.ly/3hvEvWo).
Thank you.
Hello Sreenu,
I'm sorry but this is not the answer to my question…
I'am asking if AVG software can be the originator of this kind of scanning. After a first and quick analisys the only software that was doing some kind of unusual activity was the update of AVG internet security (licensed).
Before to go ahead with a (time consuming) full forensic analysis I would like to be sure that the "attack" was not binded to the product.
Regards
Danilo
Hello Hari,
from your answer "AVG is designed to protect your computer" but in my humble opinion it do not must try to damage the other computers/devices connected to my network without at least provide a clear information BEFORE to execute this kind of activity.
Regards
Danilo
Hello Dinilo,
Thank you for the suggestion. We will forward your feedback to concerned team to improve the our product features.
If you need any help with AVG, feel free to contact us at anytime.
Hello Dinesh,
Just for your information, I have discovered that is AVG to execute this kind of bruteforce when you do a network scanning using the "Network Inspector" feature. At present time I am very busy but in the past I have raised a legal issue to the producer of another security software that have integrated in his product a similar feature. Here in Italy (and may be in other countries) is illegal to execute a network scan and after that execute a brute force of the discovered services without to ask a written permission before to the owner, in Italy this is a criminal offence and if the activity create damages there is a increase of punishement.
I will suggest to AVG at least to warn the user before the network scanning and providing a report with all the "border line" actions at the end of the scan.
Regards
Danilo
UN-BE-LIEVABLE !!!
Danilo is absolutely right and I have just experienced the exact same behavior on my son's laptop. The same list of user accounts and brute-force hack attempts. Took me 2 hours to troubleshoot and try various virus and malware scanners.
It is clearly AVG that is triggering this network scan and brute-force attack. This is entirely unacceptable and in many countries ILLEGAL !!! As a result a NAS server that is part of my home network blacklisted the related IP. So because of this unacceptable scan any shares on that NAS can no longer be accessed from that laptop. Ridiculous.
What is the purpose of this? Well, given the user names that are tried here AVG is scanning the network to find any attached IP cameras which have their default logins enabled. Probably to then try and upsell a full license to address that. Sorry guys, that is not acceptable.
The fact that the initial responses dodged the very clear question but also tried to upsell does not make that better.
I STRONGLY advise your strategic and legal team to look at this and remove this practice immediately. For me, I will remove all your products immediately and will never install nay of them ever again.
Hello She,
We're sorry to know that you feel this way.
Please be informed that AVG is designed to protect your computer against harmful viruses, threats and hackers. It will block the unknown connections and malicious activities on your PC, it will protect your pc in real-time.
For better clarification, we request you to create a separate AVG community post by clicking the link below and post your questions in your own post.
https://support.avg.com/support_ask
Thank you for your understanding.
Thank you for clarifying, Danilo.
From your message, we see that you're receiving the notification regarding brute force attack from your NIDS product.
You can be rest assured that AVG Remote access shield will scan & notify if there are any brute force attacks. It will not create an attempt on other devices. It seems that the same feature might be available on your NIDS & the filter/sensitivity would be set to high, which may result in false detection.
However, you can proceed to further investigate & share us the screenshot of the message, if you receive it again.
If you still suspect that AVG might cause the issue, you can uninstall AVG from your wife's laptop & check.
Hello Danilo. I'm Jovana from senior support and I'll gladly help.
I understand how these "attacks" may seem, and I'm sorry for the worry caused by it, but they are a genuine performance of the Network Inspector feature.
In simple words, AVG Internet Security's feature, Network Inspector, is occasionally running a background scan of network devices, to check for any "weak" or "default" passwords. This is what you're seeing in the mentioned reports.
You can turn this scan off in AVG Internet Security's app:
Menu > Settings > Basic Protection > Network Inspector > uncheck the box next to "Rescan home networks automatically"
If you find any intrusions after you've turned the scan off, please let me know so we can further investigate.
I hope this clarifies. Feel free to write back if you need any other help.