Avast has been blocking ic.5ddaabcf.0a7048.1.msftsrvcs.vo.llnwi.net/c/msdownload/update/software/defu/2... for me lately, and upon searching for this (only got real results by searching for "msftsrvcs") I found only one discussion on it: https://live.paloaltonetworks.com/thread/12530 titled
"Massive spyware spike in URL that likely isn't malicious".
Don't know who those guys are, and I'm surprised not to see any threads on this yet on the big computer help/anti malware forums (at least there weren't when I searched).
user jim smith (at that link I mentioned) posted yesterday:
We too are seeing this traffic.
Appears related to checking for Microsoft updates (Server 2012 r2)
Software Version 6.1.2
Application version 486-2571 (02/12/15)
Threat Version 486-2571 (02/12/15)
Antivirus Version 1485-1960 (02/12/15)
URL Filtering version 4472
Excerpt from capture...
ethertype IPv4 (0x0800),
length 114: (tos 0x0, ttl 127, id 5002, offset 0, flags [none], proto: UDP (17), length: 100)
xxx.xxx.xxx.xxx.59649 > 126.96.36.199.53: 40768+ [1au] A? ic.4171f066.0ea0a3.6.msftsrvcs.vo.llnwi.net. (72)
I don't have any slowdowns or any obvious issues myself, so I thought I'd ask if anyone here knows if that msftsrvcs.vo etcetc address is legitimate and the whole thing is just some false positive.