Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook / Avast Firewall log odd activity?


  • Please log in to reply
9 replies to this topic

#1 AndyP5000

AndyP5000

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 10 May 2017 - 01:21 PM

Hi folks,

 

Ok Ive been checking my firewall logs and found a date coloration between a suspect face book account.

 

On the same day that i received a message via facebook then checked the profile of the account holder I had a stack of hits on my avast firewall.

 

Now i'm not sure that the two are related but thought it worth checking out.

 

As a precaution I've ran Avast boot time scan and full Avast scan and a Malware bytes full scan and they have found nothing dumped on my machine.

 

Of note i was having issues with Chrome last month and it seems to have logged lots of events related to Chrome.exe perhaps a conflict between a chrome update and Avast?

 

Any advice

 

Cheers


Edited by hamluis, 11 May 2017 - 08:25 AM.
Moved from Win 7 to Firewalls - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:05:06 AM

Posted 10 May 2017 - 10:02 PM

Im just trying to upgrade my knowledge base on this kind of stuff,

 

Doesn't sound as if your dealing with anything too serious but its always worth checking things out, maybe your seeing advertiser tracking from visiting Facebook hitting your system?

 

My way of dealing with security with somewhat limited knowledge is to know my systems,so i know fairly quickly if anythings changed.

 

Use something like System explorer to keep an eye on things

 

http://systemexplorer.net/

 

Maybe visit Shields up and check for port vulnerabilities (should be stealthed or closed,not open)..(unless something supposed to be using a port for legitimate purposes,Vpn for instance).

 

https://www.grc.com/x/ne.dll?bh0bkyd2

 

Was just reading this in my research,worth a  look

 

http://lifehacker.com/what-to-do-when-someone-gets-unauthorized-access-to-you-1591404134

 

As mentioned in the article,theirs loads of tools for security purposes,im currently grappling with the intricacies of Process Explorer,Wireshark,snort etc...the main thing is to  keep your systems well locked down in the first place i guess,updates,vpn or ip changer,good anti-malware etc,basically prevention is better

than cure..



#3 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 13 May 2017 - 06:23 AM

Hmm, i think in this case it might be a little knowledge is dangerous.

That app looks very techy to me, which I am not and will probably not understand any results it shows



#4 smax013

smax013

  • BC Advisor
  • 2,326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:06 AM

Posted 13 May 2017 - 07:26 AM

Hi folks,
 
Ok Ive been checking my firewall logs and found a date coloration between a suspect face book account.
 
On the same day that i received a message via facebook then checked the profile of the account holder I had a stack of hits on my avast firewall.
 
Now i'm not sure that the two are related but thought it worth checking out.
 
As a precaution I've ran Avast boot time scan and full Avast scan and a Malware bytes full scan and they have found nothing dumped on my machine.
 
Of note i was having issues with Chrome last month and it seems to have logged lots of events related to Chrome.exe perhaps a conflict between a chrome update and Avast?
 
Any advice
 
Cheers


What do you mean by a "stack of hits on my avast firewall"? Do you mean that the log shows that it blocked a bunch of stuff?

If so, then likely there is not much to worry about...that is what firewalls are there for...to block stuff.

As to the timing, it is likely a coincidence.

First, to my knowledge, you cannot determine things like IP address, etc from someone who connects to a Facebook profile unless the Facebook profile page is completely false (i.e. it is not even a real Facebook page). In other words, Facebook is locked down enough when you are actually on a Facebook page (even if the Facebook profile is a fake one meant for less than honorable purposes) that there is not much you can directly do while actually in the Facebook system. To my knowledge, it is more the external links on Facebook posts/pages that create the most security type problems. I believe the closest you can get to threats directly third party Facebook Apps, but even then it is mostly potential privacy threats (i.e. Apps can get access to your posts and lists of Friends, etc). If all you did was look at a profile on Facebook, then I don't believe that can directly lead to targeted attacks at your computer due to that...but I could be wrong.

Second, firewalls (whether software or hardware) typically only block stuff that from sites that you did not initiate. If you initiate the contact (as you effectively did here), then the firewall will typically not block it. The big exception to this are firewalls that a designed to have to "learn" your behavior. In the case of these types of firewalls (and depending on their settings), they might at first block something you do and then toss up a dialog box essentially asking "did you want [such and such program] to be allowed to have an outbound connection". If you say yes, then the firewall will remember that program is allowed to have those kinds of outbound connections for both manual stuff as well as automatic stuff. If you say no, then that program will be blocked. So, when you install such a firewall, when you use your browser for the first time after installing the firewall, it will ask if you want to allow the browser to have a connection. Once you do, then that firewall will no longer block connections from the browser unless it is smart enough to check different types of internet traffic from browsers (most browser traffic will be http stuff, but you can also do things like ftp from many browsers as an example). This is at least the basics. There might be some types of traffic that could be blocked by a firewall even though you effectively initiated the connection, but I am not knowledgeable about firewalls to know for sure.

At the end of the day, if you are concerned, then you have started with the correct things to do...scan you computer with your antivirus program (Avast in this case) and also Malwarebytes Antimalware. You can then check your ports vulnerabilities with GRC as suggested by Wolverine 7. If you do and you are "behind" a router (i.e. you have some sort of internet router either from your ISP or your own, which is the case with the just about everyone with an internet connection) as well as your software firewall, then you should get a "stealth" result (just about any router should stealth all your inbound ports and then software firewalls are for if you don't have a router, are using the computer on a public network, or for some help with outbound protection). Last, if you are still concerned, then you might want to post to the "Am I Infected?" forum.

#5 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:05:06 AM

Posted 15 May 2017 - 01:32 AM

Hmm, i think in this case it might be a little knowledge is dangerous.

That app looks very techy to me, which I am not and will probably not understand any results it shows

 

I know... probably went overkill as was doing a "lets upgrade security" project,i like to check things out..

 

if you mean System Explorer,actually theres nothing to it,it just sits there and gives you you system stats in one way or another,never has had any help files though,...its harmless and you can learn to read the info as you go along...i have it on all three of my systems...basically as long as you think logically,computer wise and dont make unwise system changes you can always learn new stuff,its that or stay at the level your at,i mean you can read firewall logs...if you can pull up your firewall logs you can use system explorer..

 

Ok gotta go,my lappys doing the creators update,may the force be with me...



#6 AndyP5000

AndyP5000
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:04:06 AM

Posted 16 May 2017 - 05:56 PM

Thanks folks I've been getting assistance here: https://www.bleepingcomputer.com/forums/t/646526/ok-i-think-i-need-to-run-some-threat-scans/ . And to your question about the log blocking things - yes repeatedly over 2 hours notching up a good few hundred blocks! 


Edited by AndyP5000, 16 May 2017 - 06:30 PM.


#7 smax013

smax013

  • BC Advisor
  • 2,326 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:06 AM

Posted 17 May 2017 - 01:10 AM

Thanks folks I've been getting assistance here: https://www.bleepingcomputer.com/forums/t/646526/ok-i-think-i-need-to-run-some-threat-scans/ . And to your question about the log blocking things - yes repeatedly over 2 hours notching up a good few hundred blocks!


Based upon the linked thread, it looks like there was no infection. I am not surprised. I did not think you had any sort of infection. I was pretty sure that it was just coincidence.

#8 Tunedport64

Tunedport64

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:06 AM

Posted 25 May 2017 - 07:16 PM

What is the perfect Firewall set up. Is it a combination of both software and hardware. If so...what software and what hardware. Right now I only use EMSISOFT Internet Security..seems to block many things...I also use SUPERAntispyware..I know I should probably know this already..but I don't..and I want to create the best protected environment for my systems



#9 Wolverine 7

Wolverine 7

  • Members
  • 746 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bournemouth,UK
  • Local time:05:06 AM

Posted 04 June 2017 - 09:09 AM

What is the perfect Firewall set up. Is it a combination of both software and hardware. If so...what software and what hardware. Right now I only use EMSISOFT Internet Security..seems to block many things...I also use SUPERAntispyware..I know I should probably know this already..but I don't..and I want to create the best protected environment for my systems

 

Dont think theres a "perfect firewall "setup,depends on your requirements...basically lock your systems down without having them become unusable...have a good av,zero day scanning,anti ransomeware etc...most of all get to know your computer so you can tell if anythings changed..if you want to go mad get familier with Wireshark,Snort,PC Hunter...you cant have too many decent scanners i suppose.



#10 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:06 PM

Posted 09 June 2017 - 06:15 PM

When properly configured, your router's firewall and Windows firewall will do just fine.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users