AVG Support Community
Share tips and solutions on AVG Products
Community topics
AllAVG Gurus
These community experts are here to help
-
Alan Binch
-
Borislav Angelov
-
Vladimir Bartl
-
Subhadeep Kanungo
-
Miloslav Serba
Pasquale D'Antini Unauthorized access attempts not detected by AVG Internet Security
I use AVG Internet Security (lic. (Activation code removed)
I found some unauthorized access attempts on my QNAP NAS:
Same identical event (5 attempts in 5 seconds) occurred on 7 and 8 september, then on 20 september.
I found other unauthorized access attempts at the same time/days on my Fritz!Box router:
There are failed attempts to access to my Windows 10 too, at the same time/days and also in other moments, with the user guest (disabled).
10.158.158.70 is my PC and I am the only to use it.
I have the last release of AVG Internet Security on all PCs in my home, with firewall functonality, but I didn't receive any alert from AVG.
Fritz!Box router has firewall functonality too.
I executed also a deep scan, with no result.
How is it possible ?
Why AVG Internet Security doesn't detect these intrusion attempts ?
How can I block these illicit activities ?
Thank you.
Pasquale
I found some unauthorized access attempts on my QNAP NAS:
16 sep 2021 10:14:41 admin 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:40 Dinion 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:39 888888 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:38 666666 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:37 root 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:40 Dinion 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:39 888888 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:38 666666 10.158.158.70 SSH Login Fail
16 sep 2021 10:14:37 root 10.158.158.70 SSH Login Fail
Same identical event (5 attempts in 5 seconds) occurred on 7 and 8 september, then on 20 september.
I found other unauthorized access attempts at the same time/days on my Fritz!Box router:
16.09.21 10:15:27 Accesso dell'utente Admin al servizio FTP del FRITZ!Box dall'indirizzo IP 10.158.158.70 fallito (nome utente o password errati).
16.09.21 10:14:28 Accesso di un utente al servizio SMB del FRITZ!Box dall'indirizzo IP 10.158.158.70 fallito (il client supporta solo SMB1). [4 messaggi da 16.09.21 10:14:21]
16.09.21 10:14:28 Accesso di un utente al servizio SMB del FRITZ!Box dall'indirizzo IP 10.158.158.70 fallito (il client supporta solo SMB1). [4 messaggi da 16.09.21 10:14:21]
There are failed attempts to access to my Windows 10 too, at the same time/days and also in other moments, with the user guest (disabled).
10.158.158.70 is my PC and I am the only to use it.
I have the last release of AVG Internet Security on all PCs in my home, with firewall functonality, but I didn't receive any alert from AVG.
Fritz!Box router has firewall functonality too.
I executed also a deep scan, with no result.
How is it possible ?
Why AVG Internet Security doesn't detect these intrusion attempts ?
How can I block these illicit activities ?
Thank you.
Pasquale
We are glad to look into this and help you.
We request you not to share any of your personal or sensitive information over the public forum.
We have escalated this case to the senior level team and they will check and help you with this.
Request your patience and understanding!
Hi Pasquale. I'm Jovana from senior support and I'll gladly help.
I understand how these "intrusions" may seem, but they are a genuine performance of the Network Inspector feature.
In simple words, AVG Internet Security's feature, Network Inspector, is occasionally running a background scan of network devices, to check for any "weak" or "default" passwords. This is what you're seeing in the mentioned reports.
You can turn this scan off in AVG Internet Security's app:
Menu > Settings > Basic Protection > Network Inspector > uncheck the box next to "Rescan home networks automatically"
If you find any intrusions after you've turned the scan off, please let me know so we can further investigate.
I hope this clarifies. Feel free to write back if you need any other help
thank you very much for the clear explanation; I didn't know this function of AVG IS.
I'll certainly turn off it, because every time, after 5 failed access attempts, my NAS bans my IP for 24 hours, so I have to change IP of my PC, access to the NAS and cancel the block.
Thank you. Best regards.
Have a great day. Stay safe!
on September 23 I disabled the feature "Rescan home networks automatically", as you suggested, but on September 27 I wasn't able to access to my NAS, so I checked and found that the IP of my PC had been banned again, due to 5 failed access attempts:
27 sep 2021 16:40:56 admin 10.158.158.70 SSH Login Fail
27 sep 2021 16:40:55 Dinion 10.158.158.70 SSH Login Fail
27 sep 2021 16:40:55 888888 10.158.158.70 SSH Login Fail
27 sep 2021 16:40:54 666666 10.158.158.70 SSH Login Fail
27 sep 2021 16:40:53 root 10.158.158.70 SSH Login Fail
I found similar attempts in Windows 10, on my PC:
Controllo non riuscito 27/09/2021 16:40:41 Microsoft Windows security auditing 4625 Logon
Controllo non riuscito 27/09/2021 16:40:41 Microsoft Windows security auditing 4625 Logon
Controllo non riuscito 27/09/2021 16:40:40 Microsoft Windows security auditing 4625 Logon
Controllo non riuscito 27/09/2021 16:40:37 Microsoft Windows security auditing 4625 Logon
So I disabled also the AVG feature "Scan new networks automatically" (Menu > Settings > Basic Protection > Network Inspector); but the same problem recurred on October 4:
04 oct 2021 12:00:24 admin 10.158.158.70 SSH Login Fail
04 oct 2021 12:00:23 Dinion 10.158.158.70 SSH Login Fail
04 oct 2021 12:00:22 888888 10.158.158.70 SSH Login Fail
04 oct 2021 12:00:21 666666 10.158.158.70 SSH Login Fail
04 oct 2021 12:00:19 root 10.158.158.70 SSH Login Fail
Similar situation in Windows 10, on my PC:
Controllo non riuscito 04/10/2021 12:00:11 Microsoft Windows security auditing 4625 Logon
Controllo non riuscito 04/10/2021 12:00:11 Microsoft Windows security auditing 4625 Logon
Controllo non riuscito 04/10/2021 12:00:09 Microsoft Windows security auditing 4625 Logon
Controllo non riuscito 04/10/2021 12:00:05 Microsoft Windows security auditing 4625 Logon
How can I remove this problem ?
Thank you. Best regards.
We've escalated this case again to our senior team to investigate further.
Your patience is much appreciated.
Thank you.
I want to support Pasquale since I have experienced the same problem. When I searched for "QNAP attack Dinion" on Web I came accross information about ransomware Qlocker which frightened me a lot. I am glad to see that the problem is caused by Avast excessive checking of the network.
I will try to switch off these automatic Avast network checks so as not to make false alarms on my Qnap NAS.
Beste regards!
Hi Pasquale.
I've sent you an email also we can collect more information and further investigate this occurrence. Please check your inbox.
Thank you very much!
Hello,
I sent the support package as requested.
Bye.
Thank you, Pasquale. We got it and we'll share it with the specialists.
As soon as I have further information, I'll reach out to you again.
Thank you for your patience.
Sorry for the delay in response.
We would like to inform that this behaviour is due to the Network Inspector checking network devices for weak passwords. This can be disabled in AVG Internet Security's app:
Menu > Settings > Basic Protection > Network Inspector > uncheck the box next to "Rescan home networks automatically"
However, it is also implemented in Smart Scan.
To avoid running it, we suggest you to use some other types of scans, such as Deep Scan, boot-time scan, or a specific file/folder scan.
Thank you for your understanding.