Kaspersky
Solved

AVP.exe connection to poneytelecom.eu

  • 14 September 2021
  • 2 replies
  • 49 views

Userlevel 1

Hello.

 

I noticed that KIS’ AVP.exe (realtime scanner) connected to poneytelecom.eu for a short time, a site seemingly known for malicious content/attacks?

What is this connection used for?

 

Thanks and regards.

icon

Best answer by Igor Kurzin 15 September 2021, 09:07

Hi @Timur Born , 

With traffic scan enabled, to put it simply,  Kaspersky checks the connections to web sites by standing between the PC and the Internet. The sites are first opened in Kaspersky, checked for malware, then passed over to browser. At that moment you can see that avp.exe is connected to the sites. 

If you see a connection to poneytelecom.eu, it is only checked by Kaspersky, the initiator of connection is, most likely, the browser. Check and disable unknown to you browser extentions. Or, a do a browser reset (for example, here is how you can reset Chrome : https://support.google.com/chrome/answer/3296214?hl=en). 

 

View original

2 replies

Userlevel 7
Badge +5

Hi @Timur Born , 

With traffic scan enabled, to put it simply,  Kaspersky checks the connections to web sites by standing between the PC and the Internet. The sites are first opened in Kaspersky, checked for malware, then passed over to browser. At that moment you can see that avp.exe is connected to the sites. 

If you see a connection to poneytelecom.eu, it is only checked by Kaspersky, the initiator of connection is, most likely, the browser. Check and disable unknown to you browser extentions. Or, a do a browser reset (for example, here is how you can reset Chrome : https://support.google.com/chrome/answer/3296214?hl=en). 

 

Userlevel 1

Hi @Igor Kurzin ,

thanks for the explanation. I only saw the traffic once for a very short time and it does not seem to happen with a simple Firefox (extensions) restart.

So I created a firewall rule to block the traffic and enabled logging. This should hopefully tell me which process is trying a connection when it happens again.

According to Kaspersky’s help-page IP addresses should be used for the firewall rule, but I did some tests to make sure that the firewall also accepts URLs.

 

PS: I noticed that changing a browser (Firefox) based firewall rule to “block” while the browser is running does *not* apply unless the browser is restarted or the URL is refreshed via SHIFT (!) + reload. Before that no the “block” rule does not apply.

Reply