Jump to content

Interface: awd10 new connection detected: Malware?


Recommended Posts

Very confused:

 

When I install ESET Cyber Security Pro on each of my kids Macs, immediately after detecting our actual home network the following happens:

- New Network Connection Detected. "You just connected to an unknown location. Please select a profile for this connection."

- So, I confirm my current (not new) network connection name. It shows my current familiar network address.

- Then it prompts me again with a New Network Connection detected.

- It says, "Interface: awd10" I don't know what this is.

- Below, under advanced settings it shows a Network of "fe80::/64" and above that a particular fe80... address. I am unfamiliar with this address.

- Now, my normal network connection shows BOTH addresses, as if my internet connection might be routing 2 different directions. This appears really suspicious to me.

 

I'm wondering if a malicious code is activating or running awd10.

Does anyone else experience this?

Is this a true part of ESET? (If so, it would be REALLY nice to be forewarned.)

 

Thank you for any help!

 

Craig

Edited by Craigsafe
Link to comment
Share on other sites

SweX,

 

Thank you for the link...

 

I have updated my original post to clarify the cause of my concern.

It recognizes my normal internet connection.

But then it recognizes one I don't know (i.e. the awd10 or awdIO), and an address I don't know.

And then it merges both addresses into my internet connection.

And if I try to cancel, it continues to pop-up endlessly. Seems like bizarre behavior to me.

I have a direct inquiry out to ESET now to see if they are the source of the awd10 connection. If not, it seems malicious.

Link to comment
Share on other sites

  • Most Valued Members

When I install ESET Cyber Security Pro on each of my kids Macs, immediately after detecting our actual home network the following happens:

- New Network Connection Detected. "You just connected to an unknown location. Please select a profile for this connection."

- So, I confirm my current (not new) network connection name. It shows my current familiar network address.

- Then it prompts me again with a New Network Connection detected.

- It says, "Interface: awd10" I don't know what this is.

- Below, under advanced settings it shows a Network of "fe80::/64" and above that a particular fe80... address. I am unfamiliar with this address.

- Now, my normal network connection shows BOTH addresses, as if my internet connection might be routing 2 different directions. This appears really suspicious to me.

 

I'm wondering if a malicious code is activating or running awd10.

Does anyone else experience this?

Is this a true part of ESET? (If so, it would be REALLY nice to be forewarned.)

Hi Craig,

 

I'm fairly certain that this isn't malware based on the information you've provided. :)

 

Here's a nice description for it (via Mario Ciabarra on medium.com):

 

AWDL (Apple Wireless Direct Link) is a low latency/high speed WiFi peer-to peer-connection Apple uses for everywhere you’d expect: AirDrop, GameKit (which also uses Bluetooth), AirPlay, and perhaps elsewhere. It works using its own dedicated network interface, typically “awdl0".

You can read the full article as well for more detail on this.

 

Aside from your kids Macs, do you have any other apple devices connected to your network? Any AppleTVs, iPhones or iPads etc. with AirPlay or AirDrop or currently turned on? Overall, this would be why you are seeing this appear in ESET Cyber Security Pro.

 

I do think ESET should provide more friendly names instead of just the technical name of the network interface (such as Apple Wireless Direct Link (awdl0) instead of just awdl0) if possible. I know they already provide the friendly name for some like Ethernet, Wi-Fi and Bluetooth but have no idea why not for other ones. I'll add this to the suggestion topic.

 

In terms of selecting a profile, you can select the same one you're using for your main Ethernet or Wi-Fi connection (you mentioned Home).

In another article (near the bottom that mentions Yosemite) by the same author, if you feel that you don't need to use AWDL you can turn it off via the terminal and turn it on again in the future if you need it later. Turning it off will no longer make awdl0 active. Before you do this though, please make sure you're running the latest version of Yosemite (10.10.3) and backup anything if necessary.

Edited by planet
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...