6 Replies Latest reply on Dec 29, 2015 6:27 PM by Peter M

    McAfee causing Internet connection issues - how do I disable data upload?

    sgryphon

      G'day,

       

      We have had problems with regular disruption to our Internet connection, and after diagnosing I have tracked it down to analytics.ccs.mcafee.com (161.69.45.105).

       

      I have blocked this address on our router firewall, and the Internet connection is working again.

       

      The problem was that approximately every 5 minutes the Internet connection would suffer significant lag for around a minute -- ping times would jump from 50-100ms to 500ms or even 1000ms+, slow all traffic from the Internet, and make online games unplayable due to the high lag.

       

      Looking at some traffic graphs, this would correspond to a burst of outbound traffic to the internet. I correlated this to a wired network (it was not seen on the wireless network), and then down to a single computer. A corresponding burst of sent traffic was visible in Performance Monitor on that computer.

       

      Running Wireshark on another computer to analyse the traffic, it was seen to be making an HTTPS connection to 161.69.45.105 (after a DNS lookup for analytics.ccs.mcafee.com), and then send up a large amount of data.

       

      Blocking this connection has resolved the issue.

       

      The computer sending the traffic causing the problem has McAfee Antivirus Plus installed (which a subscription was paid for), and is the only computer on the network with McAfee, so this is likely the culprit. (I guess it is also possible there is some hidden virus or trojan that is making a DDOS attack against McAfee / making you look bad, but I think that would be an unlikely coincidence).

       

      Why does your paid for product behave so badly and cause such trouble with our Internet connection, why are you uploading a large amount of data from our computer every 5 minutes, and is there any way to disable/stop your product from doing this (without having to block it at the firewall)?

       

      We have tried turning off every part/feature of the software, but it continue to send the traffic.

       

      Thanks,

       

      Sly Gryphon