Gettin this...

199113

deny or allow ?

well,well...this was a real surprise!
199114

I thought it could be legit...port 1027...

Wow,I have got further information for you.

The ISP of this IP is china-netcom, and the user is in Heilongjiang province which located in northeast of China.

Well,Is that appears after you opened an applications?

-{ Quote: "Wow,I have got further information for you.

The ISP of this IP is china-netcom, and the user is in Heilongjiang province which located in northeast of China.

Well,Is that appears after you opened an applications?" }-

Thx for bothering...No, it sems to appear randomly...noticed it earlier, denied it thinking it has to do with win update or time synchro...Also, I´m running BD IS on another FDISR snapshot and there no alerts of this type...With ESS I have seen it several times...If an app is behind this I have to figure it out, in an instant can´t say...( should´ nt I also have an outbound alert from the fw flagging the app if this is the case ?)

Please send a log from ESET SysInspector (http://download.eset.com/download/sysinspector/32/ENU/SysInspector.exe) to support[at]eset.com with this thread's url enclosed. We'll analyse it and let you know if we find something suspicious.

-{ Quote: "Please send a log from ESET SysInspector (http://download.eset.com/download/sysinspector/32/ENU/SysInspector.exe) to support[at]eset.com with this thread's url enclosed. We'll analyse it and let you know if we find something suspicious." }-

Tnx Marcos ! Done...(forgot the thread url though, but mentioned wilder´s and you...)

-{ Quote: "Thx for bothering...No, it sems to appear randomly...noticed it earlier, denied it thinking it has to do with win update or time synchro...Also, I´m running BD IS on another FDISR snapshot and there no alerts of this type...With ESS I have seen it several times...If an app is behind this I have to figure it out, in an instant can´t say...( should´ nt I also have an outbound alert from the fw flagging the app if this is the case ?)" }-


U r welcome,mate.

According to your situation, it is wise to denied it.

It looks like a hacker attack or something malicious.

I suspect a hacker attack to scvchost...Will see after sysinspector.log analyze.

Got answer from ESET support with : not able to find anything suspicious in your log...

The ip adress seems malicious but was stopped in interactive mode. I take for granted that it would have been denied automatically in aut.mode...or ?

After the alert and analyze with 0 result and still suspecting something nasty to svchost I installed Trojan remover and made a scan, came up with this:
199205
199206


If this was the reason for the alert I have to underline that ESS fw was the only one which made me aware of this...(I´m also trying BD IS 2008 on another FDISR snapshot, same picture but no alert)

-{ Quote: "I take for granted that it would have been denied automatically in aut.mode...or ?" }-

It would.