Hello,

PE shows that C:\program files\common files\symantec shared\CCAPP.EXE contacts a verisign server (for instance, 64.94.110.11) everytime the computer is on. PID=192. TCP. Local port 3125. Remote port 80. Packets sent and received. I left a voice mail for the operator at Verisign in charge of that server: no response. It has been weeks now.

CCAPP.EXE is important in controlling how Norton Antivirus 2003 runs (and I have NAV 2003's "autoprotect" on). However, I didn't know that my computer was contacting Verisign until I installed PE.

There are many NAV users out there. Do you notice this phenomenon? Does Symantec have a contract with Verisign (both a computer security firm and a Internet registrar) to get CCAPP to exchange information with Verisign?

Pigitus

-{ Quote: "
There are many NAV users out there. Do you notice this phenomenon? Does Symantec have a contract with Verisign (both a computer security firm and a Internet registrar) to get CCAPP to exchange information with Verisign?" }-

Could it be that Symantec use Verisign servers under contract for updates?

I am sure Symantec users will comment ;D

Pilli

Dear Pigitus,
I run Symantec NIS and AV and yes ccapp.exe does connect with ctrl.verisign automatically, I was under the impression it was for auto updating. I did a trace on the address, I believe it was in Holland.
I dont think it is unusual.
Gordon

Many applications contact Verisign as part of checks to ensure application integrity. The URLs crl.verisign.com and crl.verisign.net are used for certificate verification inquires... CRL = Certificate Revocation List. Digital certificates are used to sign many things - applications, websites, etc. Sometimes a certificate will be revoked if there was some compromise and it is learned that someone is digitally signing bad applications with legitimate certificates.

Another time you may see connections to crl.verisign.net is if your browser is set to check for certificate revocations whenever a SSL based website (https:) is connected to. (IE has a setting to either enable or disable this functionality, for example, when dealing with secure websites. Certificate information is fairly large so often people on dialup disable this. On broadband is can take a couple seconds to pass the necessary information.)

In any case, ccapp.exe is well known for contacting Verisign to check to see if any certificates used to sign the Symantec products have been revoked by the maker.

A little blurb from Verisign (only article I could find quickly from Verisign. http://www.wilderssecurity.com/images/smilies/rolleyes.gif ):

http://www.verisign.com/support/pr-crl.html

LowWaterMark,

Thanks for your explanation and link. I'm reassured now that there is nothing terribly bad going on through this surreptitious connection that I only found out about through PE. As far as I am concerned, this thread can be closed now.

Pigitus.

i don't care so much about what ccApp.exe is doing; i'm just mad as all heck that it and one other app gobble up about 80-85% of my system's resources, mostly cpu, for several minutes after i boot the system!

this is intolerable and didn't happen until a few months ago.

if symantec doesn't do something about this soon, i'm leaving for other virus and internet protection vendors!

plusaf at plusaf dot com.