ESS v4.2.35.0 + rundll32.exe +Logs.

[ZZZzzz]

Hi there.

On the last days I was getting rundll32.exe(/system32/) trying to connect through port 443 to a 65.xxx.xxx.xxx IP (seems a Microsoft one). I know that exe can be called by other apps to do anything but since ESS v4 does not report the "original" app trying to connect, Do you think it's safe to allow it? For now I got it to deny the traffic and did not notice anything wrong.

I tried to let the pc idle to see if I could see which app is trying to do it with no extra processes running, but nah no way :p

By other hand I got another problem with ESET Personal Firewall Log. I does not write anything there. All the filters are cheked and just left all the default values on Advanced Setup/Tools/Log Files. Anything I can do to get it working?

Im running the 64bit version into a Win7 6.1.7600 64bit aswell.

Tanks in advance.

[EDIT] The other logs seems to be working fine.
Oh, and I have not any virus/malware as far nod32/spybot and malwarebytes said :p

[Cudni]

what is that MS ip address? You need to establish, assuming you have time, what software triggers that connection (are you using some MS software and what prior to alert) but as a rule if unsure do as you did, block unknown connections

[3s3tUs3r]

I had the same alert and I wondered about it also.

[a3_alin]

Quote:

Originally Posted by ZZZzzz

Hi there.

On the last days I was getting rundll32.exe(/system32/) trying to connect through port 443 to a 65.xxx.xxx.xxx IP (seems a Microsoft one). I know that exe can be called by other apps to do anything but since ESS v4 does not report the "original" app trying to connect, Do you think it's safe to allow it? For now I got it to deny the traffic and did not notice anything wrong.

I tried to let the pc idle to see if I could see which app is trying to do it with no extra processes running, but nah no way :p

By other hand I got another problem with ESET Personal Firewall Log. I does not write anything there. All the filters are cheked and just left all the default values on Advanced Setup/Tools/Log Files. Anything I can do to get it working?

Im running the 64bit version into a Win7 6.1.7600 64bit aswell.

Tanks in advance.

[EDIT] The other logs seems to be working fine.
Oh, and I have not any virus/malware as far nod32/spybot and malwarebytes said :p

they seem to have two big problems with firewall log:
1. It does not write anything there...
or...
2. not remove any appearance of logs and so formed a long line consists of programs and processes...
how to solve this problem since the beta stage? with the next ess...
and they still have many problems that are resolved so slowly... that's why I give up to ess.

[ZZZzzz]

Quote:

Originally Posted by Cudni

what is that MS ip address? You need to establish, assuming you have time, what software triggers that connection (are you using some MS software and what prior to alert) but as a rule if unsure do as you did, block unknown connections

Here's the alert SS:
http://img402.imageshack.us/img402/734/rdll.jpg
It's microsoft IP, and I guess I can let it go.. but I wanna know what is trying to get from home

Quote:

they seem to have two big problems with firewall log:
1. It does not write anything there...
or...
2. not remove any appearance of logs and so formed a long line consists of programs and processes...
how to solve this problem since the beta stage? with the next ess...
and they still have many problems that are resolved so slowly... that's why I give up to ess.

Seems to be solved now. I went to Advanced setup/Personal Firewall/IDS and advanced options/Troubleshooting.

[Cudni]

Quote:

Originally Posted by ZZZzzz

I wanna know what is trying to get from home

it would help if you knew what app is triggering it but in any case use Wireshark to inspect the content.