Why is RVS 2010 Home Free phoning home?

[VanguardLH]

RVS 2010 Home Free
v3.1.8774.5254-REL

When RVS 2010 Home Free is running, it is making an Internet connection to:

92.zoral-3.terabit.com.ua.

Why? I have configured all options in RVS 2010 so that no network connections are required for use of this product.

Virus Guard is disabled. I won't be using it and will continue to rely on my existing anti-virus solution. Under Virus Guard, the real-time protection option is disabled so it doesn't need to poll for signature updates.

In Preferences under the Virus Guard tab:
- Data collection = "do not collect".

In Preferences under the Communications tab:
- Allow Remote Control = disabled.
- Automatic Updates = disabled (Never)

I cannot find any other settings that would require a network connection. Everything appears disabled that could possibly want an Internet connect. Yet this product continues to phone-home to this terabit host. Why?

Covert connects to hosts when all options are disabled that involve any network access makes suspicious the purpose of product in making these connections. There is no reason for this product to be phoning home to some host somewhere in the Ukraine.

I have added this host to my 'hosts' file to nullify an DNS lookup and prevent this product from phoning home but I shouldn't have to cleanup for this surreptitious behavior.

[Coldmoon]

Hi VanguardLH and welcome to the forums

The server IP is legitimate and is at our development offices in Kiev. What does your GUI show in the lower left corner of the RVS GUI? If it is "pending", this means that the client is still trying to register with that same server.

Mike

[VanguardLH]

After your post, I did the following:

- Removed (commented out) the entry in my 'hosts' file to block DNS access to your server host.
- Clicked the "Register" link in the main page of the RVS gui screen.
- Entered a name and a valid e-mail address.
- Clicked the Register button.
- Got the confirmation e-mail.
- Clicked on the link in the e-mail.
- Web page said that I was registered.
- Still not shown as registered in RVS.
- When to the Status screen in RVS and clicked the Update button.
- Saw the connects using SysInternals TCPview. Update completed okay (no errors).
- Expiration date = 2012/05/08 (forgot to check before the update).
- [License] Type = N/A (I'm using the Home Free version).
- Still shown as not registered.
- Exited the gui app for RVS (rvsgui.exe).
- Stopped the RVS service (rvsmon.exe).
- Started the RVS service and loaded the gui app.
- Still shown as not registered.

So how long after I click on the link in the confirmation e-mail and after the server reports that I have been registered before the product actually gets that information to report that it is a registered copy?

After I get RVS 2010 Home Free registered up on your server and if it ever manages to get that updated status from your server, will it continue to connect to your server thereafter? As mentioned, all network-facing functions of RVS 2010 have been disabled (I didn't realize it would poll for registration status). Once it has updated to reflect that it is indeed registered, is it still going to phone home?

[Coldmoon]

After the registration, you should be good to go. The question now is why isn't the client registering? Can you shoot me a PM with your install ID (preferences > advanced TAB) if this doesn't resolve itself in the next few hours?

Thanks
Mike

[VanguardLH]

Okay, it took a lot longer than I expected after the server got my registration confirmation before RVS got updated to reflect that it had been registered. As a test, I killed the gui and service for RVS and then restarted the service and reloaded the gui. I waited for around 10 minutes and did not see a new connection show up from RVS to the Ukraine host. Looked good until I clicked on the Update button in the Status screen.

Obviously RVS is expected to make a network connection when I ask it to check for updates. That wasn't the issue. The issue is that RVS forever keeps open this connection after it has completed the update check. I have the auto-update set to Never so I'll have to remember that RVS leaves open its connections after a manual update check.

For now, and until I see RVS make a connection that wasn't initiated by me, I'll leave the entry commented out in my 'hosts' file, which is:

# Prevent Returnil 2010 Home Free from phoning home:
# 127.0.0.0 92.zoral-3.terabit.com.au

If I see it happening without a prompt or without my approval, I'll just uncomment the 2nd line to keep RVS from establishing a connection. (Yes, I do use 127.0.0.0 instead of 127.0.0.1 because I do run a local web server and don't want RVS connecting to it, plus the .0 "network" address results in a much faster DNS failure than using .1 which has to see if a process is listening on the default port.)

[Coldmoon]

Quote:

Originally Posted by VanguardLH

Okay, it took a lot longer than I expected after the server got my registration confirmation before RVS got updated to reflect that it had been registered. As a test, I killed the gui and service for RVS and then restarted the service and reloaded the gui. I waited for around 10 minutes and did not see a new connection show up from RVS to the Ukraine host. Looked good until I clicked on the Update button in the Status screen.

Obviously RVS is expected to make a network connection when I ask it to check for updates. That wasn't the issue. The issue is that RVS forever keeps open this connection after it has completed the update check. I have the auto-update set to Never so I'll have to remember that RVS leaves open its connections after a manual update check.

For now, and until I see RVS make a connection that wasn't initiated by me, I'll leave the entry commented out in my 'hosts' file, which is:

# Prevent Returnil 2010 Home Free from phoning home:
# 127.0.0.0 92.zoral-3.terabit.com.au

If I see it happening without a prompt or without my approval, I'll just uncomment the 2nd line to keep RVS from establishing a connection. (Yes, I do use 127.0.0.0 instead of 127.0.0.1 because I do run a local web server and don't want RVS connecting to it, plus the .0 "network" address results in a much faster DNS failure than using .1 which has to see if a process is listening on the default port.)

No problem, just glad to help get it sorted out

Mike

[biscuits]

Hi Coldmoon,

I don't mean to bump the thread but I am having a similar problem. rvsmon.exe keeps on phoning home to Kiev every start-up. I had registered Returnil 5 months ago and a "pending" message does not appear on the lower left corner of the GUI.

[Coldmoon]

Hi biscuits,
What are your settings (compare to VanguardLH)?

Mike

[biscuits]

My settings are:

Remote Control - unchecked
Automatic Updates - never
Do not collect and report any malicious activity - ticked
Virus Protection - disabled

[Coldmoon]

Shoot me a PM with your License Number (if applicable) and your installation ID (preferences > advanced TAB)

Mike

[Coldmoon]

Hi,
I have an update for you on this issue and we want to thank both of you for bringing it to our attention

The team confirms a previously unknown bug that causes communications attempts even though the options are deactivated. They are working on a fix and the resolution will be released as soon as possible. The suggested work-around in the interim is to block the IP in your firewall after you have completed the software registration and to allow the IP manually when performing an update after that.

Mike