hey guys can you explain me what is and for what this type of connection is used? In what it differ from loopback? The attached rule is OK and secure for this ( i ask because in the My Computer macro have all ip address from the computer including VM, internet and so on)? If not what is the best pratice for this? THX in advance.
I use BT/p2p (for download linux iso mainly if have more than 600MB) but in another port.... i think i'm not write properly (my english is very poor). I receive this alert for alot of apps.... what i want know is the "Local:any" thing... because when is loopback it appear Local:loopback (simple rule allow in or out tcp or udp for 127.0.0.1) but "local:any" i not know what is... and this is my problem... I want know what is this, what type of connection is... and how work with this type of alert... if is safe to allow.... thx for the help
I don't have Outpost Pro, but looking at the pop up, you may need to tick "where local port is" and then manually add 127.0.0.1 (if you want it to be 127.0.0.1).
Ah so is the same.... why different alerts for the same thing? Sometimes things are more than they need to be. Thx for the help. Anyway to utilize more this topic and not create other... why Outpost still with the Virusbuster engine? Think... Outpost is a decent firewall... with a decent engine they will make much more... more chance to be a standalone app and still strong on the market... anyone from outpost forum know something about news for the 2010 version?
No, the two are not the same. And you certainly can't enter a localhost IP into "port" field. "Any", translated into IP address is 0.0.0.0, or "this network". This is a local broadcast address, anything sent to this address reaches all nodes on a local network. localhost is "this computer". The popup is showing that the services.exe is listening for broadcasts on a LAN. I have no clue why though, I'm not using Vista.
Thx Seer for explaining. But lookin for it... maybe this have something to do with the VMware in NAT mode? Because i not have a lan and if in NAT mode the VM lan IP share the same internet Ip from host... maybe services.exe are listening for the request from the Vm (the vm are not ON, but services from VMware are) ? Anyway thx for the clarification and for services.exe i will block the request... if nothing stoping work... its not necessary...
Yes, maybe VMware is causing this. I use Vista and services.exe does not need any kind of network connection at all, nor alerts for any network connections.
yep most of time i put services.exe in "block all activity".... is the first time this alert appeared ( I reinstalled outpost to test some settings and take a look at the rules automatic created)... and i installed VMware trial not to long... anyway blocked until proved necessary. Thx for all explanations and replys.
I'm afraid that's a "no" again. If VM services run, then they would use their own processes and not Windows' service host, wouldn't they? VMware NAT service has its own process, that is at least certain. You can try to find the culprit - type "netstat -anbov" in the command prompt. Find this 0.0.0.0 address (with the port # involved) and remember its PID. Now type "tasklist /svc", find the process with that PID. There should be a list of services hosted by the services.exe on the right side. As far as I am concerned, one of these services is doing this. By all means, do this if you don't have a LAN. Maybe we will find the service responsible for this, so you can stop and disable it without the need to block the comm with a firewall. If that can be done, that is, that's a Vista after all...
Hi Seer about the Vmware you are right... i not noticed the vmnat.exe running... only other 2 and the tray icon. I make what you say and confirmed in Process hacker and the service responsible for this is Lsass.exe. I first confirmed to see if is legitimate and looks like is. Right place (windows\system32), signed and scanned with multiple avs. I take some read about it and found: "It is responsible for the enforcement of the security policy within the operating system. This process checks whether a user’s supplied identification is valid or not whenever he or she tries to access the computer system. With the execution of the file lsass.exe, the system acquires security by preventing the access of unwanted users to any private information. The file lsass.exe also handles the password modifications done by the user." This have some relation to the fact i'm using SRP and have blocked some folders from access in the LUA ? i'm begin use this not have much time too. A bit after VMware. THX for all help.
