Anyone using this from NoVirusThanks? I tried it and noticed it doesn't always log a connection. I only have firefox.exe and thunderbird.exe excluded. I ran some other programs that I know connect to the internet, but not all were logged. I may be doing something wrong, but I don't know what. I verified the network connections by also using cports.
localhost-addresses are ignored by default and consecutive connections are not logged, only the first connection to a specific address is logged. But i can also see that connections are missing. Connections from the Windows Store for example. With CurrPorts or TcpLogView these connection can be seen.
I saw all that what you mentioned, but I'm wondering why my weather app (sWeather) or radio app (Radio Sure!) don't get an entry. Who knows what else is missing, seeing that you also noticed this problem with other connections. I liked the idea of logging once per process to make it easier checking the log file, but I see it is based on process+unique ip addr and port since I was getting loads of entries for thunderbird and firefox until I put them on the exclude list. I actually wanted to use this to collect a list of all processes on the system that call home for one reason or another, but it doesn't look like I can rely on the results.
It hooks the browser, and for example Microsoft Edge is crashing if ConnectMonSvc is running. I guess Edge doesn't like the way ConnectMonSvc is injecting its dll (ConnectMon64.dll) into Edge Code: ExceptionCode: c0000409 (Security check failure or stack buffer overrun) This exception code can be caused by 3rd party software, so the culprit could be ConnectMonSvc. HMP.A is already complaining about the injection #485 (i have excluded ConnectMonSvc within HMP.A and it is working now), but with the coming Fall Creators Update there could be more problems if ConnectMonSvc tries to inject its dll into processes/system processes if some of the new security feature are enabled.
So are you going to keep using this considering it's logging reliability and the problems it causes with other programs? I don't understand the app hooking part to determine if an outbound connection is being made.
I have blocked a program (a program which is known to connect to the internet after launching) with the Windows firewall, started it and ConnectMonSvc was able to show a connection. For example SUMo (i have blocked it with the Windows firewall): Code: Date: 10.09.2017 16:32:59 Process: [2572]C:\Program Files (x86)\KC Softwares\SUMo\SUMo.exe IP: 213.186.33.69 Port: 80 = With hooking into processes, ConnectMonSvc is able to show connections "which the application wants to make". TCPLogView isn't showing any connection (because there is no successful connection to the internet), but ConnectMonSvc is showing it. For logging of connections i am using TCPLogView. It doesn't need to inject into processes (which might cause problems) and it is logging connections reliably.
