ESS4 Firewall IP Question advice needed!!!

I recently had a firmware upgrade on my modem/router. The firewall picked up the network again, I had to re-allow sharing on the network on the PC's and re-allow incoming on ports 137 to get everything working.

But my question is, I'm getting a firewall popup for application System unknown publisher and its trying to access outbound IPs 72.3.199.16 and 184.106.31.170. It keeps coming up and I'm not sure whether to allow it for good, or block it.

Any help is appreciated!

 

block them for now. when do these show up, as you start browsing, on startup? Scan the comp fully. Then use few more tools from ths sites referenced below and scan some more
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

They popup randomly even when I'm not doing anything. I'm running Malwarebytes now, then I'll do a In-Depth scan with NOD32

Update: Malwarebytes didn't find anything and I'm running a In-depth NOD32 Scan now. I went ahead and blocked the IP and I see the rule it created. It doesn't have the actual IP in there, so is this rule going to block everything from System with an unknown publisher? It's bugging me that something is trying to access those IPs and I haven't found any infection.

 

What other software is running as those alerts appear (trying to figure out what is calling out)? That rule sounds to wide and might block traffic you need.

 

Both of these IP addresses are listed as belonging to Rackspace Hosting. Does that mean anything to you?

 

I found that out too while doing some research with google. But no Rackspace Hosting means nothing to me, I just started getting these popups today, and coincidently after a modem/router firmware upgrade last night.

 

As you say, it may well be connected to the hardware upgrade if that's the only thing that's changed, but it's advisable to block just these two IP addresses, at least temporarily, until you've managed to ascertain the reason for the connections.

Does blocking the connections have any adverse effects on the normal operation of the system? If no, then leave them blocked for the moment; if yes, then blocking them may help to pinpoint the cause.

 

Sounds good, but it sure does bug me that I have no idea what is trying to call out

 

Nice program, I tried it out but didn't see anything suspicious or unknown. I'm so confused because I haven't downloaded anything recently and I keep my protections updated. If its nothing malicious, still wondering why anything on my system would try to communicate with that IP for a company I've never heard of.

 

Actually the ISP upgraded the firmware in the modem/router and honestly I don't like that they did it without my permission because in my experience sometimes firmware does more harm than good. But apparently it added IPv6 features/additions etc.

But yes that is the big change and starting today I'm getting these firewall popups and I'm clicking deny, but they seem to come back at intervals regardless of what im doing. All ESET says is that its the application SYSTEM and the publisher is unknown, wish it gave me more information like maybe the .exe file thats wanting to communicate or some more information.

 

I just have no idea. My PC is clean and all that has happened since last night was a firmware upgrade to my modem/router which the ISP did. I don't even know what Rackspace Hosting is until I visited their website. Anyone have any ideas?

 

is it always the same 2 addresses ? just to confirm after you login to your machine and leave it idle does it alert ?. create another login/profile and check there

 

Well knock on wood but starting today I haven't had those addresses popup in ESET Firewall. Maybe it was my modem/router/ISP causing it? Is that unusual?