Explorer.exe connecting out?

Discussion in 'privacy problems' started by bellgamin, Nov 24, 2007.

Thread Status:
Not open for further replies.
  1. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Every time I use WinXP's search function, explorer.exe tries to connect out. Does anyone know why? Can I (should I) block it?
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    I don't know if you should or not.
    I do know I have XP and that does not happen here.
     
  3. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    It happens here as well on XP and if memory serves me on 2k as well. I blocked it in both cases with no ill effects.
     
  4. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.

    Good memory\find Snapdragin. I believe it was this post by Stem that finally did the trick for me without any ill affects on my 6 PC wired\wireless network with 2 shared printers.
     
  6. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Spot on! Thanks.

    Now that I know it's okay to block explorer.exe from connecting out, I need to figure a way to do it. The only security I'm running is a NAT/SPI router, Avira, & Threatfire. None of these can be set to block a specific outgoing connection request, to my knowledge. It would be overkill to add a firewall JUST to keep explorer.exe from reporting my searches to Bill G, wot?
     
  7. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Couldn't think of anything else to do so I installed Kerio 2.1.5, then killed all of Kerio's incoming rules (I have a NAT/SPI router) so it ONLY manages outgoing connections.

    Does anyone have a better idea? (sigh)
     
  8. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No SSM anymore?
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello :)

    Yes, SSM (full), DSA, ProSec (and I believe Neoava too). But I think you already know that ;)

    Nevertheless, I am just curious. Since you have no outbound control, how did you manage to notice this connection?

    It does. You have SSM installed, you should know that. Unless it's a free version (no network rules).

    Cheers,
     
  10. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    No it does not. Using xp search does not wish to connnect out here.

    Full version.

    Unless i'm missing something here.
    or maybe i've already created a permant rule about this and forgot i did.
     
  11. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hi LoneWolf.

    iirc, SSM is installed (by default) with network rules disabled. You need to enable them manualy. Are your network rules enabled?

    Another possibility is that you performed a 'search' from explorer while your SSM was in 'learning' mode, so the rule was created automatically, and the outbound by explorer.exe is therefore allowed. Inspect your network rules (if they are enabled) and delete the one that permits the outbound. Now perform a 'search', SSM should warn you. Like this -

    s251107a.jpg

    Cheers,
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Thats it. Thanks.
     

    Attached Files:

    • 1.png
      1.png
      File size:
      10.6 KB
      Views:
      637
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    I have 4 discrete images of my system hard drive:

    1-SSM
    2-Threatfire
    3-Comodo version 3, with Defender+.
    4-ProSecurity

    I'm doing try-outs of TF & Com3, pending Vitali's forthcoming update to SSM, & Jei's forthcoming update to ProSec. I am really liking TF (a behavior blocker). Com3's Defense+ (a classic HIPS) is quite good, too -- although still a bit rough around the edges.

    Why the try-outs? Well, it does NOT mean that I have ceased my love affair with SSM (& ProSec, too, for that matter). It's just that I am unsure whether SSM & ProSec can survive as 1-man operations. TF & Com3 are backed by larger outfits.

    We have entered the era of polymorphs, metamorphs, storm worms, etc. I am on the lookout for security software that "has the horses" to stay up with the bad guys. When the situation shakes out, I will make a final choice. I am predicting that the shake-out will occur within the next 3 to 5 months. I am hoping against hope that SSM and/or Prosec will survive & remain state-of-the-art HIPS -- but we shall see what we shall see.

    I am presently trying TF. I have adopted Kees' custom rule whereby TF exercises a modicum of control over outbound -- see THIS post within Kees extensive TF tutorial.

    TF spotted the outgoing attempt by explorer.exe & popped an alert. However, the only options offered by TF were "Allow" or "Quarantine." There was no "block the connection" option, as such.

    If I quarantine explorer.exe, the computer can't function properly. Thus, TF's limited options forced me to "Allow" explorer.exe to make its connection. However, Kerio has now fixed that little problem.
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    On W2K, there is the option to either seach the PC, or search both PC and web. With XP, there is only a "search" which will then make explorer attempt outbound.
    I have always blocked this, and as you state, there is no ill effect from this.
     
  15. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    I had a little play with ThreatFire (and reproduced the alert). I was completely unaware that it can monitor network connections. Well, I suppose I learned something new.
    Thanks for the explanation, bellgamin.

    Cheers.
     
Loading...
Thread Status:
Not open for further replies.