Explorer.exe requests Outbound connection

Discussion in 'other firewalls' started by Mover, Oct 25, 2006.

Thread Status:
Not open for further replies.
  1. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    Why would explorer.exe request and outbound HTTP connection on port 80-83 ?
     
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Strange as explorer.exe needs no connection to the Internet at all. So block it, but if it is not located in the 'c:\windows\' folder...
    Virus with same name: W32.MyDoom.B
     
  3. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    Narrowed it down. The second I go to do a search for files, I get a popup
    from my firewall saying that explorer.exe is looking for an outbound TCP connection to sa.windows.com. I modified the rule to block this. I also noticed that there were some UDP connections from this exec to my router using ports
    1040, 1041, 1043, 1149, 1900 at various times.
     
  4. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    There is virtually never any reason to allow explorer.exe outbound access. In rare cases it will try to, but you should be able to block it permanently, in most cases without issues.
     
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Block it. It does not need internet access. (Unless there is some kind of search for file on the internet type of thing, but that is not needed)

    Alphalutra1
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Explorer will try and connect out when performing a search, you can block this.

    The UDP you mention, this looks like Explorer is attempting SSDP discovery(uPnP) to your router, if you do not use the SSDP service, (SSDP(uPnP) is capable of opening ports in the router, so it is best to disable if you do not use this),... you can disable this by going to "start / run" in the window that appears type "services.msc" (without the ""),... in the services window that appears, look down the list until you find "SSDP discovery service",.. double left click to bring up the properties window,.. click "stop" and then change the startup type to "disabled"
     
  7. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    Thanks for the tip. A little off topic. I did notice 'Remote Access Connection Manger' and 'Remote Procedure Call (RPC)' services also running. Any concerns there ? Is there a sticky somewhere where the more 'dangerous' services are identified ?
     
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If you disable this, it may cause you problems.
    DO NOT DISABLE If you disable this it WILL cause you a lot of problems.
    What is your O.S.?
     
  9. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    XP SP2
     
  10. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Have a look at this site it will give you an idea of what the windows services do,... and if they are really needed. Do take care with what services you stop/disable
     
  11. FirePost

    FirePost Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    212
    In addition to the search assistant connection, Explorer will also make connections to check digital certificates.
    Right click a signed file and check details for a digital signature to see this.
    Connection to crl. microsoft, versign, and comodo .net for instance.
     
  12. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Thanks for that info, learned again something.
     
  13. Mover

    Mover Registered Member

    Joined:
    Oct 1, 2005
    Posts:
    165
    Thanks for everyones input
     
Loading...
Thread Status:
Not open for further replies.