Discussion in 'other firewalls' started by Mover, Oct 25, 2006.
Why would explorer.exe request and outbound HTTP connection on port 80-83 ?
Strange as explorer.exe needs no connection to the Internet at all. So block it, but if it is not located in the 'c:\windows\' folder...
Virus with same name: W32.MyDoom.B
Narrowed it down. The second I go to do a search for files, I get a popup
from my firewall saying that explorer.exe is looking for an outbound TCP connection to sa.windows.com. I modified the rule to block this. I also noticed that there were some UDP connections from this exec to my router using ports
1040, 1041, 1043, 1149, 1900 at various times.
There is virtually never any reason to allow explorer.exe outbound access. In rare cases it will try to, but you should be able to block it permanently, in most cases without issues.
Block it. It does not need internet access. (Unless there is some kind of search for file on the internet type of thing, but that is not needed)
Explorer will try and connect out when performing a search, you can block this.
The UDP you mention, this looks like Explorer is attempting SSDP discovery(uPnP) to your router, if you do not use the SSDP service, (SSDP(uPnP) is capable of opening ports in the router, so it is best to disable if you do not use this),... you can disable this by going to "start / run" in the window that appears type "services.msc" (without the ""),... in the services window that appears, look down the list until you find "SSDP discovery service",.. double left click to bring up the properties window,.. click "stop" and then change the startup type to "disabled"
Thanks for the tip. A little off topic. I did notice 'Remote Access Connection Manger' and 'Remote Procedure Call (RPC)' services also running. Any concerns there ? Is there a sticky somewhere where the more 'dangerous' services are identified ?
If you disable this, it may cause you problems.
DO NOT DISABLE If you disable this it WILL cause you a lot of problems.
What is your O.S.?
Have a look at this site it will give you an idea of what the windows services do,... and if they are really needed. Do take care with what services you stop/disable
In addition to the search assistant connection, Explorer will also make connections to check digital certificates.
Right click a signed file and check details for a digital signature to see this.
Connection to crl. microsoft, versign, and comodo .net for instance.
Thanks for that info, learned again something.
Thanks for everyones input
Separate names with a comma.