Inbound Traffic Host Process For Windows Services

Discussion in 'ESET Smart Security' started by jrizzo, Nov 30, 2008.

Thread Status:
Not open for further replies.
  1. jrizzo

    jrizzo Registered Member

    Joined:
    Nov 30, 2008
    Posts:
    4
    Whenever I start my laptop, ESET shows an alert indicating an inbound threat - see "Alert 1" screen shot below. The application listed is Host Process For Windows Services. The port noted in the alert varies. The IP address for the remote computer varies also.

    The first time I got the message, I created a rule to always deny the traffic. However, doing so prevents me from accessing the Internet or sending/receiving email. From then on, I have checked the "Temporarily Remember"box, then clicked deny and I am able to access the Net and email.

    I'd like to know:

    - What is actually trying to communicate with my computer and why?
    - How can I avoid having to temporarily deny the traffic each time (I don't want to allow the traffic unless I know what it is)?

    I am running ESET Security Suite in Interactive mode - I prefer the control. Any insight/help will be greatly appreciated.

    Also - While traveling for the holidays, I am accessing the Net from a family member's network in another part of the country - different network and ISP obviously. I still get the same alert, but am also getting another alert. Permanently or temporarily denying the second alert prevents Internet access, so I just leave the second dialog box on screen - dragging it out of the way. The second alert does not appear at start up, but at different random times. See "Alert 2" screen shot below.

    ESET-Alerts.jpg
     
    Last edited: Nov 30, 2008
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    It looks like traffic from your router which is probably normal, and the 2nd alert is an IPv6 thing as far as I can see.
     
  3. jrizzo

    jrizzo Registered Member

    Joined:
    Nov 30, 2008
    Posts:
    4
    Thanks funkydude.

    Router traffic was my guess on the first alert, but the IP address is not always that of my router.

    Regarding the second alert, if you have any further insight I'd appreciate it. IPv6 traffic is a good start, but that could be just about anything, right? Malicious or benign.

    Thanks again.
     
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    You can ping that v6 IP, it will probably be a v6 IP assigned by the router (<1ms) or the ISP. I highly doubt it is malicious, especially considering denying it restricts internet access.
     
  5. jrizzo

    jrizzo Registered Member

    Joined:
    Nov 30, 2008
    Posts:
    4
    Thanks. I'll give it a try. I already checked out an IP address (shown below) that appeared in a previous alert. I entered the IP address in my browser and it directed me to Microsoft's default US Home page. I wonder if the alert is related to MS silent update process. I know MS is supposed to be trustworthy, but I am leery of any large corporation that doesn't tell me exactly what they're doing to my PC.

    It's very frustrating having to figure all this out. You'd think computers would do this for you bt now. And, now that I think of it, where is my flying car? ;)

    Alert3.jpg
     
  6. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    NTP (Network Time Protocol) is what's used to sync your system clock to the correct time, I use it on my machine too.

    A general consensus is, if it breaks whilst denying it, allow it, otherwise, deny it. :p
     
  7. jrizzo

    jrizzo Registered Member

    Joined:
    Nov 30, 2008
    Posts:
    4
    Thanks FD. I should have figured out the NTP alert. I think your general rule makes sense and will give it a try. I just wish my PC worked like my Mac. The issue is so much simpler with a Mac. Thanks again! :)
     
Thread Status:
Not open for further replies.