Proc. Guard Int Access?

Discussion in 'ProcessGuard' started by Harold77, Mar 9, 2004.

Thread Status:
Not open for further replies.
  1. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    At random I get requests from my firewall, LNS 2.05 B2, for internet access for PG_msgprot.exe.

    Is there any reason for PG to need internet access?

    If not, what could be triggering this request?

    I haven't been able to narrow down any particular actions or conditions which would tell me what's going on since this has happened twice in the past two weeks.

    I'm using PG 1.30.:)
     

    Attached Files:

  2. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hmm, one thing I can think of is possibly you have run some file over a network and PG tries to read that file to display its icon?

    PG has no winsocks/internet code in it besides opening up IE to go to a website when you click on one of the help links.

    Hope that helps.

    -Jason-
     
  3. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    I'm not on a network... just a stand-alone computer.

    I don't consider this a major problem since I just block it and forget about it, but some people are so paranoid, that something such as this may start up that "phone home" silliness that you had to deal with last year with TDS-3 if anyone else reports a similar event.:)
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    It is strange because it has no network code in it at all. At least in Process Guard. Maybe some of the microsoft dll's it uses are doing something. :)

    -Jason-
     
  5. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    Other than the default settings that PG uses at installation, I only have NOD32.exe, BOClean.exe, Looknstop.exe and nod32krn.exe protected.

    If this happens again I'll pay more attention to what I was doing at the time and send you the PG log file from that instant if you'd like it as well as the firewall log info from that instant as well.:)
     
  6. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Harold, yes it'd be good if you could determine exactly which port it was trying to connect to, and also what remote IP address -- I have a strong suspicion that the IP address will be local to your system

    Best regards,
    Wayne
     
  7. Harold77

    Harold77 Registered Member

    Joined:
    Jan 15, 2003
    Posts:
    54
    OK, now I'll just wait around to see if it happens again... stay tuned.:)
     
Thread Status:
Not open for further replies.