Why Outpost allows Task Manager to connect HTTP-83 and DNS

Discussion in 'other firewalls' started by Atom222, Nov 3, 2013.

Thread Status:
Not open for further replies.
  1. Atom222

    Atom222 Registered Member

    Joined:
    Jun 30, 2013
    Posts:
    1
    Location:
    Lithuania
    I have set newly installed Outpost firewall 8.1.2 on Rules Wizard for a few days and I was surprised to find out today that my Windows 7 task manager (taskmgr.exe) has been allowed the following:

    1) tcp,outbound, HTTP-83
    2) udp, dns servers, dns

    Is this normal? I mean why would Task Manager need to connect to anything or anyone? Should I block it by "blocking all activity"?

    Thanks for your help.
     
  2. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    ofc it seems normal. do you have any additional plugins for TM installed?

    provide the IP for port 83 please or check it yourself on http://whois.domaintools.com/
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    Good question. On port 83 no less (I'm assuming that wasn't your typo). I just played with Task Manager on Windows 7 and didn't see any evidence of networking activity, local or remote. If someone believes it to be normal I think there are two of us that would appreciate an explanation as to what such communications are used for. In the mean time...

    Is that rule explicitly targeting a Windows taskmgr.exe file or a taskmgr.exe file elsewhere? Are there any existing logs which will show what was being connected to?

    Assuming I still had questions, I would set those rules to prompt (or whatever the Outpost terminology is) and investigate the traffic. For example, examine the target server for DNS traffic and confirm that it is what you normally use. If so, I'd allow the DNS requests out. When prompted for the connection attempt, write down the target IP Address and then don't allow the connection to occur. Investigate that target IP Address. If you need more info you could, when prompted for DNS queries, launch Wireshark and capture the DNS requests so as to identify the hostname that is being looked up.

    Edit: It just occurred to me that "HTTP-83", instead of meaning HTTP on port 83, could conceivably mean: ports 80-83. So look for the destination IP Address *and* destination port.
     
    Last edited: Nov 3, 2013
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Unlikely to need it. But, at least in Process Explorer, on the Process properties is a TCP tab, where address resolution can be asked for. And for that, the DNS connection is needed. Don't know about http, never saw it needs out. Outpost will alert if it does want out, then investigate, etc as suggested above.
     
  5. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    IIRC, if SysInternals Process Explorer (a Task Manager replacement we're talking about) is configured to "verify image signatures" it will establish outbound connections on 80. I don't see where Windows Task Manager offers these extra features though. Unless it has been extended by other software.
     
  6. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    FWIW I checked OP's rule on task manager and saw that the opriginal poster was correct it generated those outbound connections.

    So following my boring rule of block by default allow by exception I removed the rules for taskmaster completly.

    I will set OP for a few minutes to rule wizard now and see if it asks for connection.

    More later.:cool:
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    Nah, those rules aren't needed.
    I put Outpost to rules wizard. ProcessExplorer has the rules disabled, and ProcessExplorer64 has no internet rules at all.
    I ran SeaMonkey on few sites, PE shows loopback ports and, as I connected to various sites, it displayed the TCP info and there were no questions from Outpost at all. Not for DNS resolutions, nothing. Just pleasant silence.

    Oh, I just noticed the thread is about built-in Task Manager. ProcessExplorer might be slightly different. Let's see what Escalader sees in TM.
     
  8. 3inchblue

    3inchblue Registered Member

    Joined:
    Nov 24, 2010
    Posts:
    49
    Task Manager listed in the Windows's Task Scheduler.
    AFAIK it would be useful in a corporate environment to have local net connections.
    Probably not needed for a home used.
     
  9. Manny Carvalho

    Manny Carvalho Registered Member

    Joined:
    Jun 3, 2004
    Posts:
    270
    Windows 7 task manager (taskmgr.exe) should not need any internet access. I have no network rules for mine.

    If those rules were made then it must mean that either it was done with automatic rules or manually through the rules wizard. I would be very leery of this traffic and verify that no malware is present. Check to see if taskmgr.exe is actually the legitimate program and it's located in the proper place. Regardless, I think that you need to fully scan your machine and make sure.

    I do have anti-leak rules for task manager since it does interact with the system but no network rules. This is for Win 8 but as best as I recall this is the same for Win 7. I see no need for it to need TCP access or make DNS lookups.
     
  10. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Outpost with auto rule creation does indeed add the http 83.When task manager is started and allowed manually,that rule isn't present.
     
  11. kronckew

    kronckew Registered Member

    Joined:
    Aug 27, 2006
    Posts:
    210
    Location:
    CSA Consulate, Glos., UK
    http-83 refers to the revised 1983 internet spec that added ipv6.;)

    http remains on port 80.
     
  12. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    Well see attached jpg.

    Rule generator does create outbound connections as said earlier.

    When in W7 64 bit I used network resource monitor it needs connection to track / measure how many bytes went in and out by exec.

    If you don't need this (you don't) as OP can tell you this on its own.
     

    Attached Files:

  13. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    huh o_O
     
  14. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,273
    My understanding is this:
    Outpost uses port names for some ports.
    Http can use any of ports 80, 81, 82, 83, of which 80 is named.
    As a range of ports, it is 80-83, and gets displayed as http-83.
     
  15. jnthn

    jnthn Registered Member

    Joined:
    Sep 22, 2010
    Posts:
    185
    I have to agree with this except the crossed out line. Quite simple really to check Outpost's rule creation by making a rule allowing a browser outbound on ports 80 to 83. After rule creation is done, port 80 is regarded as HTTP (IANA well-known port) thus showing HTTP-83 on allowed rule. Actually IIRC, even at rule creation window it would already show as HTTP-83.

    Bottomline is, that rule isn't needed for task manager.
     
  16. Sm3K3R

    Sm3K3R Registered Member

    Joined:
    Feb 29, 2008
    Posts:
    494
    They want you to be wide opened :)
     
Loading...
Thread Status:
Not open for further replies.