Over 1 million tech questions and answers.

Capture firewall discard Events - HowTo use Message Analyzer to find out which rule blocks outbound traffic?

Q: Capture firewall discard Events - HowTo use Message Analyzer to find out which rule blocks outbound traffic?

Dear all,
it should be possible to
"Capture firewall discard Events - This feature allows you to discover how the firewall is affecting network traffic. New messages tell you when traffic is blocked and associated IDs point to the specific firewall rule responsible
for dropping the message."
Source
Does anybody of you know a little bit more about how Message Analyzer has to be configured to show which rule blocks (in my case Outbound) traffic?
This would be a great improvement to the pfirewall.log, where this important information is missing...
Best regards

Peter

Read other answers
RELEVANCY SCORE 200
Preferred Solution: Capture firewall discard Events - HowTo use Message Analyzer to find out which rule blocks outbound traffic?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 93.6

I need help forming an outbound rule for the firewall in vista home premium 32 bit. I am using Windows Mail, and the Windows firewall, and Norton internet security 2008. I don't use the Norton Firewall.


I have turned on the outbound firewall and have been creating rules for Firefox, Skype etc. this works ok. But Windows Mail is being blocked, because the virus scanner in Norton is not allowed to proceed. After creating a rule for Windows Mail, if I turn off Email scanning in Norton, then the mail connects thru the firewall ok.


My principle problem , and what I seek advice on, is that I cannot figure out which Norton program or service to allow in a rule. Norton has hidden itself pretty well. This is all for the outbound firewall protection, not inbound. So I would appreciate someone to give me some step by step advise on creating such a rule.


I want to keep using the Windows Firewall.


Thanks in advance,
Homer_at

A:Advice on creating outbound firewall rule

It will be an .exe file in the norton programs file. You need to create a rule to allow the Liveupdate application to outbound connect through the firewall.

The best way to figure out what programs need outbound connection access is to open up Windows Defender, and look at the programs under the software explorer, and then check the file path for its location.

Read other 1 answers
RELEVANCY SCORE 92.4

I have a windows service, running with Local System account, which downloads files using windows BITS service (my windows service references Microsoft.Msdn.Samples.BITS.dll to manage windows BITS jobs).
Everything works fine having the below windows firewall outbound rule:
Protocol=TCP, Local port=Any, Remote port=80, Program="C:\Windows\System32\svchost.exe" Service="BITS" Action=allow
Windows Firewall is configured to block all outbound/inbound connections and allow the configured rules only. OS Win 7.

If I change my windows service user to Local Service / Network Service account it does not work anymore, unless I remove Service="BITS" from the firewall rule:
Protocol=TCP, Local port=Any, Remote port=80, Program="C:\Windows\System32\svchost.exe" Action=allow
Do you know how to properly configure windows firewall outbound rule in this case?

Thank you!

Read other answers
RELEVANCY SCORE 92.4

Just wondering if anyone else is having this issue or can test it on their machine to eliminate possible install corruption on my end.
Thanks

A:Firewall Crashing When Adding New Inbound/Outbound Rule

Did you check in the Event Viewer what module makes it crash when you try to add a rule?

Read other 11 answers
RELEVANCY SCORE 92.4

The current situation:

I disabled network connectivity to a particular IP on my Windows computer. In other words, if my system tries to connect to the internet through that specific IP address, it will not be able to do so.

I disabled the connectivity as mentioned above, by following the steps described in the following post: How can I disable network connectivity to a particular port or IP address in Windows?

My Goal:

I would like to allow one single program on my Windows to use that IP and connect to the internet through it (right now that program, like all programs, cannot access internet through that IP, due to the above-mentioned outbound rule).

In other words, my goal is to create an exception to the above mentioned outbound rule, that will allow that specific program to access the Internet through that IP. The outbound rule should apply to all programs and services, except one.

How can I configure things to work this way? Could you please help me?

A:How to Make One Exception to a Windows Firewall Outbound Rule?

Hi yoyoamor,
Use this guide to configure the firewall.
70-680 Study Guide: Configure Windows Firewall

Read other 1 answers
RELEVANCY SCORE 84.4

With Vista Home Premium x64, I can't get Windows Firewall to stop blocking incoming connections. As administrator, I have gone into Control Panel->Administrative Tools->Windows Firewall with Advanced Security, then clicking on Windows Firewall Properties, I set each of the Profiles (Domain,Private,Public) to allow incoming connections. Then I chose to Log Dropped Packets and Log Successful Connections. Now whenever I get inbound connections, I get messages in my firewall log saying those connection attempts have been dropped, such as:

2009-03-17 14:58:27 DROP TCP 192.168.0.100 192.168.0.104 1024 5009 52 S 2450412696 0 65535 - - - RECEIVE

But I've set the firewall to allow incoming connections. Soooo, I dont get it? How Windows Firewall log that its dropping connections when its set to allow incoming connections. Now I honestly wouldn't care, except that even if I turn Windows Firewall off I still can't receive inbound traffic. I have no idea what's going on. Does anyone have any suggestions?! I've been working on this and googling for 7 hours!

A:Windows Firewall ALWAYS Blocks Incoming Traffic

Have you installed any anti virus on the system. If yes then check its firewalls. If not then try to disable the windows firewall for sometime.

Read other 5 answers
RELEVANCY SCORE 84.4

I want to capture both local and network traffic for connections and disconnections unrelated to http
Capture filter "(tcp.RST || tcp.SYN) && tcp.Port != 80 && tcp.Port != 443"

I found that I can do one or the other, but when I add both below, I capture neither ???
>> What is the trick to capturing both ?
Thanks

Read other answers
RELEVANCY SCORE 84.4

Hello,
I've used Message Analyzer in the past to decrypt HTTPS traffic after importing the certificate used by the web server and it was a tremendous improvement over Netmon & NMDecrypt.    I'm looking at a trace I took of LDAPS traffic (TCP.port==636)
and the traffic after the SSL handshake Message Analyzer is not decrypting the traffic.   

Is the decryption sub-routines in Message Analyzer only supposed to work with HTTPS traffic, or should we be expecting to see success on LDAPS traffic as well?
Thank you,
John

Read other answers
RELEVANCY SCORE 83.2

Hi,
Is is possible to monitor the DHCP server logs and traffic on a Windows 2012 R2 DHCP load balanced server using Message Analyzer?
Mike

Read other answers
RELEVANCY SCORE 83.2

Message Analyzer has not had any significant updates (apart from minor parser updates) for some time. The mechanism that out-of-the-box Message Analyzer uses to decrypt
TLS is based on access to the server certificate private key (and therefore does not work with ephemeral session keys). Since Message Analyzer is very flexible and configurable, I wanted to check whether it could be adapted to use SSLKEYLOGFILE information
and indeed the answer is yes.
 
The OPN programming language is Turing complete, but it would not be an ideal choice for implementing all of the necessary cryptographic routines that are needed for
this task ? it would be better to use existing cryptographic libraries. Fortunately OPN does include a mechanism for calling external routines ? the ?Handcoded? declaration:
 
binary DecryptData(string suite, byte ct, array<byte> ver, binary data, array<byte> key, array<byte> salt, ref array<byte>
iv, long ctr, out bool ok) with DeclarationInfo { Handcoded = true };
 
One simple way of using this is to place the ?Handcoded? definitions in a small OPN ?module?. The OPN has to be included as a resource in the DLL built from the ?Handcoded?
implementation. The resource is located by means of a .NET assembly level attribute:
 
[assembly: ExtensionOpnModel("TLSex.opn", false)]
 
The exposed hand-coded routine also needs to be decorated with attributes (for the containing ... Read more

Read other answers
RELEVANCY SCORE 82.4

While I open my the ETL file captured in Windows 10, the PID/VID seems to be incorrect (compared to what I read in Network Monitor 3.4 and I plugged the devices myself, I know what's the right VID/PID).
I did discover there are some error messages in the log, and I only put two examples below,
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(173,45-173,62):  undeclared 'EventTemplate_130'
10/28/2015 3:29:17 PM Error C:\Users\IBM_ADMIN\AppData\Local\Microsoft\MessageAnalyzer\OPNAndConfiguration\OpnForEtw\OpnForEtwProcess\TCPIPComponentExt.opn(197,50-197,67):  undeclared 'EventTemplate_130'

Could you help me to understand what I should do to overcome it?

Read other answers
RELEVANCY SCORE 82.4

Upgraded to Windows 10 today, and Message Analyzer no longer seems to be capturing traffic (build 4.0.7540.0).

Get-NetEventSession shows that there's a session running, but nothing shows up in the Message Analyzer window.
 

Read other answers
RELEVANCY SCORE 81.6

Hi!
Is there a way to look inside GRE tunnel traffic captured with Wireshark in Message Analyzer? I'm troubleshooting a scenario where I need to correlate event log entries from a server with network trace captured on by another person using ERSPAN protocol.
Thanks,
Ivan

Ivan Seriavin

Read other answers
RELEVANCY SCORE 81.6

My OS is windows10, Message Analyzer version is 1.3.1. Blueooth dongle is CSR bluetooth4.0 USB dongle.
I want to know:
1. Does Message Analyzer support bluetooth ? Can I use it to capture bluetooth package ? If yes, how to configure it ?
2. Dose Message Analyzer can parse bluetooth package, such as parse HCI cmd, HCI reply, L2cap request and L2cap reply and so on ?

Read other answers
RELEVANCY SCORE 81.6

Hi Team,
We followed to this url for use of remote interface capture
Remote Capture with Message Analyzer.

we followed the document of Message analyzer for capturing rdp session data.But that not helped us.
Both systems are in same network domain
source (physical , win 10 OS)
target  (vm , WIN 10 OS)

winRM services are running on both sides. 
Still we are unable to get the rdp data remotely.
Could u please suggest us to get the rdp session hex dump data remotely form message analyzer.

Read other answers
RELEVANCY SCORE 78.4

Help!  How do I get this to capture an anylze a USB data trace.
Capture and view USB traces with Microsoft Message Analyzer
Was no help at all as it doesn't seem to apply to this release.
I have however managed to capture a USB trace which I think contains what I need.  However I cannot work out how on earth to just display the data flow on the USB port.  Please help - this new release seems impossible to work out how to get it
to show what you want.




Dave Partridge

PS PLEASE make the CAPTCHAs less hard - it took FIVE attempts to get past them

Read other answers
RELEVANCY SCORE 77.2

Where exactly can I call the built-in Win7 firewall setup dialog?
I want to verify (and possibly create new) fireall rules

Peter

A:Where exactly do I find Win7 firewall(rule) setup?

Courtesy of Brink...

Windows Firewall - Turn On or Off

** EDIT **

And rules ...

http://www.brighthub.com/computing/w...les/40014.aspx

Read other 3 answers
RELEVANCY SCORE 69.2

I came across an interesting anomaly the other day.

I was reviewing our usage graph for the past few days, and noticed something odd. For the past week, we have had 24 hours of steady outbound traffic. It is very minimal as far as bandwidth goes, only 0.6kbps/s or so. But it never falls below that and it never stops.

I am about 99.9% sure we don't have any nasty virii, as we are running Symantec Corp AV, and have tested negitive for Netsky. Wa also have a SOHO 6tc with all outgoing ports closed but HTTP, HTTPS, DNS, and FTP.

What else could be causing this outbound traffic? I do have one pesky user who seems to always 'forget' to log off at night. He leaves his streaming music running 24/7. Drives me crazy. Could that be it?
 

A:Mystery outbound traffic

Can you put either a sniffer or network monitoring software on a computer. Easy way to see what traffic is coming and going from each computer.
 

Read other 3 answers
RELEVANCY SCORE 68.4

My ISP charges for outbound traffic, even though they dont pay for it. According to them it is to stop people sharing files and stuff illegally. In my case, it's accounting for 10% of my allowance, and I've tried everything I can to stop it.

Somehow, people are getting into my network and transferring data. I've blocked all the ports for P2P programs that I can find, I've set up OpenDNS, I've told the kids to stop using P2P and Torrent programs.

My router (DLINK DIR655), doesnt tell me anything.

In the 29th of June I had uploaded 2314mb. On the 30th it was 5564mb (I got this from the Optus website), yet the kids say they didn't upload anything, and looking at their computers I can't see anything to prove that they did. So I have to give them the benefit of the doubt.

Is there a way to lock my network down so that they can't share stuff or open ports and no one can get in?

Is there a way to block the installation of programs on their computers without setting them up as standard users and creating an administrative nightmare for myself? I've looked at parental controls but it doesn't offer a suitable solution.

Is there any software that can keep a history of what ports have been opened on a network and what data has been moved around?

This is driving me nuts.

Tanya

A:Blocking outbound traffic (data out)

hi !

what firewall are you using ?
it should be able to provide you with the history.

are you letting the kids use your ADMIN-account ??
of course they should use a USER-account, otherwise they can install software & change important settings and mess up your computer.

Read other 2 answers
RELEVANCY SCORE 68.4

Hi,

I think I have a new infection that I have not been able to cure using several tools. Description is as below.

OS - XP SP3
After computer start up, svchost.exe goes crazy, high cpu utilization and increasing memory usage. After a while the computer runs out of memory and freezes.
The svchost.exe service with PID 1640 starts to spew out port 80 requests to a large number of IP's from sequential ports on mynsystem. I can see a large number of established port 80 connections to these remote IP's when I run a netstat -ano

Any advice on how to tackle this issue? I have run combofix and it does not find anything.

Cheers,
Matt

A:New Infection - Heavy outbound Traffic

Hello and welcome..Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will ... Read more

Read other 1 answers
RELEVANCY SCORE 68.4

Suddenly, last week, I started getting a Norton popup telling me to run Power Eraser because it's detected a large amount of suspicious outbound traffic. I ran Power Eraser, but it found nothing. I also did a full system scan and found nothing. I am a pretty savvy computer user, but I could use some help with this one please.  Thanks!DD

Read other answers
RELEVANCY SCORE 68.4

I am having an issue with logmein.com The Fios tech tried to help but they did not fix the problem that I am having. I have the actiontec mi424wr this is the error message I get under the security log of my router

Nov 4 13:20:05 2007
Outbound Traffic Blocked - NAT out failed First packet in connection is not a SYN packet: TCP 192.168.1.2:3570->69.25.20.193:443 on ppp1

I could get to any other site except www.logmein.com

I could ping the site 69.25.20.193

What do you think this f'in problem is????
 

Read other answers
RELEVANCY SCORE 68.4

Suddenly, last week, I started getting a Norton popup telling me to run Power Eraser because it's detected a large amount of suspicious outbound traffic. I ran Power Eraser, but it found nothing. I also did a full system scan and found nothing. I am a pretty savvy computer user, but I could use some help with this one please.  Thanks!DD

A:Norton - Outbound traffic detected

I don't know Norton anything, but me thinks that to get a response here, you need to give a bit more information, such as:
What Norton product?
On what computer? which Windows system?
Can you list some examples of those detections?
What applications?
To what IP?
etc

Read other 3 answers
RELEVANCY SCORE 68.4

started in the afternoon. many alert messages from Malwarebytes and Norton.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 3/31/17
Protection Event Time: 8:54 AM
Logfile: blocked outgoing mar 31.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1637
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: video.leadzu.com
IP Address: 94.24.114.21
Port: [61890]
Type: Outbound
File: C:\Windows\SysWOW64\regsvr32.exe

(end)

need help
 

A:outbound traffic from regsvr32.exe today

ok, got the frst and addition files
 

Read other 1 answers
RELEVANCY SCORE 68.4

Ok, so my computer was having connection problems, and basicly, when I did the scan, this came up.
"Your system can not send or receive fragmented traffic over IPv6.
The path between your network and our system supports an MTU of at least 1280 bytes. The path between our system and your network has an MTU of 1276 bytes. The bottleneck is at IP address 2001:470:0:136::2. The path between our system and your network does not appear to handle fragmented IPv6 traffic properly."

I have no idea what this is and how to fix it.
Ideas?

A:Certain TCP protocols are blocked in outbound traffic?

Scan- ICSI Netalyzr

Read other 7 answers
RELEVANCY SCORE 68.4

For about 2 weeks now norton keeps giving a popup saying i have high outbound traffic when i open chrome and to run power eraser to find out what it is. I tried to use power eraser but it said all of the files were fine and the popups continued. Im running windows 7, tried to disable all add-ons on Chrome, reinstalling chrome and doing norton full scams as well as malware scans. the popups persist and i dont know if they are actually from high traffic or if its just a norton problem
 
Here is the popup i keep getting.
http://imgur.com/dYHlv4U

A:Norton saying high outbound traffic

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 1 answers
RELEVANCY SCORE 68.4

I am having an issue with logmein.com The Fios tech tried to help but they did not fix the problem that I am having. I have the actiontec mi424wr this is the error message I get under the security log of my router

Nov 4 13:20:05 2007
Outbound Traffic Blocked - NAT out failed First packet in connection is not a SYN packet: TCP 192.168.1.2:3570->69.25.20.193:443 on ppp1

I could get to any other site except www.logmein.com

I could ping the site 69.25.20.193

What do you think this f'in problem is????
 

Read other answers
RELEVANCY SCORE 68.4

help, I keep getting a pop up every 2 secs saying outbound traffic detected and no matter what I do it won't go away I have run Norton power eraser and it came up with something so I selected fix this and reset the computer once done but once the comp turned back on it was still there. I hope someone can help me with this 😒

A:Security risk Outbound traffic

Hello tambax33 and
Your topic reads as if the system has a persistent malware threat, and that issue is not normally dealt with in this subforum.
 
A forum Moderator/Administrator will move your topic to the correct subforum soon.
 
Thank you.

Read other 3 answers
RELEVANCY SCORE 68.4

I'm working on a friend's computer (Win7 x64).  He claims that internet access has slowed down a lot recently.  He described that Norton (installed) kept popping up a dialog "Outbound Traffic Detected" which indicated that a large amount of suspicious outbound traffic was detected (see "Capture.jpg" attached).  He ran Norton Power Eraser and it supposedly repair some items.
 
I scanned using TDSSKiller, Adwcleaner, Norton, Malwarebytes & ESET Online Scanner and nothing major was found (Adwcleaner found a few minor issues - the other 3 programs, nothing). During some of the scans, I saw the same Norton dialog box and I also saw the open Norton console close on it's own.
 
I took the drive out of his PC and placed it in mine. Scanning with some of the same tools revealed no issues.

A:Norton Outbound Traffic Popup

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
RemoveProxy:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-834330668-3056568235-258062683-1000\...\Run: [Y0N0Cpzx4r6] => "C:\Users\John Morris\AppData\Roaming\Oracle\bin\javaw.exe" -jar "C:\Users\John Morris\jLoFSvCApdX\kavs50pnQtb.PgcomH"
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
ProxyServer: [.DEFAULT] => http=127.0.0.1:54045;https=127.0.0.1:54045
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (InboxNow) - C:\Users\John Morris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjhofhakdnfjgeobcioadclaekfbhndl [2015-12-10]... Read more

Read other 5 answers
RELEVANCY SCORE 67.6

I have used the free ZoneAlarm basic firewall for years and never observed this behavior -- it is blocking outbound legitimate traffic. For example, Mozilla Firefox access to the Internet is set to "allow" under Program Control. Still, I get the ZoneAlarm Security Alert that says "the firewall has blocked Internet access to [whatever site] [IP address] (HTTP) from your computer [TCP Flags: S]". These are legitimate sites like cnn.com. When I change the "Internet Zone Security" level from High to Medium, then my computer is allowed access to the Internet. But I don't want ZoneAlarm to be on Medium, I want it on High. Like I said, I've never seen this before and I don't think I have a virus (just scanned with McAfee). Can anyone help? I'm thinking there may be a simple solution but I just haven't found it. I'm running the latest version, 7.0.473.000.

A:Zonealarm Blocking Outbound Legitimate Traffic

Hello Everyone!!

I came in to ask for help but apparently I have got a very similar problem than Sandbox...

I Installed Zone Alarm yesterday night since my McAfee was about to expire and I wanted to try something new, Zone Alarm was recommended to me and I used to have it installed in my computer at work and never gave me any problems.

So I installed yesterday and It worked beautifully!! Didn't give me any problems at all and I was very happy!!

Then, I turned off the computer and headed to bed, and now this morning, everything seems to be working fine except I cannot open Internet Explorer nor Firefox!!

I know I have internet because I also have Lingo Phone service and this does work, everything else in the computer has been working fine except anything to do with internet, (I even tried using MSN and it wont start). And I don't get any alert from Zone Alarm.. just the same ol' "page cannot be found"

I checked the permissions just like Sandbox said and these programs are both allowed... My security in internet is raised to "High" as well.. but will it hurt my computer if I change to medium?

I also noticed:

vsmon.exe running
MRT.exe

I know Vsmon.exe is related to Zone Alarm but can't find more info about it (the computer I'm using is ridiculously SLOW, Every time I want to open new page It gets stuck for some minutes... I'm sorry )
Anyways thank you so very much!!

(I'm sorry, Relatively new user... I ... Read more

Read other 5 answers
RELEVANCY SCORE 67.6

Metapacket analyzes outbound network traffic to flag and block malware:

Metapacket, one of YC?s current batch of startups, is hoping to get its SaaS on corporates? list of essential threat detection software with a technique to stop malware attacks by analyzing outbound network traffic to determine whether it?s human or not.

Rather than by trying to assess where data is being sent, to try to ID suspicious outbound connections, its technology focuses on trying to determine whether network traffic is really being generated by a human or not. And thereby, it claims, catch (and block) malware in the act of relaying pilfered data elsewhere.

?Malware cannot completely mimic human beings? behavior and the whole functioning operating system plus browser when it?s surfing the web,? says founder Nir Krakowski, who along with his co-founder has a background working for the Shin Bet Israeli state security agency.

?We know how attackers work, how they think, how they strategize? That?s when I realized we had to do this in order to catch them where they?re going to be? is how he explains the thinking behind the startup.

?There?s a tactical reason why malware uses web communications and not other things ? because initially it wants to look as human as possible. 99.9% of the traffic out there is web-based. And it wants to hide itself in plain sight, between user interactions. But it can?t do that completely,? he adds.

Trying to ID malware based on wher... Read more

Read other answers
RELEVANCY SCORE 67.6

The topic title listed in the subject line of this post pops up on my computer screen randomly every once in a while completely disrupting whatever I am doing.  It sometime causes a web page to crash so I need to start again.  I have literally been trying to write this post all day.
 
Full text of the pop-up is:
Security Request
Outbound Traffic Detected
We have detected a large volume of suspicious outgoing traffic on
your system.  Your computer may be infected with something that
Norton Power Eraser can detect and remove
Do you want to run Norton Power Eraser?
 
If I run Power Eraser it does nothing.  When I cancel the window it comes back.  Can someone please help me remove this?
 

A:Security Request Outbound Traffic Detected

Hello can you run these??You may need to disable NORTON TO RUN SOME/MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.TDSSKillerDownload TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.AdwCleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

Hello,
 
My wife's Avast recently began informing her that it was blocking outbound traffic. I had her download MalwareBytes and run a scan on it. It detected multiple files, but we're now getting notifications from MalwareBytes pretty much continually regarding blocked outbound traffic. The port being blocked constantly changes, but the substance of the notification is as follows:
 
Malicious Website Blocked
Domain: zzsqluwqmgjbjfjow.com
IP: 185.48.58.8
Port: 58264 (This changes, as though it's scanning ports; 58268 is another one that pops up)
Type: Outbound
Process: C:\Windows\explorer.exe
 
Hopefully one of the wizards here can help get to the bottom of this. Thanks!
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Silverluna518 at 20:46:29 on 2014-10-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3990.848 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Win... Read more

A:MalwareBytes Continually Blocking Outbound Traffic

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552845 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 67.6

Hello.

I was running Windows 8 x64 without any issues. Recently I updated to 8.1 and am having a weird issue.

The internet works fine for general browsing and even for streaming like netflix or pandora/spotify. However, when I am using a program other than a web browser that pulls information in from a server based on data that I enter, it seems like it isn't going through. It is like the program doesn't even see the internet.

I am a pilot and have a program that allows me to input data and retrieve charts and other pertinent information for my proposed route. When I enter in the data and press the button to retrieve the charts, etc, I get a message saying error downloading files. At first I thought it was this program or a problem with their server. However, over the past days every program that I use that pulls information from the internet is doing the same thing more or less. I have weather planning programs that can't get map or weather data; I have flight and rout planning programs that can't even retrieve the listing of airports, and I have performance calculators that will not receive any information. These are just some of the programs that I use. They are all made by different developers and connect to different servers. I can't even get a basic application to receive NOAA weather data.

I tried adding a firewall rule for the applications and when that didn't work, I disabled the firewall all together through the advanced settings. I also disabled windows defe... Read more

A:After updating to 8.1, inbound/outbound traffic blocked

I just found a more relatable example of when this is noticed. I was trying to add a local USB printer through the Windows Add Printer dialog. When I click the button to update the list of printers, I get a message saying: "Unexpected error occurred when downloading printer list. Check your connection."

Read other 7 answers
RELEVANCY SCORE 67.6

Hello everyone!
 
I am having some possible malware issues on my Windows 10 Home 64bit desktop.  It started with a ton of popups that malwarebytes helped me remove, but now i see pop ups multiple times in an hour from mwb telling me it blocked traffic. I have FARBAR . I would love some help. Thank you in advance
 
 

A:MWB blocking OUTbound traffic from unknown sources

I am attaching the mwb log from today if that helps.

Read other 0 answers
RELEVANCY SCORE 67.6

Was wondering if there was a tool to "trace" or somehow follow my outbound traffic. The reason, so I might get some alternate ideas on a fix, is I have accumulated a lot of Bing search rewards and thought I might cash them out. I did this 4 to 5 month ago no problems. Check that I was denied on I.E. then used Firefox successfully. After trying I.E. Firefox and Chrome I submitted a ticket to support. They sent me an e-mail back saying I could not alter my bing account with VPN or any datacenter services. Thinking I had none of these I tried again on laptop other desktop tablet and phone to no avail. So I then stripped my network down to 1 desktop wired to ATT router to internet again declined. Is there anyway to see if my traffic after my ATT router is being sent through a IP that would cause this?
 

A:Solved: Tool to follow outbound traffic.

Got it fixed. A bit of foolishness. The VPN proxy and datacenter rule is because they don't want you to hide your actual IP from them. Pain in the keister and unnecessary so I had to turn off my proxy settings for a moment. Sorry for anyone that dug around looking for a zebra solution to a pony problem.
 

Read other 1 answers
RELEVANCY SCORE 67.2

Hello
 
I activated a trial version of Malwarebytes Anti-Malware today and everytime I open Firefox, it blocks an outbound connection to some website. This is the log of the block:

Spoiler
Detection, 2016-07-20 19:41, SYSTEM, FILIPI-PC, Protection, Malicious Website Protection, Domain, 144.76.105.237, vidrafeed.altervista.org, 49394, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

 
I ran a full scan with MB but it found nothing. I searched the problem on google but on every thread it said "this solution is for the specific user only" or something so I didn't know where to go from there.
 
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-07-2016
Ran by Filipi (administrator) on FILIPI-PC (20-07-2016 18:51:10)
Running from M:\Vital F\Vista Desktop
Loaded Profiles: Filipi (Available Profiles: Filipi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(The Within Network, LLC) C:\Wind... Read more

Read other answers
RELEVANCY SCORE 66.8

Hey Guys,

I noticed many applications have different ports for outbound and inbound traffic. Does outbound traffic need to be port-forwarded if you are behind a router? I know that inbound does, but outbound?? Thanks.
 

A:Solved: Does outbound traffic need to be port-forwarded on a router?

In the context that you're speaking of: No.

Generally firewalls have a state table. The state table inspects the IP headers of a packet to look for the source/destination port. When you create this connection an entry is stored in the state table that will allow traffic in/out on the source/destination pair.
 

Read other 3 answers
RELEVANCY SCORE 66.8

I'm looking for a good network analyzer software that allows me to monitor the network. maybe have some features on discovering devices, ports, bandwidth in a certain amount of time, etc. Thanks.
 

A:network traffic analyzer

That would depend on the network topology. Any global network monitoring will have to be done with access to a common point where all the traffic converges. Addressed traffic between workstations will go directly between them via any switches and gateways in the path, so you can't do this with just a workstation.
 

Read other 1 answers
RELEVANCY SCORE 66.4

I've run Avast antivirus and Malwarebytes and cleared the infected objects. Subsequent scans came back clean. My Powershell starts up randomly and Malwarebytes is regularly popping up saying it blocked outbound from Powershell. I've ran TDSSKiller and Farbar Recovery Scan Tool.

I've already marked this to Watch and receive emails.
 

Read other answers
RELEVANCY SCORE 66.4

Hi all,I noticed some seriously degraded performance on my PC and about twice as much outbound network traffic as inbound. Ultimately my browser started redirecting to the wrong pages from Google search results and random pages would load out of the blue. Often the CPU would ramp up to 100% without any programs running. I ran a few of the recommend apps including MBAM, SAS, Sophos Anti-Rootkit and ESET as advised in some of the forum posts. This lead me to eliminate some problems, but the system is still having issues. Primarily McAfee is disabled and when I hit the "Fix" button, it returns the error "". After 10-20 minutes the PC is so busy it is basically unresponsive, to the point where I can't get task manager to load.My system rebooted during the GMER scan (I wasn't watching when it happened, so I have no error message to relay), so I can only attach a partial log.Below is my DSS log:DDS (Ver_10-03-17.01) - NTFSx86 Run by Chris at 20:34:43.57 on Thu 09/16/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1651 [GMT -4:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe ... Read more

A:McAfee Disabled, poor performance, lots of outbound traffic

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

Read other 60 answers
RELEVANCY SCORE 66

Hi everyone!!!

I've been tasked with running message analyzer to determine if data is encrypted from an endpoint. We are using MBAM and want to ensure that any data sent to MBAM application server is encrypted. Now, we know it is via https, but, we still need to verify this
(for audit purposes).

Can anyone provide some insight as to how I could use microsoft message anaylzer (or perhaps something better) ?

We are planning to run a capture for 24 hours. We also want to ensure data is encrypted from app server to sql server. 



Thanks all! 

Read other answers
RELEVANCY SCORE 66

Hi guys,

I hope you guys could provide me with a few sites on

Traffic Generator Functions or Performance Analyzer

these are for networking, layer 1 and layer 2 switches
I cant seem to find any, so i hope you guys could help me out
thanks
 

Read other answers
RELEVANCY SCORE 65.6

LIke many here in this forum, I have been plagued by Malwarebytes displaying a message about every three seconds telling me that it has blocked an outbound virus. The message reads like this:
___________________________________________________________________________
 
Malwarebytes Anti-Malware
 
 Malicious Website Blocked
 
Domain:    istatic.eshopcomp.com
              
IP:               205.185.208.26      
 
Port:          58054  
 
Type:        Outbound
 
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Manage Web Exclusions
___________________________________________________________________________
 
In addition to this message, other similar ones have the following differences:
nlw.underwearliftoff.com; 8.34.112.227; 53623
omd.printingsparole.com; 8.34.112.229; 59361
 
I'm running System 7 Professional Sp1 on a ASUS Motherboard with N Intel Core i7-4770K CPU
running at 3.5GHz with 16.0 GB of RAM and a 64-bit Operating System. 
 
A couple of days ago, I spent half the day with Geek Squad who ran their virus cleaning routines not once but twice and didn't get rid of the problem until they finally uninstalled and reinstalled Chrome. 
 
And now it's back. 
 
Any help you can give me would be gratefully appreciated. 

A:Familiar issue: Malwarebytes perpetually blocks outbound viruses

Let's see what the programs below find.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may re... Read more

Read other 11 answers
RELEVANCY SCORE 65.6

LIke many here in this forum, I have been plagued by Malwarebytes displaying a message about every three seconds telling me that it has blocked an outbound virus. The message reads like this:
___________________________________________________________________________
 
Malwarebytes Anti-Malware
 
 Malicious Website Blocked
 
Domain:    istatic.eshopcomp.com
              
IP:              205185208.26      
 
Port:          58054  
 
Type:        Outbound
 
Process: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Manage Web Exclusions
___________________________________________________________________________
 
In addition to this message, other similar ones have the following differences:
nlw.underwearliftoff.com;834112227; 53623
omd.printingsparole.com;834112229; 59361
 
I'm running System 7 Professional Sp1 on a ASUS Motherboard with N Intel Core i7-4770K CPU
running at 3.5GHz with 16.0 GB of RAM and a 64-bit Operating System. 
 
A couple of days ago, I spent half the day with Geek Squad who ran their virus cleaning routines not once but twice and didn't get rid of the problem until they finally uninstalled and reinstalled Chrome. 
 
And now it's back. 
 
I have done what was requested in the previous forums and here are t... Read more

A:Familiar issue: Malwarebytes perpetually blocks outbound viruses

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-312271826-1430807147-1564925630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-312271826-1430807147-1564925630-1000 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Toolbar: HKU\S-1-5-21-312271826-1430807147-1564925630-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF HKU\S-1-5-21-312271826-1430807147-1564925630-1000\...\Firefox\Extensions: [{3f34ed98-04e6-4252-9646-d930abe8bd3b}] - C:\Program Files (x86)\findAdeal\135.xpi => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-17] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\Med... Read more

Read other 7 answers
RELEVANCY SCORE 65.6

Recently Norton power eraser detected a large amount of suspicious outbound traffic. The message has only appeared once and has not reappeared. This occurred when using google chrome to watch a video stream. I have tried using Norton power eraser, and malware bytes but both programs did not detect anything. Should I be concerned?

A:Norton Power Eraser detected outbound traffic. Notification only appeared once.

Wouldn't hurt check further for adware and clean up the computer.
 
If you don't have an ad blocker installed in Chrome I suggest using Adblock Plus - Chrome Web Store
Once installed, click on its ABP icon and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.
 
Suggest you block 3rd Party/ advertising/ tracking cookies from installing after cleaning up with CCleaner.
How to disable third-party cookies in all major web browsers
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Window... Read more

Read other 0 answers