Results 1 to 4 of 4
  1. #1
    New Lounger
    Join Date
    May 2012
    Location
    Oakland, CA
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Firewall Logs Blocked Access attempts, want to find what program wants out...

    Got an interesting sequence of network access attempts that I want to chase down.

    My system:
    Win10, 8GB Ram, 1TB HD
    Running ZoneAlarmPro Firewall, and ESET NOD32 for AV

    I see in the Firewall Log the following access attempts, all attempting to reach the same external IP address:


    The address 38.7.248.176:443 this address is attempted from within my computer as an outgoing message from many different ports on my computer.

    ZAPro has no further information about this access attempt, other than to say, "You are safe, we blocked it".
    I want to figure out what program is making these access attempts and see about stopping them. I see the same stuff on another of my computers with similar setups.

    I attempted to use SysInternals ProcMonitor without success so far to capture these events, will keep looking...

    Anybody have any ideas how to track these messages back to the source program, whether legit or not.

    David
    Last edited by ruirib; 2016-10-28 at 04:56. Reason: image removed as format not supported

  2. #2
    Super Moderator Rick Corbett's Avatar
    Join Date
    Dec 2009
    Location
    South Glos., UK
    Posts
    2,143
    Thanks
    101
    Thanked 580 Times in 464 Posts
    Several tools spring to mind. An old favourite is another Sysinternals offering: TCPView. This should show you the process, the ports used and the remote endpoint. It's only disadvantage is that you have to keep watching it as it doesn't have built-in logging.

    If logging is important then try Nir Sofer's CurrPorts. This does much the same as TCPView. Read this post and this post for tips on using CurrPorts.

    A third newcomer which looks very promising is GlassWire. This will also do what you want but, as it has its own firewall, may not play well with ZoneAlarm. Have a look at this review of GlassWire for more info.

    Finally, if you want to see what amount of traffic, instead of just identifying processes and endpoints, have a look at another Nir Sofer utility: NetworkTrafficView.

    Hope this helps...

  3. #3
    Silver Lounger lumpy95's Avatar
    Join Date
    Feb 2013
    Location
    Mojave Desert CA
    Posts
    1,845
    Thanks
    258
    Thanked 176 Times in 149 Posts

  4. #4
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,645
    Thanks
    147
    Thanked 884 Times in 845 Posts
    You could have a look in Task Scheduler to see if there are any bogies and also in msconfig/Startup and non-MS services under the Services tab to see if there's anything you don't recognise.

    Give AdwCleaner a run to see what it comes up with http://www.bleepingcomputer.com/download/adwcleaner/ and follow that up with a scan with Junkware Removal Tool - its download link is lower down the page.

    EDIT - Just noticed you are using Win 10 so your Startup items will be in Task Manager.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •