Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SearchUI.exe still send byte to Microsoft


  • Please log in to reply
11 replies to this topic

#1 Pat(rick)

Pat(rick)

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:08:21 PM

Posted 27 August 2015 - 02:02 AM

I already turned off Search Online for the SearchUI.exe

 

But it is still use internet to send something to Microsoft (204.79.197.200), according to TCPView and Task Manager.

 

How to disallow SearchUI.exe from using internet bandwitdh?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 27 August 2015 - 05:24 AM

If you want, you can block SearchUI.exe in your firewall (either your Antivirus' Firewall if you have one, or the Windows Firewall). Block the outgoing connections for it and that should do the trick.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:08:21 PM

Posted 27 August 2015 - 03:49 PM

I still want to use the search to find my files/folders. I just don't want it uses internet connection bandwitdh. Isn't there other way?



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 27 August 2015 - 04:10 PM

Blocking it in the firewall will allow the program to launch, but not to send outgoing connections (and incoming if you block them as well).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:08:21 PM

Posted 27 August 2015 - 05:36 PM

How do I block it with the firewall on windows 10? (Sorry im not familiar yet)



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 27 August 2015 - 08:48 PM

Open the Start Menu and input Windows Firewall, then click on Windows Firewall with Advanced Security
V5pxF1v.png
In the left pane, click on Outbound Rules and select New Rule... in the left pane. From there, select the first option Program and browse to the SearchUI.exe executable. Make sure Block the connection is checked, all the profiles are checked and name that rule. Once done, click on the Finish button.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:08:21 PM

Posted 28 August 2015 - 04:16 PM

Thank you very much :)



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 28 August 2015 - 04:17 PM

No problem Pat(rick), you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:08:21 PM

Posted 28 August 2015 - 10:04 PM

Sorry to revive this thread again.

 

It seems like Search is still using network :S

 

 

In task manager -> App History -> Network, it recently says 0.3 MB


Edited by Pat(rick), 28 August 2015 - 10:04 PM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 28 August 2015 - 10:07 PM

Add an Inbound Rule for it as well then. It'll block the communications in both ways.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Pat(rick)

Pat(rick)
  • Topic Starter

  • Members
  • 447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North America
  • Local time:08:21 PM

Posted 30 August 2015 - 10:50 AM

Thank you very much again :D I think it's fine now



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,539 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 30 August 2015 - 10:51 AM

No problem, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users