Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Windows System Network Connections


  • Please log in to reply
5 replies to this topic

#1 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 03 November 2015 - 12:56 AM

Any idea what these Windows system connections were for? Just want to know so I can decide whether to block the destinations, or executables in my firewall.

They occurred while I was logged in, but not running anything yet. There are other connections, but I've listed these ones because they seem to be new to Windows 10.

Name:  SIH Client
Version:  10.0.10240.16384
File Path:  C:\Windows\System32\SIHClient.exe
Connection Origin:  local initiated
Protocol:  TCP
Local Address:  EDITEDOUT
Local Port:  49487
Remote Name:  sls.update.microsoft.com
Remote Address:  157.55.133.204
Remote Port:  443 (HTTPS - HTTP protocol over TLS/SSL)

Name:  Microsoft Compatibility Telemetry
Version:  10.0.10240.16384
File Path:  C:\Windows\System32\CompatTelRunner.exe
Connection Origin:  local initiated
Protocol:  TCP
Local Address:  EDITEDOUT
Local Port:  49491
Remote Name:  settings-win.data.microsoft.com
Remote Address:  64.4.54.253
Remote Port:  443 (HTTPS - HTTP protocol over TLS/SSL)

Name:  Microsoft Feedback SIUF Deployment Manager Client
Version:  10.0.10240.16384
File Path:  C:\Windows\System32\dmclient.exe
Connection Origin:  local initiated
Protocol:  TCP
Local Address:  EDITEDOUT
Local Port:  49509
Remote Name:  settings-win.data.microsoft.com
Remote Address:  64.4.54.253
Remote Port:  443 (HTTPS - HTTP protocol over TLS/SSL)

Edited by hollowface, 03 November 2015 - 12:57 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • ONLINE
  •  
  • Gender:Male

Posted 03 November 2015 - 06:26 AM

sls.update.microsoft.com is used by the Windows Update service to check for updates, you'll see this domain all over the WindowsUpdate.log. If you block it, you won't be able to download any Windows Updates anymore.

settings-win.data.microsoft.com is related to the telemetry feature of Windows. Blocking it shouldn't have any major impact on your system.

https://support.microsoft.com/en-us/kb/3068708

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 05 November 2015 - 02:01 AM

Thanks for the link and info. I haven't created any permenant rules yet, but for the moment I'll be blocking them when prompted by my firewall.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:58 AM

Posted 05 November 2015 - 06:18 AM

Alright, like I said, you might want to leave the sls.update.microsoft.com domain go through. Well, once you realize that Windows won't update anymore, you probably will :P

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Guest_hollowface_*

Guest_hollowface_*

  • Guests
  • OFFLINE
  •  

Posted 06 November 2015 - 01:37 AM

I don't install updates on a frequent basis, I tend to do so in bulk once in a blue moon. I can always unblock the connection in my firewall at that point in time. I already set my network connection as metered so that Windows Update won't automatically download updates, but it's nice to have it blocked in the firewall too as insurance.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,607 posts
  • ONLINE
  •  
  • Gender:Male

Posted 06 November 2015 - 06:27 AM

You could always make these domains point back to 127.0.0.1 in your hosts file, but if you were to post a log with the content of the hosts file here, we could assume that you are using an illegally activated version of Windows (since there's a loader that add sls.update.microsoft.com to the hosts file as a way to not force the verification of the product key).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users