Many Microsoft / Odd Utilities try to randomly access remote IPs

Page 1 of 2 12 LastLast

  1. nIGHTmAYOR
    Posts : 1,318
    Windows 10
       New #1

    Many Microsoft / Odd Utilities try to randomly access remote IPs


    I have recently been instructed to activate custom rule set of Comodo firewall to be able to monitor what apps are trying to access the internet .

    To the irony I realized a huge number of connections are being done via programs that aren't really known to be any related to the internet either try to randomly access the internet or on triggering .

    For instance on bringing up the Windows Settings App (SystemSettings.exe) , it instantly attempts to connect to a remote ip , followed by Runtime Broker (RuntimeBroker.exe) that attempts to access a different remote ip .

    Then TaskHostW.exe does it in accelerated intervals , BackgroundTaskHost does it pretty often , SpeechModelDownload.exe does it pretty often too despite I don't even have Cortana enabled .

    And now for the cuteness of all seems WerMgr.exe and WerFault.exe does it like every 2 minutes that seems like a nag , on revising MS Event viewer I realize this is because of a COM 10016 error Microsoft itself instruct to neglect .

    Apart from Microsoft , despite that I made sure I stripped all bloatware of the NVidia driver , the lovely control panel app enjoys connecting to nvidia every hour for no particular reason . Google Chrome Update task does that too hourly .

    Now while we can relate the non Microsoft apps to be obsessive about making sure you are up to date even though in a too spooky rate now what about Microsoft ? This crazy rate of traffic multiplied by the amount of users are petabytes of useless blahs jamming the internet daily .

    But then apart , why would Microsoft wanna know live data about Windows Settings ? Is personal settings damn it ! You don't even sync it elsewhere !

    P.S Comodo does check if those were signed and official apps so no this isn't spoofy trojans case , or is it

    Cheers
      My Computer
    Quote Quote

  3. Callender
    Posts : 7,657
    22H2 64 Bit Pro
       New #2

    Those are fine to allow to connect. What you are concerned about is when you have installed new software and it wants to connect or when something non microsoft pops up unexpecctedly.

    Suggest: Allow microsoft entries (use remember my answer checkbox)

    In one or two days (one firewall is trained) you won't see more pop ups except for entirely new connections from new programs or new processes.
      My Computer
    Quote Quote

  4. Callender
    Posts : 7,657
    22H2 64 Bit Pro
       New #3

    You could also disable error reporting service as it's not really needed on a home machine.

    Enable or Disable Windows Error Reporting in Windows 10
      My Computer
    Quote Quote

  6. nIGHTmAYOR
    Posts : 1,318
    Windows 10
    Thread Starter
       New #4

    First I'd like to thank you in post because I can't do it in reps since you were last I thanked , I know that the norm is to trust Microsoft , my concern is that they abuse our trust , why so much connections , i am sure no one even peek at the data they collect so why the bother :)
      My Computer
    Quote Quote

  7. Callender
    Posts : 7,657
    22H2 64 Bit Pro
       New #5

    It's really complicated and depends upon your machine setup. It's best to allow Microsoft entries then research them if you want to. Blocking some may have consequences.

    You can review logs:

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-1.jpg

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-2.jpg

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-3.jpg

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-4.jpg

    I suggested custom ruleset because it will show an alert for all new connections where you did not opt to block/ allow with the choice remembered for safe applications.
      My Computer
    Quote Quote

  8. Callender
    Posts : 7,657
    22H2 64 Bit Pro
       New #6

    FYI: If you have concerns I'd suggest running the portable utility linked in this post:

    Foreign address after running netstat -f

    Enable the items highlighted in the red box:

    Many Microsoft / Odd Utilities try to randomly access remote IPs-crowdinspect.jpg

    Anything where there is a red circle shown as an entry needs checking.

      My Computer
    Quote Quote

  9. nIGHTmAYOR
    Posts : 1,318
    Windows 10
    Thread Starter
       New #7

    Actually i am concerned at this for example :
    AppHostRegistrationVerifier.exe is frequently trying to connect to a Twitter IP despite I don't have a twitter account :)
    DeviceCensus.exe is trying to connect to some Microsoft branch in Ireland .
    And now that I followed your link to disable error reporting and used the registry fix brinks provide to stop error reporting to microsoft the frequency of how wermgr.exe triggers became 30 seconds instead of two minutes trying to contact a Microsoft Azure site .
    The frequency of all these attempt is enormous . the log is filling that i'm starting to believe i should reset the log file every now and then before i fill my hard drive . what's with Microsoft and all the enormous amount of data it keeps sending .
      My Computer
    Quote Quote

  10. RK1997
    Posts : 469
    Windows 10 Pro 20H2 x64
       New #8

    nIGHTmAYOR said:
    Actually i am concerned at this for example :
    AppHostRegistrationVerifier.exe is frequently trying to connect to a Twitter IP despite I don't have a twitter account :)
    DeviceCensus.exe is trying to connect to some Microsoft branch in Ireland .
    And now that I followed your link to disable error reporting and used the registry fix brinks provide to stop error reporting to microsoft the frequency of how wermgr.exe triggers became 30 seconds instead of two minutes trying to contact a Microsoft Azure site .
    The frequency of all these attempt is enormous . the log is filling that i'm starting to believe i should reset the log file every now and then before i fill my hard drive . what's with Microsoft and all the enormous amount of data it keeps sending .
    You can view most of the sent data using Diagnostic Data Viewer.

    - - - Updated - - -

    nIGHTmAYOR said:
    Actually i am concerned at this for example :
    AppHostRegistrationVerifier.exe is frequently trying to connect to a Twitter IP despite I don't have a twitter account :)
    DeviceCensus.exe is trying to connect to some Microsoft branch in Ireland .
    And now that I followed your link to disable error reporting and used the registry fix brinks provide to stop error reporting to microsoft the frequency of how wermgr.exe triggers became 30 seconds instead of two minutes trying to contact a Microsoft Azure site .
    The frequency of all these attempt is enormous . the log is filling that i'm starting to believe i should reset the log file every now and then before i fill my hard drive . what's with Microsoft and all the enormous amount of data it keeps sending .
    You can view most of the sent data using Diagnostic Data Viewer.
      My Computers
    Quote Quote

  12. nIGHTmAYOR
    Posts : 1,318
    Windows 10
    Thread Starter
       New #9

    RK1997 said:
    You can view most of the sent data using Diagnostic Data Viewer.

    - - - Updated - - -



    You can view most of the sent data using Diagnostic Data Viewer.
    if you have more to elaborate on the how to please elaborate .
      My Computer
    Quote Quote

  13. RK1997
    Posts : 469
    Windows 10 Pro 20H2 x64
       New #10

    nIGHTmAYOR said:
    if you have more to elaborate on the how to please elaborate .
    Find it in Settings - Privacy.
    Many Microsoft / Odd Utilities try to randomly access remote IPs-screenshot-93-.png
    Turn on "View Diagnostic Data" and open it.
      My Computers
    Quote Quote

 

  Related Discussions
Hello. Need your help. I am having issues with Microsoft Edge (new Chromium version) able to download the *.exe file for Glary Utilities and for that matter Microsoft Defender (I would assume it is originating.) on my Windows 10 Pro x64. Why is...
NAS access for remote users
in Network and Sharing

Good morning all, We are a small design and engineering firm that is beginning to allow more and more remote workers. With that comes the issues of data backup, file sharing, and user based access permissions. In researching options, I believe...
Remote access to Hyper-V VM
in Virtualization

I have a Hyper-V VM created with a Windows OS running in it. Is there a way I can connect to the VM via Remote Desktop from a computer other than the host computer? Thanks! John
I tried to allow remote access to my computer but when I opened the remoe tab on the advnced setup only the upper part shown. see the photo. no radio button to choose is shown. How to solve that?
Remote access denied
in Network and Sharing

Hi, I have 2 machines at home. One runs Windows 10 and the other Windows 7. They both have team viewer on them for when I'm away, such as now. The Windows 10 machine has dropped off the Team Viewer list. I can't even RDP in to in from the...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 16:22.
Find Us




Windows 10 Forums