Many Microsoft / Odd Utilities try to randomly access remote IPs

Page 1 of 2 12 LastLast

  1. Posts : 1,307
    Windows 10
       #1

    Many Microsoft / Odd Utilities try to randomly access remote IPs


    I have recently been instructed to activate custom rule set of Comodo firewall to be able to monitor what apps are trying to access the internet .

    To the irony I realized a huge number of connections are being done via programs that aren't really known to be any related to the internet either try to randomly access the internet or on triggering .

    For instance on bringing up the Windows Settings App (SystemSettings.exe) , it instantly attempts to connect to a remote ip , followed by Runtime Broker (RuntimeBroker.exe) that attempts to access a different remote ip .

    Then TaskHostW.exe does it in accelerated intervals , BackgroundTaskHost does it pretty often , SpeechModelDownload.exe does it pretty often too despite I don't even have Cortana enabled .

    And now for the cuteness of all seems WerMgr.exe and WerFault.exe does it like every 2 minutes that seems like a nag , on revising MS Event viewer I realize this is because of a COM 10016 error Microsoft itself instruct to neglect .

    Apart from Microsoft , despite that I made sure I stripped all bloatware of the NVidia driver , the lovely control panel app enjoys connecting to nvidia every hour for no particular reason . Google Chrome Update task does that too hourly .

    Now while we can relate the non Microsoft apps to be obsessive about making sure you are up to date even though in a too spooky rate now what about Microsoft ? This crazy rate of traffic multiplied by the amount of users are petabytes of useless blahs jamming the internet daily .

    But then apart , why would Microsoft wanna know live data about Windows Settings ? Is personal settings damn it ! You don't even sync it elsewhere !

    P.S Comodo does check if those were signed and official apps so no this isn't spoofy trojans case , or is it

    Cheers
      My Computer


  2. Posts : 6,684
    22H2 64 Bit Pro
       #2

    Those are fine to allow to connect. What you are concerned about is when you have installed new software and it wants to connect or when something non microsoft pops up unexpecctedly.

    Suggest: Allow microsoft entries (use remember my answer checkbox)

    In one or two days (one firewall is trained) you won't see more pop ups except for entirely new connections from new programs or new processes.
      My Computer


  3. Posts : 6,684
    22H2 64 Bit Pro
       #3

    You could also disable error reporting service as it's not really needed on a home machine.

    Enable or Disable Windows Error Reporting in Windows 10
      My Computer


  4. Posts : 1,307
    Windows 10
    Thread Starter
       #4

    First I'd like to thank you in post because I can't do it in reps since you were last I thanked , I know that the norm is to trust Microsoft , my concern is that they abuse our trust , why so much connections , i am sure no one even peek at the data they collect so why the bother :)
      My Computer


  5. Posts : 6,684
    22H2 64 Bit Pro
       #5

    It's really complicated and depends upon your machine setup. It's best to allow Microsoft entries then research them if you want to. Blocking some may have consequences.

    You can review logs:

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-1.jpg

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-2.jpg

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-3.jpg

    Many Microsoft / Odd Utilities try to randomly access remote IPs-comodo-firewall-logs-4.jpg

    I suggested custom ruleset because it will show an alert for all new connections where you did not opt to block/ allow with the choice remembered for safe applications.
      My Computer


  6. Posts : 6,684
    22H2 64 Bit Pro
       #6

    FYI: If you have concerns I'd suggest running the portable utility linked in this post:

    Foreign address after running netstat -f

    Enable the items highlighted in the red box:

    Many Microsoft / Odd Utilities try to randomly access remote IPs-crowdinspect.jpg

    Anything where there is a red circle shown as an entry needs checking.

      My Computer


  7. Posts : 1,307
    Windows 10
    Thread Starter
       #7

    Actually i am concerned at this for example :
    AppHostRegistrationVerifier.exe is frequently trying to connect to a Twitter IP despite I don't have a twitter account :)
    DeviceCensus.exe is trying to connect to some Microsoft branch in Ireland .
    And now that I followed your link to disable error reporting and used the registry fix brinks provide to stop error reporting to microsoft the frequency of how wermgr.exe triggers became 30 seconds instead of two minutes trying to contact a Microsoft Azure site .
    The frequency of all these attempt is enormous . the log is filling that i'm starting to believe i should reset the log file every now and then before i fill my hard drive . what's with Microsoft and all the enormous amount of data it keeps sending .
      My Computer


  8. Posts : 469
    Windows 10 Pro 20H2 x64
       #8

    nIGHTmAYOR said:
    Actually i am concerned at this for example :
    AppHostRegistrationVerifier.exe is frequently trying to connect to a Twitter IP despite I don't have a twitter account :)
    DeviceCensus.exe is trying to connect to some Microsoft branch in Ireland .
    And now that I followed your link to disable error reporting and used the registry fix brinks provide to stop error reporting to microsoft the frequency of how wermgr.exe triggers became 30 seconds instead of two minutes trying to contact a Microsoft Azure site .
    The frequency of all these attempt is enormous . the log is filling that i'm starting to believe i should reset the log file every now and then before i fill my hard drive . what's with Microsoft and all the enormous amount of data it keeps sending .
    You can view most of the sent data using Diagnostic Data Viewer.

    - - - Updated - - -

    nIGHTmAYOR said:
    Actually i am concerned at this for example :
    AppHostRegistrationVerifier.exe is frequently trying to connect to a Twitter IP despite I don't have a twitter account :)
    DeviceCensus.exe is trying to connect to some Microsoft branch in Ireland .
    And now that I followed your link to disable error reporting and used the registry fix brinks provide to stop error reporting to microsoft the frequency of how wermgr.exe triggers became 30 seconds instead of two minutes trying to contact a Microsoft Azure site .
    The frequency of all these attempt is enormous . the log is filling that i'm starting to believe i should reset the log file every now and then before i fill my hard drive . what's with Microsoft and all the enormous amount of data it keeps sending .
    You can view most of the sent data using Diagnostic Data Viewer.
      My Computers


  9. Posts : 1,307
    Windows 10
    Thread Starter
       #9

    RK1997 said:
    You can view most of the sent data using Diagnostic Data Viewer.

    - - - Updated - - -



    You can view most of the sent data using Diagnostic Data Viewer.
    if you have more to elaborate on the how to please elaborate .
      My Computer


  10. Posts : 469
    Windows 10 Pro 20H2 x64
       #10

    nIGHTmAYOR said:
    if you have more to elaborate on the how to please elaborate .
    Find it in Settings - Privacy.
    Many Microsoft / Odd Utilities try to randomly access remote IPs-screenshot-93-.png
    Turn on "View Diagnostic Data" and open it.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 17:14.
Find Us




Windows 10 Forums