1

I have Win7 Ultimate and Eset Internet Security. I recently noticed that Eset blocked a lot of in communications made by svchost.exe . The svchost.exe is original microsoft and not some malware in form of svchost. The Eset approved the reputation. But anyway, It blocked about 6000 communications in an hour. Communication IPs belong to CDNs like google, verizon, fastly, cloudflare and some from small CDNs of my country. Is there something to worry about (malware) or is it some sort of malfunction by Eset? I must say that usually Windows Update and Background intelligent transfer service is disabled in my PC and I Enable them only when I want to update windows.

Some blocked communications:

enter image description here

titansarus
  • 123
  • 7
  • It would appear your computer is plugged directly in to the internet with a public IP address. Is that correct? Why is it not behind a router with a private IP address? Did you put this system in a DMZ or something? – Appleoddity Jun 12 '18 at 04:50
  • @Appleoddity I have router but I think my IP is public. Also, In eset, I think I defined my network as a public network and not home network. Is it because of this? I am not pro at thing related to networking so I am not sure what I should do. – titansarus Jun 12 '18 at 05:29
  • What is the status of `ipconfig`? Does it show a private IP address (192.168.x.x or 10.x.x.x) or something else? The choice you make for ESET depends on where and how you are connected to the internet. If it’s a private IP address on a home network then home is what you should choose. If it’s a public IP address or you’re on a public shared network you should choose public. – Appleoddity Jun 12 '18 at 05:34
  • @Appleoddity , By what you said, I think it is private. Ipconfig shows 192.168.1.2 so It seems it is private. the router is in my home and no one else is connected to it. So, this blocking is caused by public network and I must choose home network, Am I right? – titansarus Jun 12 '18 at 05:50
  • It’s not real clear what the logs are showing. It shows the DHCP client. But the DHCP client makes requests, it doesn’t receive them. So why are “inbound” connections from public IP addresses being blocked to the DHCP client. It’s not adding up, the logs are misleading. It’s not possible for there to be an inbound connection from a public IP if you are on a private network and you haven’t specifically Enabled port forwarding or DMZ settings on your router. So the logs are just useless. – Appleoddity Jun 12 '18 at 05:53

0 Answers0