Another Microsoft SPYWARE Attack !! Backup Utility tried to send TWO updates to Windows update

J

Jonmith

Is Windows just Spyware or what? Since I've installed my firewall, I've
noticed that many programs are sending usage information to Windows Update.
Today I ran the backup utility and it fired off two communications to
Windows Update, see information below. I suppose this has been happening
all along, but I've only noticed it since blocking outgoing TCP with McAfee
firewall (good program by the way). Anyone know if this is standard
practice by Microsoft? Do they routinely collect usage information via this
kind of embedded spyware?

McAfee Firewall alerted on an attempt by the program "Microsoft Volume
Shadow Copy Service" located in C:\WINDOWS\SYSTEM32\VSSVC.EXE, to
communicate in a way that was disallowed by the program's filtering rules.
The data
direction was outbound. The IP protocol type was TCP/IP. The remote port
was 443 [HTTPS]. The domain name was v4.windowsupdate.microsoft.com. The IP
address was 207.46.134.126. The user's response to the alert was to deny the
communication this time.

AND

McAfee Firewall alerted on an attempt by the program "Ms DTC console program
v03.01.00.4414" located in C:\WINDOWS\SYSTEM32\MSDTC.EXE, to
communicate in a way that was disallowed by the program's filtering rules.
The data
direction was outbound. The IP protocol type was TCP/IP. The remote port
was 443 [HTTPS]. The domain name was v4.windowsupdate.microsoft.com. The IP
address was 207.46.134.126. The user's response to the alert was to deny the
communication this time.

Anyone know about this? Is it happening to any of you?
 
S

Shenan T. Stanley

Jonmith said:
Is Windows just Spyware or what? Since I've installed my firewall,
I've noticed that many programs are sending usage information to
Windows Update. Today I ran the backup utility and it fired off two
communications to Windows Update, see information below. I suppose
this has been happening all along, but I've only noticed it since
blocking outgoing TCP with McAfee firewall (good program by the
way). Anyone know if this is standard practice by Microsoft? Do
they routinely collect usage information via this kind of embedded
spyware?

McAfee Firewall alerted on an attempt by the program "Microsoft Volume
Shadow Copy Service" located in C:\WINDOWS\SYSTEM32\VSSVC.EXE, to
communicate in a way that was disallowed by the program's filtering
rules. The data
direction was outbound. The IP protocol type was TCP/IP. The remote
port was 443 [HTTPS]. The domain name was
v4.windowsupdate.microsoft.com. The IP address was 207.46.134.126.
The user's response to the alert was to deny the communication this
time.

AND

McAfee Firewall alerted on an attempt by the program "Ms DTC console
program v03.01.00.4414" located in C:\WINDOWS\SYSTEM32\MSDTC.EXE, to
communicate in a way that was disallowed by the program's filtering
rules. The data
direction was outbound. The IP protocol type was TCP/IP. The remote
port was 443 [HTTPS]. The domain name was
v4.windowsupdate.microsoft.com. The IP address was 207.46.134.126.
The user's response to the alert was to deny the communication this
time.

Anyone know about this? Is it happening to any of you?
Click to expand...

So you ran something and it checked for updates...
OK....

--
Shenan Stanley
"Just trying to help"
-------------------------
How to use XPs Help and Support
http://tinyurl.com/fltf

How to Use the Microsoft Product Support Newsgroups
http://tinyurl.com/fkja

How to use Google
http://www.google.com/help/basics.html
http://tinyurl.com/fkmc
-------------------------
 
J

Jupiter Jones [MVP]

Unless you turn off Automatic Updates, this is normal.
If you do not want the computer checking automatically for updates,
turn it off.
Right click My Computer, click Properties.
Click Automatic Updates tab.
Check/uncheck as desired.
Be sure you check for updates as they will no longer be installed
automatically.
 
J

Jonathan Woodard [MSFT]

I think everyone's explained this well, I just want to point out our privacy
policy:

http://v4.windowsupdate.microsoft.com/en/about.asp#privacypolicy

--
Thanks,
Jonathan (Microsoft)

This posting is provided "AS IS" with no warranties, and confers no rights.
--

sjbibb said:
Remember the day when you had to check for updates and if
you wanted them downloaded automaticly you had to set it
up for that. I really hate software that come already
set to bump updates and you have to go somewhere to stop
it.
-----Original Message-----
Unless you turn off Automatic Updates, this is normal.
If you do not want the computer checking automatically for updates,
turn it off.
Right click My Computer, click Properties.
Click Automatic Updates tab.
Check/uncheck as desired.
Be sure you check for updates as they will no longer be installed
automatically.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/pro/using/newsgroups/s etup.asp
Please respond to newsgroup only for everyone's benefit.


Jonmith said:
Is Windows just Spyware or what? Since I've installed
Click to expand...
my firewall,
I've
noticed that many programs are sending usage
Click to expand...
information to Windows
Update.
Today I ran the backup utility and it fired off two
Click to expand...
communications
to
Windows Update, see information below. I suppose this
Click to expand...
has been
happening
all along, but I've only noticed it since blocking
Click to expand...
outgoing TCP
with McAfee
firewall (good program by the way). Anyone know if this is standard
practice by Microsoft? Do they routinely collect
Click to expand...
usage information
via this
kind of embedded spyware?

McAfee Firewall alerted on an attempt by the
Click to expand...
program "Microsoft
Volume
Shadow Copy Service" located in C:\WINDOWS\SYSTEM32 \VSSVC.EXE, to
communicate in a way that was disallowed by the
Click to expand...
program's filtering
rules.
The data
direction was outbound. The IP protocol type was
Click to expand...
TCP/IP. The remote
port
was 443 [HTTPS]. The domain name was
Click to expand...
v4.windowsupdate.microsoft.com.
The IP
address was 207.46.134.126. The user's response to the
Click to expand...
alert was to
deny the
communication this time.

AND

McAfee Firewall alerted on an attempt by the
Click to expand...
program "Ms DTC console
program
v03.01.00.4414" located in C:\WINDOWS\SYSTEM32 \MSDTC.EXE, to
communicate in a way that was disallowed by the
Click to expand...
program's filtering
rules.
The data
direction was outbound. The IP protocol type was
Click to expand...
TCP/IP. The remote
port
was 443 [HTTPS]. The domain name was
Click to expand...
v4.windowsupdate.microsoft.com.
The IP
address was 207.46.134.126. The user's response to the
Click to expand...
alert was to
deny the
communication this time.

Anyone know about this? Is it happening to any of you?
Click to expand...


.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Syntax to block TCP/UDP port 135-139 on D-Link NAT? 1
Enabling the firewall inhibits any IP connectivity! 2
Automatic Updates through a firewall 1
PC Tools Firewall experience 1
PC Tools Firewall experience 2
Windows XP SP2 Firewall causing Security Log to fill 1
IE and only IE wont connect 24
Windows Mail Microsoft Communities features problem. 2

Top