Firewall Alert

G

Guest

I have recently downloaded Windows Defender after using MSAS Beta.

I have set an update and when I return my firewall, Kerio Personal Firewall
v 2.1.5 has an alert posted as follows:

spynet2.microsoft.com 207.46.236.28 port 443.

Command line utility wants to connect to c:\program files\windows defender\
mpcmdrun.exe.

I have verified that the IP is authentic.

I am concerned about 'allowing' this for 2 reasons

a. I cannot seem to find anything about mpcmdrun.exe in Webopaedia or the
Microsoft Knowledge base.

b. I am concerned about the use of Port 443 which I have blocked for inbound
TCP.

n addition I tried to access spynet2.microsoft.com was advised it is a SSL
connection so tried to access via https://www.spynet2.microsoft.com and got
a DNS error.

My question is it normal for a command prompt line to want to connect to
spynet2.microsoft.com?

If so I will allow and write a rule.

Clearly I want to maximize functionality of the software and if 'permit'
will help accomplish that I am all in favor of it.

However I wonder if someone can answer my concerns about the use of that
specific Port and the actual executable.

Thank you in advance.
 
G

Guest

Hello Dawillie,

About (A)
Please read this post: Re: mpcmdrun.exe.
Subject: Command line options--scheduled scans
2/16/2006 5:42 PM PST
By: Bill Sanderson
In: microsoft.private.security.spyware.announcements

About (B) I don't have any response ;-(

Maybe somebody else can help you with that issue

Еиçеl
--
 
G

Guest

--
david williams


Engel said:
Hello Dawillie,

About (A)
Please read this post: Re: mpcmdrun.exe.
Subject: Command line options--scheduled scans
2/16/2006 5:42 PM PST
By: Bill Sanderson
In: microsoft.private.security.spyware.announcements

About (B) I don't have any response ;-(

Maybe somebody else can help you with that issue

Еиçеl
Click to expand...

First thank you for your prompt resonse.

I went to the link provided and came across over 15 pages of posts.

In a nutshell is mpcmdrun.exe which appears to be a command line executuble
, safe to run?

not worried about issue .

After all it is TCP outbound>>>>.

if the *.exe above is safe, please let me know with thanks,

david
 
B

Bill Sanderson

This is legitimate. mpcmdrun.exe is one of three executables that form
Windows Defender, and it's functions include scanning and signature updates.
 
G

Guest

Thank you for the information.

was concerned that I was not able to find it at the time of this post.

Have now created a rule for Kerio and will not see the alert anymore.

david williams
 
B

Bill Sanderson

msmpeng.exe and msascui.exe are the other two--I don't know whether they
ever require Internet access.

--
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Automatic scans don't work on Win2K 8
Personal firewall 11
Windows cannot connect to the internet using HTTP, HTTPs, or FTP 5
Defender alert 13
Internet Connection Issues 4
Why does Microsoft want to call home? 7
Virus/Firewall Problem 9
alert from firewall 1

Top