Jump to content

unusual network traffic


Recommended Posts

Today I noticed an unusual network traffic for Egui! Any idea what is it?
ocsp.comodoca.com!
https://www.virustotal.com/#/url/e6674907a57c0e7216ade8897deb3726e600af5041a06341ab2a6a2a20774025/detection
https://isc.sans.edu/forums/diary/ocspcomodocacom+blacklisted+by+comodo+itself/13606/

Since 2 months ago all my applications(include windows services/process) resolve some strange IPs! comodoca is one of those domains! I flashed Bios also DBANed harddisk but nothing changed.
I think this is about windows certificates! I can fix the problem by removing some certificates but cant browse web anymore.

 

e10bcbd0-ad83-434e-9d61-b73f4970c67f.png

Eset.PNG

Edited by persian-boy
Link to comment
Share on other sites

Try this.

Open Eset firewall rules and disable the default rule for equi. As far as I am aware of, it is not used for anything. I say this because on multiple occasions, I have enable the rule only to note later that it was somehow mysteriously disabled again. This might be due to my customized IDS settings. However, I can't see how IDS would have any impact on equi traffic.

-EDIT- I forgot to mention that when I did enable the default Eset firewall rule for equi, I received an alert that "an insecure firewall rule" had been created. If so, why does the default rule exist in the first place?

Edited by itman
Link to comment
Share on other sites

Hi,
I tried what you said and disabled the internet connection for Egui.
But the question is why Egui contact a malicious domain? Eset don't you want to do some investigation?isn't important for you?AV processes are all protected and should only contact Eset domains or perhaps I'm wrong -.-
What if smth hijacked the Egui?
What I tried: Flashed bios, changed the windows iso! even installed the N version also wiped the hard disk and rested router! the problem is still there.
These Connections are related to Symantec and Comodo.
 Symantec is malware by nature! same for Comodo.i would not trust anything that is signed by Symantec or Comodo.

Edited by persian-boy
Link to comment
Share on other sites

  • Administrators

Malicious domain? Which one? I see that egui contacted ocsp.comodoca.com to check if the certificate used by a particular server has not been revoked. This could happen if ESET warns you about an untrusted certificate and you check certificate details from the warning window.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...