Jump to content

ERAAgent.exe TCP-Connections


Recommended Posts

Hello Forum,

my AV-sceptic Colleagues brought up a Problem with ERAAgent i found on some Machines:

ERAAgent opens TCP-Connections up to the OS-Limit so no more connections e.g. for DNS or other services are left.

Example: ERAAgent 7.0.577.0 on Windows Server 2012 R2

Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending
Count Name              ProcessName                 Group
----- ----              -----------                 -----
16374 Bound, 2404       ERAAgent                    {MSFT_NetTCPConnection (InstanceID = "::??65535??::??0"), MSFT_NetTCPConnection (InstanceID = "::??65534??::?...
    8 Listen, 3520      vmms                        {MSFT_NetTCPConnection (InstanceID = "fe80::c5e5:78b5:ee3c:3191%15??6600??::?...), MSFT_NetTCPConnection (Ins...
    6 Established, 3440 dsm_om_connsvc64            {MSFT_NetTCPConnection (InstanceID = "127.0.0.1??49683??127.0.0.1??49682"), MSFT_NetTCPConnection (InstanceID...
    5 Listen, 4         System                      {MSFT_NetTCPConnection (InstanceID = "::??47001??::??0"), MSFT_NetTCPConnection (InstanceID = "::??5985??::??...
    4 Listen, 1732      lsass                       {MSFT_NetTCPConnection (InstanceID = "::??49670??::??0"), MSFT_NetTCPConnection (InstanceID = "::??49667??::?...
    3 Bound, 3440       dsm_om_connsvc64            {MSFT_NetTCPConnection (InstanceID = "::??49683??::??0"), MSFT_NetTCPConnection (InstanceID = "::??49681??::?...
    2 Listen, 1864      svchost                     {MSFT_NetTCPConnection (InstanceID = "::??3389??::??0"), MSFT_NetTCPConnection (InstanceID = "0.0.0.0??3389??...
    2 Listen, 1904      svchost                     {MSFT_NetTCPConnection (InstanceID = "::??135??::??0"), MSFT_NetTCPConnection (InstanceID = "0.0.0.0??135??0....
    2 Listen, 1808      svchost                     {MSFT_NetTCPConnection (InstanceID = "::??49666??::??0"), MSFT_NetTCPConnection (InstanceID = "0.0.0.0??49666...
    2 Listen, 1724      services                    {MSFT_NetTCPConnection (InstanceID = 

Any Ideas what ERAAgent is doing or how i could stop it?

Thanks in Advance!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...