Ver. 9 - Questionable Inbound Traffic At Boot time

[itman 1,659]

I just started getting an inbound network alert on this at boot time:

 

Time;Event;Source;Target;Protocol;Rule/worm name;Application;User 10/26/2015 2:03:12 PM;

Decision on allowing communication delegated to user;

Source 137.135.12.16:443; Destination 192.168.1.XX:49158; TCP;

Allow communication for svchost.exe/Dhcp;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE

 

First, I know of any known instance why DHCP would use port 443. Is this possibly a bug by Eset? IP 137.135.12.16 resolves to either Microsoft or Eset.

 

Also, this appears not to be a stateful connection since I assume I would not have received an inbound alert to a previously sent outbound request. Presently I am blocking this communication.
 

Edited October 26, 2015 by itman

[Marcos 5,070]

It's edf.eset.com that resolves to 137.135.12.16 and this communication is necessary for product activation. V9 should utilize https for communication so connection to port 443 is expected.

[itman 1,659]

It's edf.eset.com that resolves to 137.135.12.16 and this communication is necessary for product activation. V9 should utilize https for communication so connection to port 443 is expected.

Ok, thanks. However, the firewall alert should not be showing DHCP, i.e. ports 67 and 68 for IPv4, for the service used.