itman 1,754 Posted October 26, 2015 Share Posted October 26, 2015 (edited) I just started getting an inbound network alert on this at boot time: Time;Event;Source;Target;Protocol;Rule/worm name;Application;User 10/26/2015 2:03:12 PM; Decision on allowing communication delegated to user; Source 137.135.12.16:443; Destination 192.168.1.XX:49158; TCP; Allow communication for svchost.exe/Dhcp;C:\Windows\System32\svchost.exe;NT AUTHORITY\LOCAL SERVICE First, I know of any known instance why DHCP would use port 443. Is this possibly a bug by Eset? IP 137.135.12.16 resolves to either Microsoft or Eset. Also, this appears not to be a stateful connection since I assume I would not have received an inbound alert to a previously sent outbound request. Presently I am blocking this communication. Edited October 26, 2015 by itman Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted October 26, 2015 Administrators Share Posted October 26, 2015 It's edf.eset.com that resolves to 137.135.12.16 and this communication is necessary for product activation. V9 should utilize https for communication so connection to port 443 is expected. Link to comment Share on other sites More sharing options...
itman 1,754 Posted October 26, 2015 Author Share Posted October 26, 2015 It's edf.eset.com that resolves to 137.135.12.16 and this communication is necessary for product activation. V9 should utilize https for communication so connection to port 443 is expected. Ok, thanks. However, the firewall alert should not be showing DHCP, i.e. ports 67 and 68 for IPv4, for the service used. Link to comment Share on other sites More sharing options...
Recommended Posts