Jump to content

No Outbound Firewall Alert?

Recommended Posts

WIN 7 x64 SP1, IE 11, Eset Smart Security 8.0.319.0


This is a first. I run the firewall in interactive mode. I also have had no issues with the firewall alerting me of connection activity; until today that is. I also frequently check my WIN 7 security audit logs.


I saw 20+ blocked outbound connections from IE to this IP address using port 81 in my WIN 7 security audit log. The URL for that IP is zlb3.pub.phx1.svc.mozilla.com.


I also use Thunderbird as my e-mail client. I believe I was reading an e-mail from a known personal source around the time of this outbound activity and clicked on a link in the e-mail. I have TBird set to always open my browser for that activity. So it is possible that the connection to mozzilla.com was initiated by TBird although I have never seen any previous connection to that IP address and never for port 81.


The question is why didn't Eset's firewall alert for this activity? I assume Eset's firewall blocked the connection since I only allow outbound connections for ports 80,443, 3128, and 8080 for IE.


Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          11/6/2015 12:24:54 PM
Event ID:      5157
Task Category: Filtering Platform Connection
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      xxxxxx
Description: The Windows Filtering Platform has blocked a connection.

Application Information:  Process ID:  3080
Application Name: \device\harddiskvolume3\program files\internet explorer\iexplore.exe

Network Information:
Direction:  Outbound
Source Address:  192.168.1.XX
Source Port:  50919
Destination Address:
Destination Port:  81
Protocol:  6

Filter Information:
Filter Run-Time ID: 190300
Layer Name:  Connect
Layer Run-Time ID: 48
Event Xml:
<Event xmlns="hxxp://schemas.microsoft.com/win/2004/08/events/event">
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
    <TimeCreated SystemTime="2015-11-06T17:24:54.779356500Z" />
    <Correlation />
    <Execution ProcessID="4" ThreadID="60" />
    <Security />
    <Data Name="ProcessID">3080</Data>
    <Data Name="Application">\device\harddiskvolume3\program files\internet explorer\iexplore.exe</Data>
    <Data Name="Direction">%%14593</Data>
    <Data Name="SourceAddress">192.168.1.XX</Data>
    <Data Name="SourcePort">50919</Data>
    <Data Name="DestAddress"></Data>
    <Data Name="DestPort">81</Data>
    <Data Name="Protocol">6</Data>
    <Data Name="FilterRTID">190300</Data>
    <Data Name="LayerName">%%14611</Data>
    <Data Name="LayerRTID">48</Data>
    <Data Name="RemoteUserID">S-1-0-0</Data>
    <Data Name="RemoteMachineID">S-1-0-0</Data>




Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...