HX1 Posted November 21, 2014 Share Posted November 21, 2014 218.77.79.55 communication with lsass.exeI was sitting here minding my own business and just got a notification a few minutes ago about outside communication, resolving ( identified to originate ) in China. This communication was not launched ( as by the Inbound description ) on my system... and was caught by my firewall... Port 49155 I believe..Anyone have any idea about this event I actually only received 4 results in search two of which did not pertain to the issue?.. nor has it been posted about but maybe twice online... Link to comment Share on other sites More sharing options...
HX1 Posted November 21, 2014 Author Share Posted November 21, 2014 I just now got another one for Services.exe... Wonder if someone wants to have a little fun.. today... if this may be the cause of these... HMMM.. :think: :evil: ... LOL Link to comment Share on other sites More sharing options...
nanoman Posted November 22, 2014 Share Posted November 22, 2014 you Need First To Provide What's Your OS & if Joined To Domain , Type Of Security Solution You're Using ..........etc ============================================================================================================Service name: NetlogonDisplay name: Netlogon Path to executable:C:\Windows\system32\lsass.exe Description:Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start. ===========================================================================================================This service is not needed in a home computer. Unless you are connecting to a network domain, this service will never be used.Safe setting: Manual or In Your Case Disabled & in Recovery Tab Set To (Take No Actions) On each Failure Count Also It Has 2 Default Firewall Rules inbound & Outbound in this Case Inboud With Local Ports Set To (RPC) you May Disable or Block Also & The Remote Port Belongs to By Default Domain Controller But I'm not Sure ============================================================================================================ Link to comment Share on other sites More sharing options...
yzal Posted November 22, 2014 Share Posted November 22, 2014 same problem here. ip adress 218.77.79.55 trying to comunicate with lsass.exe and services.exe. remote port 41683, local port 49156netlogon was set to disabled long time ago, win 7 with eset smart security, not connected to domain. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.