thebunnyrules Posted January 23, 2017 Share Posted January 23, 2017 I was running a security analysis on a MSI file in a virtual machine that has freshly installed copy of Windows 7 sp1 that's effectively still in 2010 conditions with no updates, no connection to the internet and updates and telemetry disabled at the exe files that are responsible for those activities. I was running the install using firewalls and install watches and before and after digest snapshots to analyse what it's doing. I was only a few seconds into the process when I noticed that MSIexec.exe which had no business try to connect anywhere was going ballistic trying to reach a few IPs. It kep trying to dial them several minutes after the install. At first, I suspected the installer, so I took the IPs and search for them on google. It turns out that one of them was my ISP and the rest were microsoft telemetry IPs. one of them was listed in the OPs list, that's how I found this post/Another was being discussed inin a article called Windows 10 Processor 100% Network 100% and apparently my IP was the one being dialed. https://community.spiceworks.com/topic/1366836-windows-10-processor-100-network-100 I repeat, my 2010 Windows 7 sp1 install that's received no updates, has updates and telemtry disabled starts dialing present day MS telemtry IPs like crazy when I ran an MSI. 'm going to look further into it but it seems to me they've been building the foundation for 10 since the days of 7 with this little demonstration. I'm still sticking with 7, it'll be alot easier to defend and keep their data mining out of it than 10. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.