Suburb-Man
asked on
Why does Explorer.exe seek sa.windows.com(80) on open?
Why is explorer trying to connect to Mirosoft everytime I open it.
Not IE but Windows "%SystemRoot%\explorer.exe ".
Here is my NIS log:
Details: This one time, the user has chosen to "block" communications
Outbound TCP connection
Remote address,service is (sa.windows.com(207.46.248 .249),http (80))
Process name is "C:\WINDOWS\Explorer.EXE"
Thanks in advance.
Not IE but Windows "%SystemRoot%\explorer.exe
Here is my NIS log:
Details: This one time, the user has chosen to "block" communications
Outbound TCP connection
Remote address,service is (sa.windows.com(207.46.248
Process name is "C:\WINDOWS\Explorer.EXE"
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
there are various trojans that use legitimate names in your machine. the only legitimate reason that i could think of this trying to connect is if you have autoupdate enabled. if you dont, it could be something like this... http://www.cexx.org/dlder.htm
The Search Assistant connects to sa.windows.com to keep the Search feature up to date, tips, etc on the WindowsXP machine. You can stop it from connecting by reverting to the Classic Search
This is done to check for updates to its features, tips, wording and etc. Not allowing access can cause its own set of problems, usually a "A file that is required........." error message.
http://groups.google.com/groups?q=sa.windows.com&hl=en&lr=&ie=UTF-8&selm=OdMBczeKDHA.1960%40TK2MSFTNGP11.phx.gbl&rnum=1
This is done to check for updates to its features, tips, wording and etc. Not allowing access can cause its own set of problems, usually a "A file that is required........." error message.
http://groups.google.com/groups?q=sa.windows.com&hl=en&lr=&ie=UTF-8&selm=OdMBczeKDHA.1960%40TK2MSFTNGP11.phx.gbl&rnum=1
ASKER
Thanks all,
I do have windows (critical) autoupdate enabled and Error/Crash reporting, but I didn't know I had search companion installed/enabled. I'll confirm.
To jman1980, always good to check all posibilities, but since it is going to MS's site the only kind of virus/trojan I can think of is a traffic jammer type; DOS attack or the like. Since it is only once per opening explorer.exe, it is ligitimate.
I am torn at deciding solution: clearly Kenneniah answered my question, but sramesh2k told be about changing the setting. Both are important. What is it and what to do about it. I should open another question ask what to do about it and let sramesh2k reply and then give answer and points. Yes that is what I'll do.
See: "Modifing Search Assistant sa.windows.com explorer.exe"
https://www.experts-exchange.com/questions/20794784/Modifing-Search-Assistant-sa-windows-com-explorer-exe.html
Thanks again.
I do have windows (critical) autoupdate enabled and Error/Crash reporting, but I didn't know I had search companion installed/enabled. I'll confirm.
To jman1980, always good to check all posibilities, but since it is going to MS's site the only kind of virus/trojan I can think of is a traffic jammer type; DOS attack or the like. Since it is only once per opening explorer.exe, it is ligitimate.
I am torn at deciding solution: clearly Kenneniah answered my question, but sramesh2k told be about changing the setting. Both are important. What is it and what to do about it. I should open another question ask what to do about it and let sramesh2k reply and then give answer and points. Yes that is what I'll do.
See: "Modifing Search Assistant sa.windows.com explorer.exe"
https://www.experts-exchange.com/questions/20794784/Modifing-Search-Assistant-sa-windows-com-explorer-exe.html
Thanks again.
You are welcome and thanks for the points! In the future if you feel 2 people have helped you can split points between them instead of posting another question
http://sa.windows.com/privacy/