Solved

Why does Explorer.exe seek sa.windows.com(80) on open?

Posted on 2003-11-10
6
1,642 Views
Last Modified: 2008-02-01
Why is explorer trying to connect to Mirosoft everytime I open it.

Not IE but Windows "%SystemRoot%\explorer.exe".

Here is my NIS log:
Details: This one time, the user has chosen to "block" communications
Outbound TCP connection
Remote address,service is (sa.windows.com(207.46.248.249),http(80))
Process name is "C:\WINDOWS\Explorer.EXE"

Thanks in advance.
0
Comment
Question by:Suburb-Man
6 Comments
 
LVL 24

Expert Comment

by:Kenneniah
ID: 9717201
It's a part of the search assistant. It goes online to verify connections and possibly pull updates to the search assistant. I'm not sure if anyone has figured out exactly what the purpose is, but here's what MS says about it:

http://sa.windows.com/privacy/
0
 
LVL 24

Accepted Solution

by:
Kenneniah earned 125 total points
ID: 9717212
Software updates

The Search Companion Web Service is designed to automatically upgrade as product bugs are discovered and fixed and new features become available.  As you use the Search Companion service, it will periodically use your Internet connection to check whether certain supporting files have been updated.  If an update is available, Search Companion will replace the outdated supporting files on your machine with newer versions of those files downloaded from Microsoft servers.  Search Companion supporting files are very small, and downloads will only take a few seconds even on slow Internet connections.  Supporting files do not contain executable code, and can not be used to infect your machine with a software virus.

Search Companion may check for updates even if you are using Search Companion only to find files on your local system.  For example, if you use Search Companion to find only Music files on your machine, Search Companion may check to see if there are any new types of Music files that should be included in your search.  No information about your local system or the content of your search is ever sent to Microsoft during this update check.

0
 
LVL 3

Expert Comment

by:jman1980
ID: 9717215
there are various trojans that use legitimate names in your machine. the only legitimate reason that i could think of this trying to connect is if you have autoupdate enabled. if you dont, it could be something like this... http://www.cexx.org/dlder.htm
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 34

Expert Comment

by:sramesh2k
ID: 9718712
The Search Assistant connects to sa.windows.com to keep the Search feature up to date, tips, etc on the WindowsXP machine.  You can stop it from connecting by reverting to the Classic Search

This is done to check for updates to its features, tips, wording and etc. Not allowing access can cause its own set of problems, usually a "A file that is required........." error message.

http://groups.google.com/groups?q=sa.windows.com&hl=en&lr=&ie=UTF-8&selm=OdMBczeKDHA.1960%40TK2MSFTNGP11.phx.gbl&rnum=1
0
 
LVL 1

Author Comment

by:Suburb-Man
ID: 9725635
Thanks all,

     I do have windows (critical) autoupdate enabled and Error/Crash reporting, but I didn't know I had search companion installed/enabled. I'll confirm.

To jman1980, always good to check all posibilities, but since it is going to MS's site the only kind of virus/trojan I can think of is a traffic jammer type; DOS attack or the like. Since it is only once per opening explorer.exe, it is ligitimate.

I am torn at deciding solution: clearly Kenneniah answered my question, but sramesh2k told be about changing the setting.  Both are important. What is it and what to do about it. I should open another question ask what to do about it and let sramesh2k reply and then give answer and points. Yes that is what I'll do.
See: "Modifing Search Assistant sa.windows.com explorer.exe"
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20794784.html

Thanks again.
0
 
LVL 24

Expert Comment

by:Kenneniah
ID: 9725932
You are welcome and thanks for the points! In the future if you feel 2 people have helped you can split points between them instead of posting another question
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Can you find a fax from a vendor you saved a decade ago in seconds? Have you ever cursed your PC under your breath during an audit because you couldn’t find the requested statement or driver history?  If you answered no to the first question or yes …
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question