?
Solved

I am using Win XP Pro with the firewall turned on. I found a strange port listing. What is it?

Posted on 2008-06-12
5
Medium Priority
?
328 Views
Last Modified: 2010-04-11
I ran NETSTAT -a and found kaspersky8.kaspersky-labs.com was listed. I do not have the Kasperspy software installed on this system. Why was this port open? Anyone have any ideas?
The Firewall is turned on in my system and I have Avast AV.
Thanks
0
Comment
Question by:ftitus2
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
ineya earned 750 total points
ID: 21776228
download tcpview from http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
and check which program is connected to this site, you can optionally kill it or close connection from tcpview's context menu
0
 

Author Comment

by:ftitus2
ID: 21776252
Ok, that helped a little. It shows that the origin is ashwebsv.exe which is the Avast is it not? Buy why is Avast calling Kaspersky? Does it use Kaspersky's server maybe?

ashWebSv.exe:3160      TCP      dell5150.kimco.local:1838      kasperskycom8.kaspersky-labs.com:http      CLOSE_WAIT      

It was established for a while.

Also I have this one:
System:4      TCP      dell5150.kimco.local:netbios-ssn      dell5150:0      LISTENING      

What is system 4??

Thanks
0
 
LVL 35

Assisted Solution

by:torimar
torimar earned 750 total points
ID: 21777342
"System 4" seems to be the term TCPView uses for the Windows file and printer sharing services.
Check this: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_22866188.html
(Note that the chosen solution is the *wrong* one!)

As to the ashWebSv connection, that is quite strange indeed, all the more since there is no record on the internet that "kasperskycom8" ever existed as a subdomain of kasperky-labs.com. It sure doesn't exist now.
It may be strange, but I'm pretty sure it is nothing to worry about in terms of malware or security. Best would be to contact the Avast team on this matter, I guess.
0
 
LVL 3

Expert Comment

by:ineya
ID: 21779279
Did you browse to kaspersky website? Or maybe it was some advertisment on different page.
If you are still curious, download wireshark and capture all traffic when this connection occurs and then you can really see what's going on :-).

ashWebSv looks like web filtering part of avast, so it checks every traffic made to http ports.
netbios-ssn is samba - a window folder/printer share
0
 

Author Comment

by:ftitus2
ID: 21780638
I had not been to the Kapersky web site prior to the port showing up with Netstat. I did go there after to check it and it did not show up as kaperskycom8 anywhere as torimar said. I am pretty confident that ashwebsv is indeed the Avast server. Anyway, I decided after the reviews to remove Avast and install the 30 day trial of Kapersky since it's reviews are so much higher than Avast. So far so good (but Avast had to be removed and I had to restart a couple times to get it installed; otherwise painless!)
I'll wait a bit before awarding points to see if anyone else has a more definitive answere and if not then I'll share the points with both Ineya and with Torimar since both helped!
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There's never been a better time to become a computer scientist. Employment growth in the field is expected to reach 22% overall by 2020, and if you want to get in on the action, it’s a good idea to think about at least minoring in computer science …
The onset of year 2018 has been a usual business for IT teams still struggling to find their way out in terms of strengthening their cloud security.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question