Ambonia
asked on
Windows 7 Pro is contacting sites in China, Ukraine, Poland and other Eastern Bloc countries.
We have a few Windows 7 Pro laptops that are configured to auto-start the VMware Horizion client.
The Windows 7 Pro PC firewall is disabled, since the users do not access the OS. They only have the option to connect to the VMware Horizon connection server for their Virtual Desktop, which is accessed over a Verizon VPN.
Recently we have noticed, on our domain firewall, that a few of these systems are attempting to connect to IP's in China, Poland, Ukraine and other Eastern Bloc countries.
Since there is no direct user activity on the Windows 7 Pro laptops and we are connecting to our Horizon View desktops through the VPN we would like to find a way to block all IP address except the local network and one External IP.
Any suggestions?
The Windows 7 Pro PC firewall is disabled, since the users do not access the OS. They only have the option to connect to the VMware Horizon connection server for their Virtual Desktop, which is accessed over a Verizon VPN.
Recently we have noticed, on our domain firewall, that a few of these systems are attempting to connect to IP's in China, Poland, Ukraine and other Eastern Bloc countries.
Since there is no direct user activity on the Windows 7 Pro laptops and we are connecting to our Horizon View desktops through the VPN we would like to find a way to block all IP address except the local network and one External IP.
Any suggestions?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
imo, the only plausisble reason that a system would be trying to contact ex-USSR countries is if it is infected with something. Try Spybot - S&D, and use some of the various online virus scanners.
The fact that a virus scanner and Malwarebytes do not find an infection does not mean that there is no infection. Infection databases are never complete due to the Day Zero problem, among others. There is also infective software now that runs in several pieces, all of which are innocent, until they amalgamate and then the total effect becomes hostile.
The fact that a virus scanner and Malwarebytes do not find an infection does not mean that there is no infection. Infection databases are never complete due to the Day Zero problem, among others. There is also infective software now that runs in several pieces, all of which are innocent, until they amalgamate and then the total effect becomes hostile.
ASKER
The vehicles are currently out of the office. I will run additional utilities and update. Won't be till Thursday or Friday though.
Most virus scans are about 92% effective.
You need to run two or three to be sure.
You need to run two or three to be sure.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The clone of the system resolved the issue. However the suggestions given are correct procedures if cloning is not an option.
ASKER