I know I have not ever posted much at all but I have been a long time reader of MDL. Anyhow, I install a Asus Rog program the other day and was playing around with it this morning and discovered that Windows 8 has a permanant connect to this IP address through TCP and it also starts and stops a UDP connection to the same IP address. The IP address is 157.56.149.62 with a port of 443 This one is through Explorer.exe with a TCP connection IP:157.56.98.62 Neighborhood Host:bn1wns1011320.wns.windows.com Country:United States # The following results may also be obtained via: # h**p://whois.arin.net/rest/nets;q=157.56.98.62?showDetails=true&showARIN=false&ext=netref2 # NetRange: 157.54.0.0 - 157.60.255.255 CIDR: 157.60.0.0/16, 157.54.0.0/15, 157.56.0.0/14 OriginAS: AS8075 NetName: MSFT-GFS NetHandle: NET-157-54-0-0-1 Parent: NET-157-0-0-0-0 NetType: Direct Assignment Comment: Abuse complaints will only be responded to if sent to abuse @microsoft.com[ and abuse @msn.com. RegDate: 1994-04-28 Updated: 2010-08-19 Ref: h**p://whois.arin.net/rest/net/NET-157-54-0-0-1 OrgName: Mi*rosoft Corp OrgId: MSFT Address: One Mi*rosoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US RegDate: 1998-07-10 Updated: 2011-04-26 Ref: h**p://whois.arin.net/rest/org/MSFT The Whois Whois record : MarkMonitor is the Global Leader in Online Brand Protection. Domain Management MarkMonitor Brand Protection⢠MarkMonitor AntiPiracy⢠MarkMonitor AntiFraud⢠Professional and Managed Services Visit MarkMonitor at w*w.markmonitor.com The UDP starts and stops and is 157.56.149.60 with a port 3544 All the IP info and Whois is the same for the UDP connection. This got me a little concerned that windows 8 is doing this. Anyone able to shed some light on this? Thoughts?
Yeah, Windows 8 does that. It will try to connect to MS to validate its activation whenever it can and DAZ is working to establish when exactly it does it and how it does it so, so it can be disabled.
Most likely the connection used to test for internet connectivity and whether to show the little exclamation point icon on the 'Network' icon in the taskbar. Stop being paranoid. explorer.exe most likely doesn't perform activation checks.
actually i think it does perform activation checks.... I have a win 8 which i already used it as a main OS.... everytime i restart my win 8, my activation date always change to current date or the day i start or restart my computer. My win 8 enterprise was phone activated last august.... and it never change but I found out start of october, everyday the activation information changes to current date. Take note... ONLY when I restart and or boot from shutdown and when I am connected to internet..... PROBABLY though... that I set my windows updates settings to download and notify me instead of just installing updates automatically. I change the settings since last week i got this browser choice updates in which I read before that when you install this updates somehow problem uninstalling it....
Actually OP is right. MarkProtection anti piracy software is integrated in windows 8 code, and it sends data to MS. In my case it is sent through https and data is encrypted.
It's more likely SmartScreen. I notice Wsclient.dll (Windows Store Client) also connects on a regular basis, although that might have something to do with Start apps updating.
So it's basically spyware.... Can we block this connection without blocking updates? I have my router blocking ad servers via DNS poisoning, redirecting them to a mini web server (pixelserv) which serves a single transparent pixel. So if it's always the same hostname or set of hostnames, I can just add them to my router's list.
Add this to your host file, i'd imagine it will work unless i'm missing something here. "127.0.0.1 157.56.149.62"