Firewall Alert

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have recently downloaded Windows Defender after using MSAS Beta.

I have set an update and when I return my firewall, Kerio Personal Firewall
v 2.1.5 has an alert posted as follows:

spynet2.microsoft.com 207.46.236.28 port 443.

Command line utility wants to connect to c:\program files\windows defender\
mpcmdrun.exe.

I have verified that the IP is authentic.

I am concerned about 'allowing' this for 2 reasons

a. I cannot seem to find anything about mpcmdrun.exe in Webopaedia or the
Microsoft Knowledge base.

b. I am concerned about the use of Port 443 which I have blocked for inbound
TCP.

n addition I tried to access spynet2.microsoft.com was advised it is a SSL
connection so tried to access via https://www.spynet2.microsoft.com and got
a DNS error.

My question is it normal for a command prompt line to want to connect to
spynet2.microsoft.com?

If so I will allow and write a rule.

Clearly I want to maximize functionality of the software and if 'permit'
will help accomplish that I am all in favor of it.

However I wonder if someone can answer my concerns about the use of that
specific Port and the actual executable.

Thank you in advance.
 
Hello Dawillie,

About (A)
Please read this post: Re: mpcmdrun.exe.
Subject: Command line options--scheduled scans
2/16/2006 5:42 PM PST
By: Bill Sanderson
In: microsoft.private.security.spyware.announcements

About (B) I don't have any response ;-(

Maybe somebody else can help you with that issue

Еиçеl
--
 
--
david williams


Engel said:
Hello Dawillie,

About (A)
Please read this post: Re: mpcmdrun.exe.
Subject: Command line options--scheduled scans
2/16/2006 5:42 PM PST
By: Bill Sanderson
In: microsoft.private.security.spyware.announcements

About (B) I don't have any response ;-(

Maybe somebody else can help you with that issue

Еиçеl
Click to expand...

First thank you for your prompt resonse.

I went to the link provided and came across over 15 pages of posts.

In a nutshell is mpcmdrun.exe which appears to be a command line executuble
, safe to run?

not worried about issue .

After all it is TCP outbound>>>>.

if the *.exe above is safe, please let me know with thanks,

david
 
This is legitimate. mpcmdrun.exe is one of three executables that form
Windows Defender, and it's functions include scanning and signature updates.
 
Thank you for the information.

was concerned that I was not able to find it at the time of this post.

Have now created a rule for Kerio and will not see the alert anymore.

david williams
 
msmpeng.exe and msascui.exe are the other two--I don't know whether they
ever require Internet access.

--
 
Back
Top