D
David Sherman
I downloaded all the patches yesterday.
One patch or was it MS Defender wanted to call home:
A file called MPCmdRun.exe wanted to call 207.46.236.88
WHY?
WhoIs Lookup performed by Karen's WhoIs
http://www.karenware.com/
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2004-12-09
RTechHandle: ZM39-ARIN
RTechName: Microsoft
RTechPhone: +1-425-882-8080
RTechEmail: (e-mail address removed)
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: (e-mail address removed)
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: (e-mail address removed)
# ARIN WHOIS database, last updated 2006-02-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Her is the MPCmdRun.log fle:
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows
Defender\MpCmdRun.exe" Scan -ScanType config -Privileges restricted
Start Time: Wed Feb 15 01:32:00 2006
Start: MpScan(MP_ANTISPYWARE, dwOptions=1)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...Search Completed with hr: 0x00000000
Update completed succesfuly . no updates needed (hr:0x00000001)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Wed Feb 15 01:32:29 2006
-------------------------------------------------------------------------------------
One patch or was it MS Defender wanted to call home:
A file called MPCmdRun.exe wanted to call 207.46.236.88
WHY?
WhoIs Lookup performed by Karen's WhoIs
http://www.karenware.com/
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1997-03-31
Updated: 2004-12-09
RTechHandle: ZM39-ARIN
RTechName: Microsoft
RTechPhone: +1-425-882-8080
RTechEmail: (e-mail address removed)
OrgAbuseHandle: HOTMA-ARIN
OrgAbuseName: Hotmail Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)
OrgAbuseHandle: MSNAB-ARIN
OrgAbuseName: MSN ABUSE
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)
OrgAbuseHandle: ABUSE231-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: (e-mail address removed)
OrgNOCHandle: ZM23-ARIN
OrgNOCName: Microsoft Corporation
OrgNOCPhone: +1-425-882-8080
OrgNOCEmail: (e-mail address removed)
OrgTechHandle: MSFTP-ARIN
OrgTechName: MSFT-POC
OrgTechPhone: +1-425-882-8080
OrgTechEmail: (e-mail address removed)
# ARIN WHOIS database, last updated 2006-02-14 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Her is the MPCmdRun.log fle:
-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Windows
Defender\MpCmdRun.exe" Scan -ScanType config -Privileges restricted
Start Time: Wed Feb 15 01:32:00 2006
Start: MpScan(MP_ANTISPYWARE, dwOptions=1)
Start: MpSignatureUpdate()
Update started (Type:Scheduled)
SearchStarted...Search Completed with hr: 0x00000000
Update completed succesfuly . no updates needed (hr:0x00000001)
Finish: MpSignatureUpdate()
MpCmdRun: End Time: Wed Feb 15 01:32:29 2006
-------------------------------------------------------------------------------------