CLOSED Windows Host processes connections

[Scrooge 0]

I'm on Windows 10 64-bit, version 1809 (OS Build 17763.292) the latest update January 22, 2019

I've had Emsisoft installed for some time and I haven't had any issues so far with infection. CPU usage is normal, when I do do anyting it's 1 to 4 %, when I start up a browser it goes to 8-11 %. Nothing out of the ordinary. I've started monitoring my network traffic recently and I noticed that Windows Host processes represented by svchost and their assocciated Windows processes conneting to these IP addresses. I didn't monitor my network before. Maybe these connections always were there. I don't know.

Is this normal behavior for Windows 10 nowadays? I thought Windows host processes like Cryptographic service or Diagnostic Policy service must connect only to Microsoft IP addressess but why Google MSI Verizon and Cloudflare? I don't get it. They don't run very often, just occaionally pop up for a few second once a day, and quicly stop.

Maybe I became a bot or something? I think Emsisoft would pick it up already

External IP                                                                         PID
216.58.209.35:80  Google LLC USA                        4276 CryptSvc
93.184.220.29:80  MSI Communications UK       4276 CryptSvc
104.16.95.121:80  Cloudflare Inc USA                   4276 CryptSvs
172.217.17.67:80  Google LLC US                          4276 CryptSvc
93.184.221.240:80 MSI Communications UK     4276 CryptSvc
216.58.209.131:80 Google LLC US                         4140  DPS

[Kevin Zoll 279]

Scrooge,

All those look to be legit.

[Scrooge 0]

Thanks a lot Kevin,

 

I thought if these were russian or chinese IPs, I would start worrying and rush right off the bat like crazy to block port 445 and 139 and maybe 137, 138 as well :))

but these our our guys form NSA and other three-letter "companies" so they probably 'forgot' that it says there in my file " PKIA  somwhere in the Pasific":)

Thanks again Kevin,  and God bless America just in case..:))

 

p.s. So Microsoft has been using their servers for quite some time I see. It's like dedicated web hosting or something, right outsourcing and whatnot. who knows...

[Kevin Zoll 279]

Virtually all software today has some kind of call home feature.  Meaning automatic update checks and services.  I would get concerned when software is phoning home to an unknown entity.

[Kevin Zoll 279]

Thread Closed

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread