Jump to content

Windows Host processes connections

Recommended Posts

I'm on Windows 10 64-bit, version 1809 (OS Build 17763.292) the latest update January 22, 2019

I've had Emsisoft installed for some time and I haven't had any issues so far with infection. CPU usage is normal, when I do do anyting it's 1 to 4 %, when I start up a browser it goes to 8-11 %. Nothing out of the ordinary. I've started monitoring my network traffic recently and I noticed that Windows Host processes represented by svchost and their assocciated Windows processes conneting to these IP addresses. I didn't monitor my network before. Maybe these connections always were there. I don't know.

Is this normal behavior for Windows 10 nowadays? I thought Windows host processes like Cryptographic service or Diagnostic Policy service must connect only to Microsoft IP addressess but why Google MSI Verizon and Cloudflare? I don't get it. They don't run very often, just occaionally pop up for a few second once a day, and quicly stop.

Maybe I became a bot or something? I think Emsisoft would pick it up already

External IP                                                                         PID  Google LLC USA                        4276 CryptSvc  MSI Communications UK       4276 CryptSvc  Cloudflare Inc USA                   4276 CryptSvs  Google LLC US                          4276 CryptSvc MSI Communications UK     4276 CryptSvc Google LLC US                         4140  DPS

Link to post
Share on other sites

Thanks a lot Kevin,


I thought if these were russian or chinese IPs, I would start worrying and rush right off the bat like crazy to block port 445 and 139 and maybe 137, 138 as well :))

but these our our guys form NSA and other three-letter "companies" so they probably 'forgot' that it says there in my file " PKIA  somwhere in the Pasific":)

Thanks again Kevin,  and God bless America just in case..:))


p.s. So Microsoft has been using their servers for quite some time I see. It's like dedicated web hosting or something, right outsourcing and whatnot. who knows...

Link to post
Share on other sites

Thread Closed

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...