Jump to content

OA++ Win7 Persistent, Brief Connections to OA Servers OK?


Recommended Posts

Is it normal for OA++ oaui.exe to open a port 80 TCP connection to various sub-domains (including www) at online-armor.com for a couple of seconds every 90 seconds or so? (I'm seeing that on my Win7 system, not my XP system running OA Premium.)

Thanks!

Link to post
Share on other sites

The behavior persists even when "Lookup external..." is disabled. I've attached a screenshot from W7/OA++ (rather than a text copy) to show I'm not making this up.

And I was mistaken about the behavior in OAP under XP. I noted a port 80 TCP rule for oaui.exe, probably built during post-install learning. I monitored connectivity similar to W7/OA++.

I deleted the rule and was almost immediately prompted to build a new one...

Created: 10/30/2011 9:31:36 PM

Summary: Firewall: User decision

Description: C:\Program Files\Online Armor\oaui.exe, Outgoing TCP access allowed to: (online-armor.com;www.tallemu.com;www.online-armor.com;crs.online-armor.com;crq.online-armor.com;lus.online-armor.com) MY.WAN.IP.ADR:80

Event type: Firewall: User decision(15)

Event action: Allowed(2)

Here is a copy of the connectivity...

30/10/11 21:55:50 TCP -> 192.168.0.7:1060, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/0) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

30/10/11 21:57:26 TCP -> 192.168.0.7:1061, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/1840)Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

30/10/11 21:57:27 TCP -> 192.168.0.7:1061, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/0) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

30/10/11 21:58:06 TCP -> 192.168.0.7:1062, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/880) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

This activity is continuous and persistent.

I decided to block the port 80 rule and the connectivity to 80.237.x.x went berserk:

31/10/11 10:02:04 [TDI] TCP, Connect, 0.0.0.0:1197 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/4016) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:04 [TDI] TCP, Connect, 0.0.0.0:1198 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/2112) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:04 [TDI] TCP, Connect, 0.0.0.0:1196 -> 80.237.191.14:80, C:\Program Files\Online Armor\oaui.exe(1456/1080) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:05 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:05 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:05 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:05 [TDI] TCP, Connect, 0.0.0.0:1201 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/2712) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:10 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:10 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:10 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:10 [TDI] TCP, Connect, 0.0.0.0:1202 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3032) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:14 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:14 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:14 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:14 [TDI] TCP, Connect, 0.0.0.0:1203 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3432) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:18 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:18 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:18 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:18 [TDI] TCP, Connect, 0.0.0.0:1204 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3072) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:22 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:22 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:23 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:23 [TDI] TCP, Connect, 0.0.0.0:1205 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3196) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:27 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:27 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:27 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:27 [TDI] TCP, Connect, 0.0.0.0:1206 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3212) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:31 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:31 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:31 ICMP <- Echo reply 192.168.0.7 80.237.152.26Passed by ICMP rule

31/10/11 10:02:31 [TDI] TCP, Connect, 0.0.0.0:1207 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3008) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:35 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:35 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:35 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:35 [TDI] TCP, Connect, 0.0.0.0:1208 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/2360) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:40 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:40 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:40 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:40 [TDI] TCP, Connect, 0.0.0.0:1209 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/1480) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:44 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:44 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:44 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:44 [TDI] TCP, Connect, 0.0.0.0:1210 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/2528) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:48 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:48 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:48 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:48 [TDI] TCP, Connect, 0.0.0.0:1211 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3284) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:52 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:52 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:52 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:52 [TDI] TCP, Connect, 0.0.0.0:1212 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3412) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:02:57 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:02:57 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:57 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:02:57 [TDI] TCP, Connect, 0.0.0.0:1213 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3292) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:01 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:03:01 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:03:01 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:03:01 [TDI] TCP, Connect, 0.0.0.0:1214 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3688) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:04 [TDI] TCP, Connect, 0.0.0.0:1215 -> 80.237.191.14:80, C:\Program Files\Online Armor\oaui.exe(1456/3024) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:04 [TDI] TCP, Connect, 0.0.0.0:1216 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3400) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:04 [TDI] TCP, Connect, 0.0.0.0:1217 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3516) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:05 [TDI] ICMP, Connect, 0.0.0.0 -> 80.237.152.26, C:\Program Files\Online Armor\oaui.exe(1456/1524) [TDI] Passed by rule.

31/10/11 10:03:05 ICMP -> Echo request 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:03:05 ICMP <- Echo reply 192.168.0.7 80.237.152.26 Passed by ICMP rule

31/10/11 10:03:05 [TDI] TCP, Connect, 0.0.0.0:1218 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/596) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:54 [TDI] TCP, Connect, 0.0.0.0:1219 -> 80.237.191.14:80, C:\Program Files\Online Armor\oaui.exe(1456/3564) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:54 [TDI] TCP, Connect, 0.0.0.0:1220 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3676) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

31/10/11 10:03:54 [TDI] TCP, Connect, 0.0.0.0:1221 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/3956) [TDI] Blocked by rule: "TCP, --> oaui.exe, [80], -(*)"

Needless to say, I returned the rule to allow and things returned to "normal":

31/10/11 12:12:04 [TDI] TCP, Connect, 0.0.0.0:3452 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/5788) [TDI] Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:04 TCP -> 192.168.0.7:3452, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/5788) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:04 [TDI] TCP, Connect, 0.0.0.0:3451 -> 80.237.191.14:80, C:\Program Files\Online Armor\oaui.exe(1456/5176) [TDI] Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:04 TCP -> 192.168.0.7:3451, 80.237.191.14:80, C:\Program Files\Online Armor\oaui.exe(1456/5176) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:05 TCP -> 192.168.0.7:3452, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/5788) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:05 [TDI] TCP, Connect, 0.0.0.0:3453 -> 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/5188) [TDI] Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:05 TCP -> 192.168.0.7:3453, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/5188) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:05 TCP -> 192.168.0.7:3451, 80.237.191.14:80, C:\Program Files\Online Armor\oaui.exe(1456/5176) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

31/10/11 12:12:06 TCP -> 192.168.0.7:3453, 80.237.152.26:80, C:\Program Files\Online Armor\oaui.exe(1456/5188) Passed by rule: "TCP, --> oaui.exe, [80], +(*)"

I could accept this if I understood why it is necessary. Otherwise, I'd like to turn it off. What say?

Thank you.

Link to post
Share on other sites

Yes and yes. On both systems, XP/OAP and W7/OA++.

I have updates set to one hour on both. I've observed updates are handled by OArau.exe with connections to update.emsisoft.com.

oaui.exe is wanting online-armor.com, www.tallemu.com, www.online-armor.com, crs.online-armor.com, crq.online-armor.com or lus.online-armor.com.

Link to post
Share on other sites

I went back to Options to return Updates to Every Hour and noticed that other thing and thought, "I wonder...?"

I unchecked "Send anonymous information about programs...." and lo and behold the crazy oaui.exe bahvior ceased!

Rechecking it returns the craziness. Re-unchecking it stops it. I'm going to leave it unchecked.

Cheers!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...