Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Identifying Call Home Programs

27 Mar 2015   #1
dw85745

Win 7 Pro x32
 
 
Identifying Call Home Programs

I see my modem "Send" lights being activated when I am not sending or using an Internet related program.
(e.g. Firefox or IE).

I have used-- AutoRun, Regedit, and Services to identify -- what I hope -- is most if Not all of the Call Home programs.

However, I would like to take this further and continually monitor my system to see what,if anything, is calling out over a period of time (e.g. month).

Anyone know of a program that is simple to use (WireShark has a major learning curve IMO) where I can let it run in the background, identify any program (not just a PID or port) making a call ,
and then log that information for later perusal?

Thanks
David


My System SpecsSystem Spec
.
28 Mar 2015   #2
doctore

Windows 7 Pro
 
 

There are ton of those.

Essential Net Tools is rather easy to use.
My System SpecsSystem Spec
28 Mar 2015   #3
Tookeri

Windows 7 Pro 32
 
 

A firewall log would be my best advice. I tried that once with enabling full logging for Windows Firewall but it didn't log what program made the connection. Then I discovered Windows Firewall Control which provides a new and better interface for the Windows Firewall including notifications and logs. Its main purpose is to switch the default Windows Firewall allow all outbound connections to block, and then help you with notifications/logs to decide what programs allow for creating outbound connections. Notifications are available after a small "donation". Many people think WFC is a firewall but it's not. It uses Windows Firewall but adds a better interface for it.

If you want an instant view over your current connections I think a very easy program to use is TCPView from Microsoft. It can show the remote address instead of an IP, and if you hide unconnected endpoints(toggled with Ctrl+U) only true connections will be shown.

Windows itself, your anti-virus and other programs and services checking for updates and valid subscriptions/licenses etc will create new connections in the background, even when you're not using any Internet applications like a browser.
My System SpecsSystem Spec
.

28 Mar 2015   #4
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there

Simple -- just BLOCK windows Firewall so that ALL outbound connections are disabled -- then you can enable each piece of software you want to allow to have NET access individually. A popup will often appear -- allow this program through firewall.

then YOU can decide.

Cheers
jimbo
My System SpecsSystem Spec
28 Mar 2015   #5
Tookeri

Windows 7 Pro 32
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Simple -- just BLOCK windows Firewall so that ALL outbound connections are disabled -- then you can enable each piece of software you want to allow to have NET access individually. A popup will often appear -- allow this program through firewall.
Windows Firewall doesn't give notifications for outbound connections. Why else would several popular 3rd-party apps offer that functionality...
The setting "Display a notification when Windows Firewall blocks a program" is from XP when Windows Firewall only handled inbound connections.

And to block all outbound and create all rules manually without the help of a program like WFC, can be difficult so I wouldn't recommend that. If you block ALL rules you block the OS too.
My System SpecsSystem Spec
29 Mar 2015   #6
dw85745

Win 7 Pro x32
 
 

Thanks for the input all.

doctore re:
Quote:
Essential Net Tools
Look like someone has just written a wrapper around several of the common internet tools like netstat.
Unless I'm missing something do not believe it will solve my problem

Tookeri:
Quote:
Windows Firewall Control
Based on the web site looks promising. Sent off an email to them so will see what kind of response I get to my quesitons.

Jimbo45:
Quote:
Block all outbound traffic
Had initially thought of this but was not sure how to do it in Windows Firewall. Especially set up filters to allow those I've flagged (found calling home) and those I have yet to find. Will do some more checking.

Tookeri: Your post echo my concerns / questions in Jimbo45's post.
My System SpecsSystem Spec
29 Mar 2015   #7
akjudge

Windows 7 Professional
 
 

Not sure if this would help, but the WinPatrol guys have just released a program that I think will do what you want. It is called WinPrivacy:

https://www.winpatrol.com/winprivacy/

Here is an original review while it was in beta development (some of the suggestions are now in the final release):

WinPrivacy review: new program of WinPatrol maker - gHacks Tech News

If this program turns out to be anything like the quality of WinPatrol, I image it will be in most people's arsenal before long. While it is not free, it is cheap and very easy to use. I've been using it since early beta, and like it's capabilities (blocking specific outbound Internet connections, blocking Fingerprinting connects --both Canvas and Non-Canvas types, Flash Cookies, etc.)

Jim
My System SpecsSystem Spec
29 Mar 2015   #8
doctore

Windows 7 Pro
 
 

Well, you referenced Wireshark and it being too complicated, so I gave you some simpler tools that would do similar job.

If you just want to find out which programs are establishing connections at any time, the firewall should work. I don't use Windows Firewall, but Kaspersky let's me choose all/any programs to ask when trying to establish a connection - you can set it like that and either log them yourself or sift through the archived messages.
My System SpecsSystem Spec
29 Mar 2015   #9
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
What's connecting?

The problem with using NetStat or any monitoring tools is that it's useless unless it alerts on new connections or else keeps a log.

Personally I use Threatfire (no longer available unless you know the direct download link) and it informs anytime a program connects with options to allow or kill and remember your choice.

Identifying Call Home Programs-alert.jpg

Problem: If you choose kill - it kills the program. You just want to prevent it from connecting but still allow it to run.

Solution: Let Threatfire alert on new connections and block anything unwanted using your firewall like this example where Easus Partition Master connections are blocked.

Identifying Call Home Programs-comodo-advanced-settings.jpg

Note: Threatfire keeps a log of actions and rules can be added or removed.

Airfox is allowed to connect:

Identifying Call Home Programs-remove.jpg

If you click the information button to the right of any entry you get the details. Connections, file modifications, registry entries created.

Identifying Call Home Programs-log-details.jpg

Note: Comodo CIS has pretty much the same ability to alert on new connections via HIPS but I prefer to disable this and rely on Threatfire instead.

For monitoring active connections I also use a whole bunch of other tools.

If you want to try Threatfire let us know and I'll PM you the download link.


My System SpecsSystem Spec
29 Mar 2015   #10
dw85745

Win 7 Pro x32
 
 

Thanks guys will check out WinPatrol and Threatfire.

doctore:
Quote:
If you just want to find out which programs are establishing connections at any time, the firewall should work.
Been delving into Windows Firewall from "WF.msc".
Going to take some research as to what it all means, how easy to configure, and will do what I want.
As usual with M$, they don't seem to follow the KISS method and make things easy.

Always thought a lot of Kaspersky, never used them, but always have great ratings.
My System SpecsSystem Spec
Reply

 Identifying Call Home Programs




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
wanted to call it D but the system suggested I call it E
I just initialised my 1TB hard Drive (which is still empty) and wanted to call it D but the system suggested I call it E because other programs may wish to use the D that has been allocated to the Optical Drive. So I left it at E. Any particular reason why I can't go back in and change...
Hardware & Devices
One Laptop stuck on "Identifying" network at home, no issues elsewhere
Hi all, I’m having what seems to me a weird networking problem. I’ve spent the last day looking up and trying suggestions online to no avail, so thought I’d describe it here and see if anyone has any other ideas. Here’s what’s happened: 2 days ago, my Gateway laptop running Windows 7 (Home...
Network & Sharing
Logitech Webcam Video Call Freezes Programs...?
I am running a Dell Laptop Inspiron 1525. After I upgraded the RAM and replaced my hard drive, I upgraded to Windows 7 Ultimate Service Pack 1 even though the laptop originally came with Windows XP. I have never experienced software problems with this computer before. The drivers for the...
Software
Identifying 32-bit and 64-bit programs in Windows Explorer?
Most of the programs that I have dl'd, have been placed into Program Files (x86), even if the installer was recommending Program Files. Not really sure why I was doing this. I have now found out that the difference between these two folders is one is for 32-bit and the other for 64-bit programs. ...
General Discussion
Help: Windows XP programs on Home Edition
Hey, Im thinking of buying a laptop, and it will come with Windows 7 Home Edition (32bit) I have read that Windows XP mode is only accessible in Windows 7 Professional+ I'm afraid that some of my programs wont run in windows 7 home edition, should I be? Will windows XP versions run fine in...
Software
Windows 7 Home Premium Crashes with Call of Duty 4 + 6
Well unfortunately my Win7 crashes when playing call of duty modern warfare or modern warfare 2. Sometimes I can play 2 minutes and sometimes I can play 40 minutes, it's different. But one thing stays the same, at some point I always get BSOD. It all worked fine with Windows XP. System specs:...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:56.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App