Identifying Call Home Programs

Page 1 of 2 12 LastLast

  1. Posts : 199
    Win 7 Pro x32
       #1

    Identifying Call Home Programs


    I see my modem "Send" lights being activated when I am not sending or using an Internet related program.
    (e.g. Firefox or IE).

    I have used-- AutoRun, Regedit, and Services to identify -- what I hope -- is most if Not all of the Call Home programs.

    However, I would like to take this further and continually monitor my system to see what,if anything, is calling out over a period of time (e.g. month).

    Anyone know of a program that is simple to use (WireShark has a major learning curve IMO) where I can let it run in the background, identify any program (not just a PID or port) making a call ,
    and then log that information for later perusal?

    Thanks
    David
      My Computer


  2. Posts : 265
    Windows 7 Pro
       #2

    There are ton of those.

    Essential Net Tools is rather easy to use.
      My Computer


  3. Posts : 1,049
    Windows 7 Pro 32
       #3

    A firewall log would be my best advice. I tried that once with enabling full logging for Windows Firewall but it didn't log what program made the connection. Then I discovered Windows Firewall Control which provides a new and better interface for the Windows Firewall including notifications and logs. Its main purpose is to switch the default Windows Firewall allow all outbound connections to block, and then help you with notifications/logs to decide what programs allow for creating outbound connections. Notifications are available after a small "donation". Many people think WFC is a firewall but it's not. It uses Windows Firewall but adds a better interface for it.

    If you want an instant view over your current connections I think a very easy program to use is TCPView from Microsoft. It can show the remote address instead of an IP, and if you hide unconnected endpoints(toggled with Ctrl+U) only true connections will be shown.

    Windows itself, your anti-virus and other programs and services checking for updates and valid subscriptions/licenses etc will create new connections in the background, even when you're not using any Internet applications like a browser.
      My Computer


  4. Posts : 5,941
    Linux CENTOS 7 / various Windows OS'es and servers
       #4

    Hi there

    Simple -- just BLOCK windows Firewall so that ALL outbound connections are disabled -- then you can enable each piece of software you want to allow to have NET access individually. A popup will often appear -- allow this program through firewall.

    then YOU can decide.

    Cheers
    jimbo
      My Computer


  5. Posts : 1,049
    Windows 7 Pro 32
       #5

    jimbo45 said:
    Simple -- just BLOCK windows Firewall so that ALL outbound connections are disabled -- then you can enable each piece of software you want to allow to have NET access individually. A popup will often appear -- allow this program through firewall.
    Windows Firewall doesn't give notifications for outbound connections. Why else would several popular 3rd-party apps offer that functionality...
    The setting "Display a notification when Windows Firewall blocks a program" is from XP when Windows Firewall only handled inbound connections.

    And to block all outbound and create all rules manually without the help of a program like WFC, can be difficult so I wouldn't recommend that. If you block ALL rules you block the OS too.
      My Computer


  6. Posts : 199
    Win 7 Pro x32
    Thread Starter
       #6

    Thanks for the input all.

    doctore re:
    Essential Net Tools
    Look like someone has just written a wrapper around several of the common internet tools like netstat.
    Unless I'm missing something do not believe it will solve my problem

    Tookeri:
    Windows Firewall Control
    Based on the web site looks promising. Sent off an email to them so will see what kind of response I get to my quesitons.

    Jimbo45:
    Block all outbound traffic
    Had initially thought of this but was not sure how to do it in Windows Firewall. Especially set up filters to allow those I've flagged (found calling home) and those I have yet to find. Will do some more checking.

    Tookeri: Your post echo my concerns / questions in Jimbo45's post.
      My Computer


  7. Posts : 48
    Windows 7 Professional
       #7

    Not sure if this would help, but the WinPatrol guys have just released a program that I think will do what you want. It is called WinPrivacy:

    https://www.winpatrol.com/winprivacy/

    Here is an original review while it was in beta development (some of the suggestions are now in the final release):

    WinPrivacy review: new program of WinPatrol maker - gHacks Tech News

    If this program turns out to be anything like the quality of WinPatrol, I image it will be in most people's arsenal before long. While it is not free, it is cheap and very easy to use. I've been using it since early beta, and like it's capabilities (blocking specific outbound Internet connections, blocking Fingerprinting connects --both Canvas and Non-Canvas types, Flash Cookies, etc.)

    Jim
      My Computer


  8. Posts : 265
    Windows 7 Pro
       #8

    Well, you referenced Wireshark and it being too complicated, so I gave you some simpler tools that would do similar job.

    If you just want to find out which programs are establishing connections at any time, the firewall should work. I don't use Windows Firewall, but Kaspersky let's me choose all/any programs to ask when trying to establish a connection - you can set it like that and either log them yourself or sift through the archived messages.
      My Computer


  9. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #9

    What's connecting?


    The problem with using NetStat or any monitoring tools is that it's useless unless it alerts on new connections or else keeps a log.

    Personally I use Threatfire (no longer available unless you know the direct download link) and it informs anytime a program connects with options to allow or kill and remember your choice.

    Identifying Call Home Programs-alert.jpg

    Problem: If you choose kill - it kills the program. You just want to prevent it from connecting but still allow it to run.

    Solution: Let Threatfire alert on new connections and block anything unwanted using your firewall like this example where Easus Partition Master connections are blocked.

    Identifying Call Home Programs-comodo-advanced-settings.jpg

    Note: Threatfire keeps a log of actions and rules can be added or removed.

    Airfox is allowed to connect:

    Identifying Call Home Programs-remove.jpg

    If you click the information button to the right of any entry you get the details. Connections, file modifications, registry entries created.

    Identifying Call Home Programs-log-details.jpg

    Note: Comodo CIS has pretty much the same ability to alert on new connections via HIPS but I prefer to disable this and rely on Threatfire instead.

    For monitoring active connections I also use a whole bunch of other tools.

    If you want to try Threatfire let us know and I'll PM you the download link.
    Last edited by Callender; 29 Mar 2015 at 13:03. Reason: tidy up and correct spelling
      My Computer


  10. Posts : 199
    Win 7 Pro x32
    Thread Starter
       #10

    Thanks guys will check out WinPatrol and Threatfire.

    doctore:
    If you just want to find out which programs are establishing connections at any time, the firewall should work.
    Been delving into Windows Firewall from "WF.msc".
    Going to take some research as to what it all means, how easy to configure, and will do what I want.
    As usual with M$, they don't seem to follow the KISS method and make things easy.

    Always thought a lot of Kaspersky, never used them, but always have great ratings.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 01:40.
Find Us