New
#11
CryptSvc about 5mins ago right before I killed it.
CryptSvc about 5mins ago right before I killed it.
Yes. Here is the PID. Although its not doing anything strange right now. Its a very intermittent problem. The network meter is acting like it should.
As for connection established Im gonna DL EssentialNetTools as you show if its free or if its not free I'll be a while as Ill have to find something else that is.
OK That PID is showing up as SVChost which is what it shows as in Windows TAsk Manager but when I right click that SVC host to services there is multiple listing for the one service # as shown in the previous picture and thats where the Cryptsvc is. But this is what EssentialNetTools Lists for PID 1524
Here's a few links to stuff that you might want to use (free)
Essential Net Tools
Crowdstrike CrowdInspect (near bottom of page)
TCPeye
A little more info:
Okay so using Comodo Killswitch (free) on my own machine shows cyrptsvc PID running under svchost. Checking network shows zero data being transferred. Perhaps you could keep any eye on it next time it goes crazy and use one or more of these tools to see where it's connecting to?
If you see "Established" connection for the PID try getting the ip address and domain name.
OK next time my network meter goes nuts like the previous pictures I'll open up the Essential Tools again (Unless told to drop Essential Tools and get Comodo instead) and repost the PIDS. The issue only happens maybe every second day or so but its not until a few days ago that I seen it as bad as the 1st pic on this page and the last pic of page 1. Its just so random I cant even pinpoint the trigger for it.
CONNECTION ESTABLISHED.. However its not making the meter do anything crazy but there IS a connection there. I killed it as soon as I took the screenshot. IDK if this is of any use since the meter was OK though.
Would you try this to see if it makes any difference?
Control Panel> System> Remote Settings
Configure as above.
Also next time you get the problem lets get a better look at what port it's using.
For now - run an Elevated Command Prompt and click in the top left corner on C:\_ then choose "Properties" > "Options" then enable "Quick Edit Mode"
Next time the problem occurs run Elevated Command Prompt and in the window that opens up type:
netstat -ano
Press Enter. Wait for the list to populate then highlight all the text by left clicking and dragging your mouse over the text. Then when it's highlighted - right click, open your text editor and paste the results. (Ctrl+V)
Post them here thanks.