Answered by:
Unwanted traffice after Dec 2015 windows update

Question
-
If someone could move this to the correct forum... I can't find what would be "appropriate"..
Since the last windows update I did at the start of December, my router logs have been showing a lot of unwanted traffic, especially when I am "afk" doing stuff..
Today I went out, came back an hour later, and I found entries showing:
ocsp2.globalsign.com 108.162.232.202, unknown destination 23.49.133.163, crl4.digicert.com 66.225.197.197 and crl.globalsign.com 108.162.232.205. All tcpip connections, starting at 13:59:58.52, 14:00:09.60, 14:00:47.16 AND 14:01:03.73. All port 80.
What the **** are you doing, Microsoft? What data are you sending, and WHY are you sending it?
(edited.. windows 7 pro)- Edited by FIckleBookDev Monday, December 7, 2015 10:33 PM included the OS
Monday, December 7, 2015 10:18 PM
Answers
-
If you suspect malware you might try them over here.
http://answers.microsoft.com/en-us/protect
otherwise you could also try the Windows 7 Update forum
http://answers.microsoft.com/en-us/windows/forum/windows_7-update?
answers.microsoft is a different platform so we cannot move over there.
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Edited by Dave PatrickMVP Monday, December 7, 2015 10:46 PM
- Proposed as answer by Mike Laughlin Monday, December 7, 2015 11:03 PM
- Marked as answer by FIckleBookDev Tuesday, December 8, 2015 2:42 PM
Monday, December 7, 2015 10:44 PM
All replies
-
If you suspect malware you might try them over here.
http://answers.microsoft.com/en-us/protect
otherwise you could also try the Windows 7 Update forum
http://answers.microsoft.com/en-us/windows/forum/windows_7-update?
answers.microsoft is a different platform so we cannot move over there.
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.- Edited by Dave PatrickMVP Monday, December 7, 2015 10:46 PM
- Proposed as answer by Mike Laughlin Monday, December 7, 2015 11:03 PM
- Marked as answer by FIckleBookDev Tuesday, December 8, 2015 2:42 PM
Monday, December 7, 2015 10:44 PM -
This isn't malware, at least from the hackers style aspect. Nor is it any form of virus.
This is definitely Microsoft generated traffic. There has been no new software installed, other than the MS update. I suspect Microsoft is trying to apply some of the Windows 10 spying... er.. I mean.. data gathering... onto the 7 platform.
Thanks for the 'answers' link, I'll copy this post and paste it over there.
Tuesday, December 8, 2015 12:35 AM -
Sounds good then. BTW those are cert authority servers so this one might also help.
https://msdn.microsoft.com/en-us/library/ms788967%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.Tuesday, December 8, 2015 4:03 AM -
Yes, understood.. the one "unknown" belongs to Canada Calgary Akamai Technologies Inc. Microsoft will use various Akamai servers depending on your location. My router log shows when the traffic includes a domain name and when it's "just an IP".
The issue still remains though, as to why. Since none of this traffic was there before Windows Update...
I did post this at http://answers.microsoft.com/en-us/windows/forum/windows_7-update/unwanted-traffic-after-dec-2015-windows-update/a254af66-d29e-4ade-9d18-63fab2969d2c
Tuesday, December 8, 2015 2:34 PM -
Tuesday, December 8, 2015 2:36 PM