i recently got this alert from D+ stating firefox was trying to access the DNS/RPC, as well as an alert stating windows media player modifying a microsoft file. as i dont use windows media player i blocked it, and it has me concerned with the firefox request.
another request from firefox was to change something with comodo, and now something from Windows SQM Consolidator has come up.
are all these products safe and im just being paranoid, or is this something i need to look into more?
For applications to be able to resolve host names to ip addresses they, by default, request the services of the DNS Client service, which is controlled by svchost.exe. The alert you received is just a notification that firefox needs to make use of this service, which is normal.
Windows Media Player, even when not in use, can still interact with the OS. Unfortunately, without the detail, it’s difficult to guess exactly what it was doing on this occasion.
Windows SQM Consolidator is part of the ‘Microsoft Customer Experience Program’ this typically runs as a scheduled task. It typically collects various metrics and sends them to Microsoft, but only when the customer has chosen to opt-in. The task can be disabled. I believe it’s also associated with Live messenger for the same purpose.
i see. that all makes sense, thank you for the information.
i did a hijackthis scan, and it found something called keyiso.dll under windows\system32\lsass.exe and says the file is missing. am i still being paranoid or is that of a concern?
thanks once again
Lsass.exe (local authority security subsystem) is an integral part of the operating system that handles a variety of security related tasks. keyiso.dll is related to cryptographic services and loaded by lsass. It should not be missing. Take a look in Windows\system32 for the file.
ah ok, im just being paranoid then lol. thanks for the help