Logging Suspicious Behaviour

Hello and thanks in advance for any opinions offered.

In this mornings logs I found a “High Alert” for windows explorer attempting to use svchost to connect to 255.255.255.255 boot. The log entry also stated that OLE was involved.

I have two questions:

  1. What does the above mean?

  2. Why, when I restarted my computer, did the log entry - and in fact all of this mornings entries, disappear?

Thanks for your patience in offering suggestions.

(B)

First, CF alert logs do not persist when you reboot shortly after alerts are posted. I have measured more than six minutes delay, but have no idea how long it can be. You need to exit from CF manually before rebooting: Right-click the CF icon in the system tray and select Exit; then click Yes in the window that pops up.

The alert that you saw is probably similar to this one that I used to see: “Application Access Denied (svchost.exe:255.255.255.255:bootp(67)”. “bootp” is a protocol (part of DHCP) and uses Port 67 on the target system. The IP address is the global broadcast address. Svchost.exe is the Generic Host Process for Windows Services; it is trying to establish the IP address of your machine using DHCP. It should be allowed if you can’t connect to the Internet without it; it is almost certainly harmless. I no longer see the alert quoted since updating to CF 2.3.6.81.

Pudelin,

That’s interesting about the logs. Thanks for that information.

I updated to the latest version when it first came out and the alert still pops up - it’s not annoying. It’s just something I was curious about.