Ping.exe Is Back!

See attached screen shot.

As Eric theorized a while back the pings are directed to the MS time server.

Now I really don’t know why WIN 7 is generating this? More so in that you can observe the sucessfull connect to to update the time. More confusing is the subsequent two pings to the same IP address.

Presently I changed my firewall rule for ping.exe to allow echo request to but I am still wondering if that is advisable.

[attachment deleted by admin]

Seems a little coincidental to me. Interestingly, is (Image) and your ntp event is to the Hotmail block. I guess this could be a regional thing…

Order             : 1
IP Address        :
Status            : Succeed
Country           : USA - Washington
Network Name      : HOTMAIL
Owner Name        : MS Hotmail
From IP           :
To IP             :
Allocated         : Yes
Contact Name      : MS Hotmail
Address           : One Microsoft Way, Redmond
Email             : iprrms[at]
Abuse Email       : abuse[at]
Phone             : +1-425-882-8080 
Fax               : 
Whois Source      : ARIN
Host Name         : 
Resolved Name     :

It also seems a strange time for a synchronisation, as the normal schedule is set for 1 am every Sunday Morning.

[attachment deleted by admin]

This ping.exe has nothing to do with WIN 7 time updates.

Earlier this morning time updated fine with no ping.exe associated with it. Later I let the PC sit idle for about an hour and low and behold ping.exe fired off all by itself to I do not use Hotmai, LiveMail or any other MS ■■■■. I say this is MS spying; no surprise there. I am ready to pitch WIN 7 altogether. WIN XP much less intrusive that then WIN 7. >:(

[attachment deleted by admin]

You really need to start doing some protocol analysis, as you have no idea why these Echo Requests are being generated. by the way, you missed the svchost connection to Verisign…

I’d suggest taking a look at setting up a Windows 7 Event Trace, it’s not a difficult process and may provide the information you need to understand these connections. You can also try using dumpcap as well as Process Monitor (PDF}