SOLVED: \AppData\Local\CCleaner\Bin\CCleaner.exe (3848)

File below connects to a website with bad reputation concerning (a.o.) Malware.

It never (explicitly) asked Firewall permission to do so.

Not during installation, not at a later time.

Current TCP Connections:

C:\Users***\AppData\Local\CCleaner\Bin\CCleaner.exe (3848)
Local ESTABLISHED Remote (
Local ESTABLISHED Remote (

I tried adding it manually to my list of “block all connections”, TCP & UDP, in- and out, but it is still connecting.

Anyone who knows something about this ?
Am I justly concerned ?

mod edit: hot URL’s broken. kail

When you encounter a False Positive (=FP) or a suspicious file please follow 1 of these 3 ways so it can be resolved as quickly as possible.

Kind Regards.
Erik M.

I’m only using Comodo Firewall.
My concern being why Comodo Firewall doesn’t block the connection as asked.
I have submitted the CCleaner file online to Comodo.
They may possibly answer to me but usually AV makers don’t reply at all (at least not through mail).
But their answer won’t cover the question why doesn’t Comodo Firewall block the connection.
And I’ve found at least one other file that manages to connect to Internet despite being explicitly banned from all traffic.

I do not know if you really want to filter all tcp conections within local machine , many programs and system services comunicates like that ,
as i see it is localmachine → localmachine connection ( → and i think it is not filter because firewal doing filterig only internet trafic:
localmachine <-> firewall <-> internet
any local trafic not going to interface , where firewall working
maybe you have as added in windows/system32/etc/drivers/hosts file by other protection software? many sites are blocked by changing their dns in hosts, and thats why you see connection like that?

mod edit: hot URL broken. kail

Reply from Piriform Support (makers of CCleaner):

Preston Allen, Sep 18 14:46 (EDT):

Hi William,

Thank you for your email.

Speccy does not connect to any websites either during installation or at a later time. The address you previously referenced ( is the local loopback address.

Please let me know if you have any questions.



I can now consider this SOLVED.