File below connects to a website with bad reputation concerning (a.o.) Malware.
It never (explicitly) asked Firewall permission to do so.
Not during installation, not at a later time.
Current TCP Connections:
C:\Users***\AppData\Local\CCleaner\Bin\CCleaner.exe (3848)
Local 127.0.0.1:2364 ESTABLISHED Remote 127.0.0.1:12080 (www.007guard.com)
Local 127.0.0.1:2368 ESTABLISHED Remote 127.0.0.1:12080 (www.007guard.com)
I tried adding it manually to my list of “block all connections”, TCP & UDP, in- and out, but it is still connecting.
Anyone who knows something about this ?
Am I justly concerned ?
Hi,
When you encounter a False Positive (=FP) or a suspicious file please follow 1 of these 3 ways so it can be resolved as quickly as possible.
Thanks.
I’m only using Comodo Firewall.
My concern being why Comodo Firewall doesn’t block the connection as asked.
I have submitted the CCleaner file online to Comodo.
They may possibly answer to me but usually AV makers don’t reply at all (at least not through mail).
But their answer won’t cover the question why doesn’t Comodo Firewall block the connection.
And I’ve found at least one other file that manages to connect to Internet despite being explicitly banned from all traffic.
I do not know if you really want to filter all tcp conections within local machine , many programs and system services comunicates like that ,
as i see it is localmachine → localmachine connection (127.0.0.1 → 127.0.0.1) and i think it is not filter because firewal doing filterig only internet trafic:
localmachine <-> firewall <-> internet
any local trafic not going to interface , where firewall working
maybe you have www.007guard.com as 127.0.0.1 added in windows/system32/etc/drivers/hosts file by other protection software? many sites are blocked by changing their dns in hosts, and thats why you see connection like that?
Speccy does not connect to any websites either during installation or at a later time. The address you previously referenced (127.0.0.1) is the local loopback address.