I noticed when checking the firewall logs that sometimes I get first a port 80 then a secure port 443 connection on my machine. The WHOIS data for the address (64.4.52.182) refers to Hotmail. So, it looks like something is making a secure connection to a Hotmail server without my permission. Is this something legitimate or should I be concerned? For now I have a rule blocking any connections to the range of 64.4.0.0 to 64.4.255.255. Thank you in advance.
Doing a quick check, IP address 64.4.52.182 resolves to windowsmedia.com, and belongs to Microsoft. Network checking shows 64.4.0.0/18 is a Hotmail address space. The port 443 connection could have been an attempt at a secure login. It depends on what you were doing.
Well, as near as I can tell I wasn’t doing anything that would cause this. I don’t have a Hotmail account, and If I recall correctly Windows Media Player is never running when this happens. The Comodo logs show servicehost attempting this on a regular basis and being blocked. In any event can you recommend a really effective malware scanner I could use to check the system?