I noticed when checking the firewall logs that sometimes I get first a port 80 then a secure port 443 connection on my machine. The WHOIS data for the address (18.104.22.168) refers to Hotmail. So, it looks like something is making a secure connection to a Hotmail server without my permission. Is this something legitimate or should I be concerned? For now I have a rule blocking any connections to the range of 22.214.171.124 to 126.96.36.199. Thank you in advance.
Doing a quick check, IP address 188.8.131.52 resolves to windowsmedia.com, and belongs to Microsoft. Network checking shows 184.108.40.206/18 is a Hotmail address space. The port 443 connection could have been an attempt at a secure login. It depends on what you were doing.
Well, as near as I can tell I wasn’t doing anything that would cause this. I don’t have a Hotmail account, and If I recall correctly Windows Media Player is never running when this happens. The Comodo logs show servicehost attempting this on a regular basis and being blocked. In any event can you recommend a really effective malware scanner I could use to check the system?