Warning to Users: WHOIS results for

I recently un-installed ZA pro for unexplained call homes. These were unrelated to the need to update their product.

I then installed CFW with a lot of help from this forum.

Having developed a blocked ip list of my own from the ZA experience I imported it into CFW network rules. One range entry I had was for Checkpoint Irving State U.

Tonight you can imagine my surprise when the CFW log showed that they are still attempting to send packets from my PC to their site! (:AGY)

Why are they doing this? What program on my PC is doing this?

After the WHOIS check I am now expanding the block range out (see attached whois report)

How do I stop this? Other than running about like trying to plug holes in a ■■■■? by blocks.

Does anybody care about this sort of thing?

PLEASE someone out there put the range in your pc and see if it happens to you as well.!

[attachment deleted by admin]

Which Port was the blocked attempt for?

Sorry log was cleared. Can you temporarily try it your self? Maybe that is inappropriate to ask :-[

This AM, after I expanded the range as in whois, and altered the skip loopbacks to allow TCP and UDP their were no entries, so I’ll uncleck TCP again and reboot.

I’ll report back. :THNK

That’s OK, the destination port might give us a clue as to which type of application it is related to. I can’t really try it myself, since that means installing ZAP, uninstalling ZAP & then getting an unauthorised connection attempt from someone I’ve not heard of before. That might prove tricky to replicate. :slight_smile:

This is a possible :-\explanation. This AM I revisted the ZA removal file list.
One I had missed was vsconfig.xml in C:\windows\Systems32\Drivers\vsconfig.xml.

I deleted it. I have now allowed loopback on UDP and TCP to be logged again so we will see.

To test if the range of ip’s is being contacted users don’t have to install/uninstall ZA. Just block the ip’s and log the connects if any.