I tried to find help for this question via search but was unsuccessful.
I am currently running ZAP version 7.0.462.000.
Sometime back I wrote 2 rules to block a couple sites that I figured were adservers.
It was long enough ago that I forget the details of why I did it, but what I blocked was google-analytics.com & adopt.specificclick.net.
** See Edit below **
Recently I started checking log files again
(something I tried not to do because I figured it would drive me nuts!), and guess what?
I'm going nuts again!
I see multiple (as in many, many... 12 an hour approximately) blocked entries wherein both
explorer.exe and winlogon.exe
make unsuccessful outgoing attempts (because I wrote those rules awhile back)
to connect to both
and to adopt.specificclick.net (184.108.40.206:53).
These are Program alerts with Medium ratings.
my questions ...
Is this out of the ordinary?
Can someone please try writing these two rules and seeing if your machines are constantly trying to connect to those two sites?
I sure need to hear from others whether this is acceptable/normail behavior, or if I have some malware
onboard trying to call home.
I just don't understand the need for these two processes to be trying to connect all the time.
My computers are running fine.
security programs (**bleep**!, BOClean, ThreatFire, SpywareBlaster, Spybot, a-squared Anti-Malware) and have run ARK scans
like GMER and RootkitRevealer, F-Secure and others.
I never get any trojans or spyware.
I keep Windows updated religiously.
Thanks for any help!
When creating the rule, do not write the
www-google-analytics.l.google . Instead, write it as google-analytics.com .
The Destination DNS will then show www-google-analytics.l.google in the Log Viewer.
Windows XP Home Edition
Message Edited by Snagglegrain on 04-20-2008 09:06 PM