ZA Free 9.2.057.0000
"The firewall has blocked Internet access to dns_registration [18.104.22.168] (TCP Port 445) from your computer [TCP Flags: S]"
Show the same outbound destination as did the alert. Source comes from a variety of ports. Outbound destination in the "Destination DNS" column is "dns_registration:MYNETWORKNAME" (net name obscured for this message).
Not in my LAN. Best I can find, it's a Rackspace server, but I'm not 100% certain of that. Little info found about that IP.
Events Causing Alert
1. On boot of one specific other computer on the LAN. I believe it's the one in the LAN that has control of the DHCP addresses for the LAN (but I'm at the limit of my network knowledge on that)
2. On double-click on any PDF document (yesterday, but not today)
3. On File/Print dialog on Outlook email messages (today, not before). Intermittent, not every File/Print dialog.
4. No such behavior on any other computer on the LAN.
Malware Prevention / Scan
1. AVG always running & up-to-date
2. Full scan by AVG: no malware found
3. Full scan by MalwareBytes: no malware found
4: Full scan by GMER: no malware found
Despite the clean scans, this seems to stink of malware attempting to phone home. I really, really hope there's a benign reason and I'm not seeing a well-hidden rootkit.
1. Is there a reasonable benign explanation for this?
2. If it is malware, with ZA blocking these attempts, would anyone hazard if I've been reasonably protected to-date?
Hoping someone has some insight.