McAfee Firewall......on NoDoze

Dyre Straits · Aug 21, 2003, 07:21 AM

My McAfee Firewall is logging activity on average of every 5 min. Sometimes it's not even 2 minutes between logs. It's been this way for over a week now.

The_Neon_Cowboy · Aug 21, 2003, 12:26 PM

what kind of activty

Dyre Straits · Aug 21, 2003, 04:13 PM

It's consistently blocking incoming/outgoing TCP and UDP traffic.

The Tracing app is showing a lot of this originating in China, Taiwan, and other Oriental locations.

There are hundreds of Warning items in the list.

PangingJr · Aug 21, 2003, 04:23 PM

Quote:

Originally posted by Dyre Straits
It's consistently blocking incoming/outgoing TCP and UDP traffic.

on outgoing.. what port? what application?

Dyre Straits · Aug 21, 2003, 04:42 PM

Quote:

Originally posted by panging
on outgoing.. what port? what application?

"McAfee Firewall blocked an outgoing TCP packet. The remote address associated with the traffic was 216.109.118.70. The remote port was 80 [HTTP]. The local port on your PC was 3711 [ephemeral]. The network adapter for the traffic was "MAC Bridge Miniport".

This is the most recent outgoing block and appears to be associated with Yahoo HOTJOBS.

I'm running AdAware with the most recent build and have it set to remove detected items upon each reboot of my system. But, I do use Yahoo free email and visit the Yahoo.com main page frequently.

Dyre Straits · Aug 21, 2003, 05:03 PM

UPDATE:

I have 2 instances of 'cpd.exe' in my Processes list. One is associated with my SYSTEM and the other with my USER NAME.

Several references refer to this as a virus. However, I know where I got it. I have Comcast Cable Broadband and had to download an app in order to get online support. I'm almost positive that this is the app I had to download for that.

If it IS a virus, it's not being detected as a such by VirusScan after doing a full scan of my entire system.

The only other process I see in my list that I don't recognize...and don't recall seeing before, is "wisptis.exe". That's something associated with TABLET PC apps, I believe. I couldn't find a whole lot of info on it.

EDIT: CPD.EXE is part of the McAfee Programs.

PangingJr · Aug 21, 2003, 06:09 PM

1. locate "wisptis.exe" on your PC, and find out what apps is using it.
2. d/l a trojan scanner program and check your HDDs again.. asap

Quote:

http://www.spambrigade.com/memberreports/blueboy2000/blue77.txt
-----English Translation-----
minutes of the Firewall indicate tried accesses to its computer,
also haven scanning to you mentioned. Thus so-called hackers weak
points, thus, look for Trojaner already implemented on your
computer. This Scans is harmless, if no Trojaner is already
installed. Contactors can you itself with a Firewall and a virus
and a Antitrojanerprogrammen. Portscans rank among the so-called
exempt from punishment preparatory acts. The Logdatein attached
down is evaluated by us, the customers are written down and warned.
The customer data we may not communicate to you (data security).

PangingJr · Aug 21, 2003, 06:18 PM

if you've set McAfee FW to block someting like "Content Blocking" ie. ActiveX, Ad, Script etc..(not sure how's McAfee called it) for your web browser... your FW log will show many of events just like that. just scan for trojan virus if it's nothing (more likely) and you should be okay.

Dyre Straits · Aug 22, 2003, 01:51 AM

If I'm not mistaken, after doing a little more research, wisptis.exe is something Windows Update installs in order to view certain content created by handhelds. At least that's my impression so far.

PangingJr · Aug 22, 2003, 02:13 PM

i guess you' hv installed the MS "Journal Viewer"??
if so, you can remove it in Add/Remove if you're not actually use the program.

PangingJr · Aug 24, 2003, 11:03 AM

check this out http://www.experts-exchange.com/Oper..._20672330.html especially at the last comment.

Mcafee and Symentec used to identify the CPD.EXE as a trojan years ago but now the same .exe is using in a component part of Mcafee?? anyway, you may want to check it again. Good Luck!

Dyre Straits · Aug 24, 2003, 04:12 PM

Quote:

Originally posted by panging
check this out http://www.experts-exchange.com/Oper..._20672330.html especially at the last comment.

Mcafee and Symentec used to identify the CPD.EXE as a trojan years ago but now the same .exe is using in a component part of Mcafee?? anyway, you may want to check it again. Good Luck!

Thanks,

Yes, some of those references I found re: CPD.EXE were a little old. I've run a total system scan and I'm clean as a whistle according to the latest updated VirusScan.

EDIT: Even the FreeScan from McAfee's site detects NO VIRUSES at this time. Strange.

Aug 21, 2003, 12:26 PM	#2
The_Neon_Cowboy HardwareHeaven Extreme Member Join Date: Dec 2002 Location: U.S.A. Posts: 16,009 Rep Power: 92 System Specs	what kind of activty __________________

Aug 21, 2003, 06:18 PM	#8
PangingJr Member Join Date: Mar 2003 Posts: 5,989 Rep Power: 71	if you've set McAfee FW to block someting like "Content Blocking" ie. ActiveX, Ad, Script etc..(not sure how's McAfee called it) for your web browser... your FW log will show many of events just like that. just scan for trojan virus if it's nothing (more likely) and you should be okay.

Aug 22, 2003, 02:13 PM	#10
PangingJr Member Join Date: Mar 2003 Posts: 5,989 Rep Power: 71	i guess you' hv installed the MS "Journal Viewer"?? if so, you can remove it in Add/Remove if you're not actually use the program.

Aug 24, 2003, 11:03 AM	#11
PangingJr Member Join Date: Mar 2003 Posts: 5,989 Rep Power: 71	check this out http://www.experts-exchange.com/Oper..._20672330.html especially at the last comment. Mcafee and Symentec used to identify the CPD.EXE as a trojan years ago but now the same .exe is using in a component part of Mcafee?? anyway, you may want to check it again. Good Luck!