|
Hi, we noticed that pafilesight.exe proces is sending syn packets to mail.poweradmin.com. Why this happens and how can we disable it? Thank you and best regards, Bojan |
|
Hi Bojan -- I'm assuming you mean the FileSightSvc.exe (there is no pafilesight.exe process that we make). We can't think of any reason it should be sending any packets at all to mail.poweradmin.com. In fact, we just scanned the source code and that host name doesn't appear anywhere. Our only guess is one of your email actions is trying to use mail.poweradmin.com to send messages, but I really doubt that would work as you don't have an account on our mail server. This one is a huge mystery to us. |
|
Hi Doug, you're correct, it's the FileSightsvc.exe process. We are monitoring tcp traffic on our host, and we discovered TCP traffic to port 443 (and 80) to IP 216.157.78.172, which resolves your servers... We're using Pa FileSight Console version 5.5.0.147. Regards, Bojan |
|
Hi Bojan -- There is an update check that happens about once a month that goes to our web server. You can disable that if you want in the Settings dialog. Also, when you activate a new license a one-time request is sent to the server. During install of a new version you are prompted to see if you want to check for an upgrade license (to see if Support & Maintenance is active) but that's just during install and you're prompted about it. Since these are going to port 80, can you see what URL is being queried? That would tell us for sure what the request is. Doug |
|
Hi Unfortenatelly, I couldn't find the settings window for disabling monthly update. Can you point me, where can I set up this option? We're using PA File Sight version 5.6.0.163 now. I want to try this option first and report back after a while. And, today we noticed this activity, this time for port 443: NCM TIMESTAMP=21.1.2015 12:16:06 EVENT=CLOSE ORIGIN=neptun PROTOCOL=TCP LOCALIP=10.0.0.33 LOCALPORT=58552 REMOTEIP=216.157.78.172 REMOTEPORT=443 DIRECTION=OUT PID=716 PNAME=FileSightSvc.exe STATE=SYN_SENT OPENTIME=21.1.2015 12:16:00 0100 CLOSETIME=21.1.2015 12:16:05 0100 DURATION=0:00:00:05 NCM TIMESTAMP=21.1.2015 12:16:00 EVENT=OPEN ORIGIN=neptun PROTOCOL=TCP LOCALIP=10.0.0.33 LOCALPORT=58552 REMOTEIP=216.157.78.172 REMOTEPORT=443 DIRECTION=OUT PID=716 PNAME=FileSightSvc.exe STATE=SYN_SENT OPENTIME=21.1.2015 12:16:00 0100 NCM TIMESTAMP=21.1.2015 11:15:59 EVENT=CLOSE ORIGIN=neptun PROTOCOL=TCP LOCALIP=10.0.0.33 LOCALPORT=58360 REMOTEIP=216.157.78.172 REMOTEPORT=443 DIRECTION=OUT PID=716 PNAME=FileSightSvc.exe STATE=SYN_SENT OPENTIME=21.1.2015 11:15:54 0100 CLOSETIME=21.1.2015 11:15:59 0100 DURATION=0:00:00:05 NCM TIMESTAMP=21.1.2015 11:15:54 EVENT=OPEN ORIGIN=neptun PROTOCOL=TCP LOCALIP=10.0.0.33 LOCALPORT=58360 REMOTEIP=216.157.78.172 REMOTEPORT=443 DIRECTION=OUT PID=716 PNAME=FileSightSvc.exe STATE=SYN_SENT OPENTIME=21.1.2015 11:15:54 0100 Regards, Bojan |