|
-
January 27th, 2003, 08:48 PM
#1
Wmp 9 Outgoing .exe File.
Hello,
Yet another WMP9 Question. Since downloading and installing I have used it without any of the glitches others have reported. However each time I start it my Firewall warns me of an outgoing exe file and of course gives me the IP address. I blocked it each time and each time my F/W (Sygate) states that it has blocked this file outbound via TCP and supplies an 8 -10 digit numeric code instead of a filename.
Has anyone any idea what this is ? Is it my 'unique registration number' so that Microsoft can then identify my player and keep tabs on what I watch 'In order to ensure I derive maximum benefit from this fine product.' ???
One way of avoiding this has been to right click / save target as and view from desktop while offline but this is not possible with some streaming media.
Blocking this file has not affected my using WMP9 at all but I'm just curious what this actually is. If its benign then fair enough. But I don't need Mr Gates' help online.
No actual help needed but any input welcome.
KMIEKLE123
-
January 27th, 2003, 09:58 PM
#2
From this page..
http://www.win2000mag.net/Articles/I...rticleID=26620
"Prerelease concern that the press reported was that WMP 9 will track and report to Microsoft all the things that you use your player for, including Internet radio. Yes, WMP 9 does have the capability to do this. But by default, the three features that provide this capability are turned off. WMP 9 won't send your unique player ID to any content provider unless you tell it to do so. WMP 9 won't send any data use information to Microsoft unless you tell it to. WMP 9 won't save file or URL histories (which would indicate what media you've been using) unless you explicitly turn that function on."
It would be a good idea to go through it's options and double check how they're all set.
WMP also has some sort of "send to a friend" feature that can be turned on/off. Maybe worth looking around for that. I'd certainly keep blocking that outgoing whatever it is. You may want to make a permanent rule to block it so you don't have to deal with it each time.
-
January 28th, 2003, 04:04 AM
#3
Thanks for the reply,
Actually I thought I had disabled all of the Phone Home Features on WMP9 player. The problem with this exe file is that there is no way to block this particular item as far as I can see ie you can either block WMP full stop or just take each instance as it comes.
Thanks Again,
KMIELKE123
-
January 28th, 2003, 08:58 AM
#4
What address is it being sent to? If it's the same one each time then you should be able to block all data from WMP to just that address. I don't use Sygate but you can do that with any other firewall I have used.
-
January 28th, 2003, 12:35 PM
#5
Thanks for the further feedback Fink,
Actually I have been using Sygate Free PFW since going on DSL last Oct. This free version has limited customisation - obviously intended to get people to upgrade to the full / pro version.
Howver last Friday I purchased a PC Mag here in UK and one of the items on the cover DVD was McAfee F/W Full.
I'll install that and look into blocking particular IP addresses - actually I just looked through the Sygate security logs and it gives these 'destination hosts' :
207.46.131.71
207.46.248.113
In Sygate these numbers are in 'active text' to facilitate a Whois search but they have been inconclusive for me. Perhaps another limitation of the free version - not necessarily evidence that they
are spoofed.
Anyway Thanks For Your Time,
KMIELKE123.
-
January 28th, 2003, 12:58 PM
#6
Those IP's are definately Papa Bill Gates'
1/28/03 11:56:44 IP block 207.46.248.113
Trying 207.46.248.113 at ARIN
Trying 207.46.248 at ARIN
OrgName: Microsoft Corp
OrgID: MSFT
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
found here.. http://www.samspade.org/
You should be able to block those communications with Mcafee.
Good luck.
In the meantime I'm going to try and find out more details about what's being sent...
-
January 28th, 2003, 01:05 PM
#7
For your information you can go into an msdos prompt screen and do a look up on the IP Address
type nslookup <ipaddress> and the response will give you the DNS entry for that IP Address
so for the two examples shown
c:\>nslookup 207.46.131.71
response is
name: codecs.microsoft.com
address: 207.46.131.71
c:\>nslookup 207.46.248.113
response is
name :windowsmedia.com
address: 207.46.248.113
-
January 28th, 2003, 01:20 PM
#8
Here's a newsgroup page that discusses those communications.
http://www.der-keiler.de/Newsgroups/...-10/11381.html
I've seen other places that talk about the same issues.. some border on paranoia. One of those addresses, as mankyway shows, is apparently for codecs although others suggest it's an autoupdate page (maybe that's the same thing?).. either way you may want to let it communicate to see if there are any updates/codecs you can download... the other address is less specific.. you can block that one if you want... I would, at least until I knew what is really is.
-
January 28th, 2003, 03:08 PM
#9
Thanks Again Fink & Mankyway,
Very useful info. Perhaps it is fairly routine benign transfer. I just thought it would be best if I got some background before allowing it or just continued blocking it.
Thanks Again For Your Respective Efforts,
KMIELKE123
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
