Setup wants to connect to "ip-address. deploy. akamaitechnologies. com"

motec-data
motec-data Posts: 47 Explorer

Hi,

 

Some setup programms (including Windows Update) wants to connect to #ip-address#. deploy. akamaitechnologies. com.

At the moment I forbide the access.

If I browse to this address (redirected to www.) is is blocked by the browser protection in firefox.

Would it be save to grant access?

 

 

Thanks in advance

 

Comments

  • motec-data
    motec-data Posts: 47 Explorer

    Hi,

     

    I got the warning from the application control every time if a application tries to connect to the internet or the internet tries to connect to my system.

    I grant permanently the access to the internet only to applications i use every day, like firefox or putty.

     

    Thanks for the link. I think then it's save to grant access for these connections.

     

     

    Best regards

     

  • MJ-perComp
    MJ-perComp Posts: 432 Superuser

    What Version are you using?

    Appilcation Control should not be that aggressive. Did you change some settings?

     

  • motec-data
    motec-data Posts: 47 Explorer

    I'm using IIS2011 and changed only the setting "Connection attemps" to "ask always".

     

    With this option selected I can see if a program wants to "call home" if it's not a program which needs internet access to operate.

     

     

    Best regards

     

  • MJ-perComp
    MJ-perComp Posts: 432 Superuser

    That is a bit  "paranoid". You should allow know good software to access the internet automtically. This information is provided by Deepguard.

     

    BTW: IS2012 is out any you may upgrade manually form here or wait until 2011 automaticallly polls the installer.

     

    BR

     

  • Kai
    Kai Posts: 2

    What a nonsense to say this is paranoid. Everyone should decide for themselves what he / she wants to block an how many times and not what DeepGuard "says".
    For beginners, this is very helpful, but "professionals" have real problems with this new way to handle connections in version of 2012. Many friends of mine will change the vendor, once the license has expired- We're not talking about just a few people.
    I still can not understand the logic of F-Secure to remove this feature. I can only guess: saving costs or hopelessly overstretched users.

    With this new type of connection handling, many users will have their fun. For the moment I already recognize eight conflicts with eight different applications of renowned manufacturers. Sounds like fun...

    Regards
    Kai

  • MJ-perComp
    MJ-perComp Posts: 432 Superuser

    Hi,

     

    while I wrote "a bit" and put the p-word in parathesis, this setting is part of a paranoid profile.

     

    F-Secure Internet Security is designed for the average home user who complains about any popup. If a user does not know what his application does or where it would connect to, how can he decide if an access to the internet should be allowed or not? He would call an expert and ask (like Motec did).

     

    This is exactly what FSIS does. Applicatin Control finds an access to the internet and asks the "expert service" (aka "Online Reputation Service", ORSP) what it  thinks and decides to allow or block. I doubt that any single person on his own knowledge, experience and skills is able to answer each of these requests correctly without asking someone else or searching the internet first.

     

    Yes, lots of software is calling home and in general this is for good because the software checks for (security) updates or to activate the software. And these vendors would also not like to get calls about failed updates or activation because the user blocked the access by his security software.

     

    I think you get the picture.

     

    If you are an IT professional you should rather use the professional F-Secure Client Security with Policy Manager or PSB and be able to even configure settings you never had access to with FSIS.

     

    I see this was your first post, so I guess you have not reported any of your conflict finding in the past ISTP or the beta programms. Please do this asap and report the received SRID here. The team will pick it up and check your case!

     

    Kind Regards

  • Kai
    Kai Posts: 2

    Where exactly is the difference from the previous versions, except that I no longer allowed to decide whether the application can connect, this time only, or not?
    They've just taken out a feature that was disabled by default anyway (this time only block/allow). So what is the improvement? I guess rather, it no longer "fits" into the new DeepGuard 4 programming concept.

     

    Because this is a hopeless discussion, let's drop the whole thing! Smiley Wink

    BTW: I reported my "conflicts" always direct.

    And now in your native language so you understand me correctly:


    Ich weiß ganz genau welches die Stärken und Schwächen von F-Secure IS waren und sind. Ich benutze das Programm seit 2003 und war trotz gravierender Schwächen, im Großen und Ganzen, immer zufrieden. Seit 2006 setze ich FSIS auf all meinen 20 privaten Workstations ein.
    Was auch kam, ich stand hinter der Software. Doch diese Funktion zu entfernen ist für mich ein absoluter Schwachsinn und ein NOGO. Jede Suite hat einen "Experten Modus", welcher das möglich macht. Kann auch sein, daß ich das strategische Vorgehen von F-Secure nicht verstehe, sich durch non flexibility von den Anderen abzuheben.
    Sobald meine Lizenz abgelaufen ist, werde ich wechseln, da F-Secure den Kurs wahrscheinlich beibehalten wird - vielleicht zu BitDefender.

    Somit sehe ich auch keinen Grund mehr, irgendwelche Fehler zu melden.
    Es ist wirklich schade, nach so langer Zeit, die Suite zu wechseln!


    Regards
    Kai

  • 2eemeli
    2eemeli Posts: 95 Enthusiast

    Hi,

     

    just one comment about the applicaton control not beeing able to block access to the internet.

     

    Did a quick glance at the advanced settings of application control and there you can modify the application to allow or deny internet connetion.

     

    It is a bit hidden as user needs to go into the advanced settings but it is still possible.

     

     

  • motec-data
    motec-data Posts: 47 Explorer

    @2eemeli: Thanks for checking.

    It's a very good feature to prevent applications to "call home".

  • MJ-perComp
    MJ-perComp Posts: 432 Superuser

    Hi,

     

    what Kai complains about is, that with IS2011 there was a checkmark in the dialogue if the decission taken should be valid forever ("never ask again) or only once. 

    2012 dropped the checkbox and defaulkts to "never ask again".

     

    You were able to decide per session if a certain program may access the internet or not.

     

    I agree, that the setting defaults to "never ask again" (because 99,99% of the users tick the box anyway, but I also agree Kai that it would be better to be able to disable the  default somewhere in the advanced dialogues!

     

    BR

     

     

     

This discussion has been closed.
Feedback on New Design