cancel
Showing results for 
Search instead for 
Did you mean: 

Internet connection attempt: "MICROS~1.EXE"

Scholar

Internet connection attempt: "MICROS~1.EXE"

Hi.

 

Recently I have started to get a lot of these. Running F-Secure Client Security Premium 13.11. Any ideas?

 

An application wants to conenct to the internet or the local network. The applicaiton is

MICROS~1.EXE

Location: c:\PROGRA~1\WI7DB9~1\MI4CA5~1.0_X\

IP Address: 13.107.5.88

Protocol: TCP (443 HTTPS)

Direction: outbound

 

Capture.PNG

1 ACCEPTED SOLUTION

Accepted Solutions
Moderator

Re: Internet connection attempt: "MICROS~1.EXE"

Best way i think is to search the web for it but i'd like to point out that this is only the first layer of protection. Even if you allow it,  the next layer will prevent it if found malicious.  First Web traffic scanning will kick in. Then Real Time Scanning will detect & remove if you still managed to download it. Lastly if all else fails Deepguard will block it. 

5 REPLIES 5
Superuser

Re: Internet connection attempt: "MICROS~1.EXE"

Hello,

 

The IP address shown in the screenshot (13.107.5.88) belongs to Microsoft's "Azure" technology cloud and is considered a trusted location according to many WHOIS registers.

 

I think it should be harmless, maybe related to something like an attempt to automatically upgrade the Microsoft Onedrive client or similar.

 

Best regards: Tamas Feher, Hungary.

Scholar

Re: Internet connection attempt: "MICROS~1.EXE"

Question here is what is really a “legit Microsoft IP address”? In my eyes: just because whois says “Organization: Microsoft Corporation” does not mean that it can’t be malicious. Say for example that I spin up a server in Azure and load it with malware links. Wouldn’t that give me a “legit Microsoft IP address” also?

Moderator

Re: Internet connection attempt: "MICROS~1.EXE"

The reason it's asking to allow, is because  the message is coming from Application Control module which allows you to control new connection attempts, hence the user can decide to allow it or deny even though it is a signed binary, for more information consult our help page:  

https://help.f-secure.com/product.html#business/policy-manager/13.10/en/concept_6DA4145906204C549B93...

Scholar

Re: Internet connection attempt: "MICROS~1.EXE"

How do I know it is a signed binary? That would really hep alot with the decision making when this pops up

 

Thanks,

 

Moderator

Re: Internet connection attempt: "MICROS~1.EXE"

Best way i think is to search the web for it but i'd like to point out that this is only the first layer of protection. Even if you allow it,  the next layer will prevent it if found malicious.  First Web traffic scanning will kick in. Then Real Time Scanning will detect & remove if you still managed to download it. Lastly if all else fails Deepguard will block it.