If it does no harm, I will proceed with the block. I was thinking of blocking the connection and evaluate if there are any issues. look at its PE header, etc.), I have yet to train myself. If you mean I'm going to try doing static or dynamic malware analysis on the program (i.e. I don't have in depth expertise yet in malware analysis and can only see surface level activity such as network activity like this one. I think it is too much work to find the root cause of the communication. I'll also try Tinywall and see how it works. You decide what the setting will be once it detects a new program connecting to the internet (i.e. It doesn't leave you in the dark and let any program connect to the internet without notifying you. The reason why I'm sticking to Evorim firewall is because it has notifications whenever a new program connects to the internet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |