This seems a bit odd. Using netstat -a -b -n I've found the following:
TCP 192.168.1.X:1150 157.56.124.76:443 ESTABLISHED [Explorer.EXE]
It turns out that the ip 157.56.124.76 which resolves to db3wns2011017.wns.windows.com is a static ip from Microsoft.
Moreover, using tcpView from sysinternals I can see that it's a TCP connection over https.
I tried closing the connection and after a second it was back on. Initially a kb of data was sent and nothing after that..
What is this all about and why is it Established?
I have windows 8.1 enterprise. I don't have OneDrive or any other microsoft cloud stuff installed. This is persistent, and is there after booting.
update
After finding out that this is related to Windows Push Notifications, I followed the steps here to disable such notifications, but the connection remains.
No comments:
Post a Comment