Jump to content

Why does Win 7 Start Pinging Microsoft When BTC is Started?


MrWonderful

Recommended Posts

Posted

I've searched the web and this forum and I cannot find an answer to my question.

I use Peerblock and notice that as soon as I start Bittorrent 7.8 Win 7 immediately tries connecting to Microsoft.

Anyone know what service does this and why?

If you're not aware of this then get peerblock, set it to block all Microsoft IP's, start BTC and look at the log window, or log file. To make sure you get the right time you can set peerblock to block HTTP so you can see when BTC starts, you can tell because BTC tries to connect to an IP owned by BTC.

In trying to track this down I've turned off everything I can think of that would attempt to make connections from netbios to updates, time server, etc... so I know it's not one of these services, plus these services wouldn't likely try connecting multiple times in a row and numerous times when BTC is started then stop trying to connect as soon as BTC is closed.

I can't tell the service because it's in a svchost wrapper when I look in TCPView. There's probably a way to figure out the service but I don't know it.

The following are some of the different Microsoft IP's Win7 tries contacting when I run BTC.

65.55.158.118

94.245.121.251

94.245.121.253

157.56.106.184

I have only looked at my peerblock log file, and not yet done a "find" search but best I can tell is that Win7 only tries connecting to these IP's when BTC is running and not when using another MS site or service. I could be completely wrong and when I finally do a search of the log file if I am wrong I'll post it here.

Thanks.

Posted

Because the blocklists that peerblock uses are overbroad and blocking stuff they shouldn't.

So, you're saying BTC should be calling MS when it starts and runs, and Peerblock shouldn't be blocking the connections to MS while BTC is running?

Strange.

Posted
So, you're saying BTC should be calling MS when it starts and runs, and Peerblock shouldn't be blocking the connections to MS while BTC is running?

I'm saying that peerblock is overparanoid and only really protects you from using your internet connection properly.

Posted

I'm saying that peerblock is overparanoid and only really protects you from using your internet connection properly.

Peerblock works perfectly. Peerblock does not preclude me from using my Internet connection properly. I'm sorry you didn't get it to work for you.

Cool thing about Peerblock is you can block everything then one by one allow only the connections you wish to allow. Then with Peerblock if you get a trojan the likelihood is small that the trojan is able to call home and possibly hijack your rig as part of a bot net before the lame anti-viris companies cactch up. Also if you surf on a site that has a bunch of questionable redirects, peerblock rocks again.

Peerblock also discovered a very unusual feature of Win7; it starts calling MS as soon as a BTC process is started. Do you have any idea why this happens or what services are trying to connect to MS?

The things one can accomplish with using Peerblock, or knowing how to use Peerblock are astounding, so I'll stop listing them.

Since the purpose of my OP has been missed with a diatribe about an application that works as advertised, peerblock, do you not that it is strange that Win7 calls MS once BTC is started?

Apparently Win7 tries to contact MS via more than one service when BTC is running. Has it not yet occurred to you what's implied with this behavior? It is very likely MS has a record of everyone who uses BTC or any torrent client and their records can actually identify the copy of Windoze that is running the torrent client, not just the IP.

I understand if you don't know why Win7 calls MS when BTC starts, I don't know either. I do know it does happen and only happens when using torrent clients, at least on my machine. But since you decided to go on about peerblock and your issues with peerblock and not answer my actual question you have likely ruined any opportunity of this thread enticing someone else, who can use a simple app like peerblock, to test my question and see if they get similar results.

Thanks!

{Note to self: Admin on bittorrent.com does not know how to use peerblock and does not like peerblock.}

Posted
Peerblock does not preclude me from using my Internet connection properly. I'm sorry you didn't get it to work for you.

Well it is right now. It's blocking you from being able to connect to ipv6 peers on torrents.

Peerblock also discovered a very unusual feature of Win7; it starts calling MS as soon as a BTC process is started. Do you have any idea why this happens or what services are trying to connect to MS?

Because ipv6

{Note to self: Admin on bittorrent.com does not know how to use peerblock and does not like peerblock.}

Note to self: user doesn't know me or know anything valid about me.

Posted

I don't use Peerblock, but if there is a program interacting with BTC/MS, it will have a folder in the "Application Data" folder. I can't give you the path right now because I'm in XP Mode, but if the initiation of one program is causing the initiation of another, the folders will be in the AppData "hidden" "system" folder. The folder "Roaming" will also be in the path that leads to the correct Application Data folder(there are several App folders) somewhere.

If you explore that hidden folder, you may be able to narrow down your list of suspects.

PS My guess is that Internet Explorer is the culprit.

Posted

Anyone have any idea WHY Win 7 immediately starts trying to call MS as soon as a torrent client is started specifically the BTClient?

If Win7 was trying to call the IP's I listed in my OP when a torrent client is not running then I wouldn't ask, BUT soon as I start a torrent client then Win7 starts trying to call MS. Regardless the fascination with Peerblock it does have an excellent logging feature so I know the IP's are called when BTC is started and as soon as I stop BTC the calls stop. I have all the customer experience stuff disabled, etc... so it is not that service. Still why would customer experience need to know when I use a torrent client and not some other application, etc...?

And yes before I posted them I searched all of them on Google, and DuckDuck and verified they're owned by MS and I did see that one or two are allegedly for the Customer experience service.

Guess when I have the time I'll go through all the trouble of getting the packets and searching through those to try and find an answer. Stupid effing me for assuming anyone else noticed this behavior.

Well it is right now. It's blocking you from being able to connect to ipv6 peers on torrents.

Because ipv6

Note to self: user doesn't know me or know anything valid about me.

I haven't looked but what are there maybe 0.5% of all possible torrent peers are IPv6? IPv6 isn't even a mature protocol yet and has a myriad of security issues with a lot of clients.

Fine it doesn't work yet with IPv6, if it truly does not, because I have IPv6 turned off from my router to every setting I and anyone else knows of in Win7 and just in case I missed someting in Win7 I set my VPN to block IPv6.

Regardless the fascination with peerblock, which is getting quite amusing, it's like Peerblock put a cockblock on Harry at some party staffed with paid for hookers, like at the Playboy Mansion.

Still, damn funny thing about the Peerblock diatribe is Harry or whomever could just use a IP logger, Firewall logger, or set their router to log all connections and see the same thing.

Even funnier is if anyone using Win7 ventures to look and they see the IP's being called they should keep in mind at least my rig blocks them and theirs allows them and has allowed them every time they've started their torrent client.

It's a simple thing to look for you don't need to download a torrent, just start the client and look at a log.

Down With Peerblock! Long Live Peerblock.

[Note to self: Harry doesn't understand the purpose for "Notes to self".]

Posted

I don't use Peerblock, but if there is a program interacting with BTC/MS, it will have a folder in the "Application Data" folder. I can't give you the path right now because I'm in XP Mode, but if the initiation of one program is causing the initiation of another, the folders will be in the AppData "hidden" "system" folder. The folder "Roaming" will also be in the path that leads to the correct Application Data folder(there are several App folders) somewhere.

If you explore that hidden folder, you may be able to narrow down your list of suspects.

PS My guess is that Internet Explorer is the culprit.

I'll check out your suggestions. Also, I don't use IE unless it's absolutely neccessary.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...