I have a question, I am using McAfee Internet Security with Windows 7 SP1 Pro 64-Bit.
I did a manual check for Windows Update due to missing the KB2952664. During the manual check and installation of said update. There was an incoming connection from 126.96.36.199. To clarify, I didn't have browser opened or anything. I just started up the machine, ran McAfee updates and Windows Updates.
I did see an Incoming Connection from Microsoft at the same time as the 188.8.131.52 ip address, but a search shows it belongs to photo sites like amazon images, photobucket, tinypic.
Why would there be a connection from 184.108.40.206, if I didn't even start up a browser and this is the first time such behavior showed up. Normally, I may get these entries if I visit the site like yahoo or google. But not when I am just installing updates.
Can anyone offer up some insight?
I show that IP as Level 3 Communications in Colorado. It's only a guess but I would assume something was "dialling home" to complete the update check perhaps?
I don't think there's anything to worry about regarding that. Incoming connections shown in Security History are all blocked anyway.
.Message was edited by: Ex_Brit on 24/05/14 5:33:03 EDT PM
No offense, but I have done a lot of manual check for Windows Update and seeing an ip address 157.xxx.xxx.xxx is normal. But I have never seen an incoming connection from this 220.127.116.11, which shows belong to hosts like amazon-images, photobucket, tinypic.
So I don't think it makes any sense whatsoever for a manual Windows Update check to "call home" to image sites. Which I should add I have never used or visited amazon, photobucket, tinypic, etc on this machine.
The other thing I wanted to ask was does anyone at McAfee know anything about Windows Install Compability Advisor Inventory Tool, where its executable is found in C:\Windows\System32\Compattel\wicainventory.exe?
McAfee asked if I wanted to allow it through the firewall. I blocked it since the name of the program sounds so fishy.
As far as I can tell the Compattel directory was made when I installed the KB2952664 update back in Apr. 24 and it was modified last week during Update Tuesday. Where there was a KB2952664 update installed. So it seems legit, but I haven't been able to find anything about this update and if I can uninstall it and hide the KB2952664 update from showing up.
You should be asking those questions of Microsoft Forums if it's to do with the KB Update. If it happened exactly when an update occurred I would have allowed it. Microsoft also provide free direct support for Windows Update issues.
You can find out more in regards to this " Pushed " Update HERE It would seem to simply be an effort on Microsoft,to get you to upgrade to Windows 8/8.1/and above. It involves installation of numerous Catalog Files and Compatibility Checkers,to ensure proper Upgrade experience.
Even myself, being that I particularly like Windows 7-Service Pack 1, have no intentions of going to Windows 8. As you can see in the article, Microsoft is less than specific in defining this update.
The Common Path: C:\users\user\downloads\wicaininventory.exe
In other words, unless you specifically have intentions of upgrading from Windows 7, I see no need for it. That is ( my personal opinion ). For Microsoft cannot (force) you to upgrade.I might add that I still installed this,as it was listed as "Important"
Also,if you were to "Google" this particular Update, as Ex_Brit stated...there are discussions in the Microsoft Forums. I was unaware at the time of my post,that Ex_Brit replied as well.
As for the "Blocked Internet Connections" one may observe in "Security History" One can become absorbed with unnecessary concern in regards to these. As long as your Computer shows "Green" and you are secure, as Ex_Brit stated. I wouldn,t worry about it.
Message was edited by: catdaddy on 5/25/14 4:40:49 AM EDT
Yes, I looked at some of them and they were about upgrades to Windows 8 and another one mentioned that executable was to check if certain XP programs work on 7.
I haven't found a reliable source as to where the path to the executable should be. Like you mentioned it was in the user's Downloads folder. But when I uninstalled and reinstalled that update, I saw the C:\Windows\System32\Compattel\ get made. So is the wicainventory.exe being found in any directory other than the Downloads folder a fake or something?
Again, I know that the Incoming Connection from 18.104.22.168 was blocked. But try look at it like this. I may get blocked connections from Microsoft ip addresses when I run Windows Update. I may get ip addresses from google or yahoo, when I access their sites. I don't get any type of blocked connections when my machine is just on with no browser started. I may even get blocked ip addresses from McAfee during/after a McAfee update that updated the Suite or Firewall.
This has been the usual behavior and has not changed over the course of 2 years. So seeing an entry such as an incoming connection from 22.214.171.124 blocked when I did a manual Windows Update. Then finding that this IP is mainly related to Amazon images, photobucket, tinypic, etc. This raises some questions and flags.
Since this machine had a fresh install of Windows with only McAfee, Firefox and Chrome installed and nothing else. In addition, I only use the machine occassionally and visit only 5 sites that I use for email and school. To me, it seems unlikely for something to be hiding and "calling" back to 126.96.36.199.
So if anyone has any insight onto why during a Manual Windows Update check, there was an incoming connection from 188.8.131.52 when no browsers were started, I'd appreciate it.Message was edited by: theflyingmonkey on 5/25/14 6:04:29 AM CDT
I hope you have Internet Explorer 11 current and updated as well. For even though you may not choose to use it, McAfee does. As for your occuring concern relevant to blocked incoming connections. You can always choose to use your "Parental Contols" to Block "Malicious sites,and individual Sites-Url,s of your choice.
Aws.Amazon.com is a persistent tracking cookie. I have it blocked personally. Some may get annoyed by the brief McAfee Prompt displaying it has blocked it. But one cannot have it both ways, for your protection is simply doing what you asked it to do.
Just a thought/suggestion if you will.
Granted, should you choose to block it. You will have to go back into your "Parental Controls" and (Allow) it again if you wish to visit Amazon.com.
Wishing you the very best,
Updates from Microsoft, whether automatically downloaded and installed or manually so, don't always behave the same way and should be trusted - as long as you are installing from their servers and not a 3rd party..
Here's the process for that one you just asked about: http://www.processadvisory.com/process/wicainventory-exe
I can't find a connection with Amazon in that IP you originally quoted. But I do know that Microsoft have servers dotted all over the place and I wouldn';t question anything coming from them.
The only time I've refused updates is when they offer such things as Bing Desktop, whcih I don't want and updates for things like my graphics card, which I would rather do myself.
An explanation for any odd behaviour regarding a Microsoft update should be sought from them as, unless someone here has seen exactly the same thing, it's unlikely you'll get a clear answer here.
The forum for Windows Update is here: http://answers.microsoft.com/en-us/windows/forum/windows_update?tab=Threads
Where do you get this information: and I quote:
I have never seen an incoming connection from this 184.108.40.206, which shows belong to hosts like amazon-images, photobucket, tinypic.
As always, thanks Peter. Please note that I was referring to blocking the "Amazon connections", by no means Window Updates. As you, I don,t let the Security History bother me.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: