I've gotten the same thing. Computer has been off for days. Is clean but it popped up right away related to the the Windows Services ... like someone else had posted. Trusted Install was waiting for me to approve an update to Office 2007 which is a huge download of over 200MB. Don't know if that means anything. I'm leaving it blocked until I here what Hayton finds out. BTW when I googled the IP address, this thread came up as the number two item related to it and so I joined so I could give this input.
I joined for the same reason: Googled IP address, and wanted to chime in. There were two comments when I signed up yesterday. Looks like this is fairly widespread.
The ip is blocked 4 times on 18 march until now
The last one was at 7:03 Pm
I just got this myself and came here after Googling the IP. I have FF installed. I had just opened Adobe Reader and Excel 2010 Starter when this came up - not sure if either of these had anything to do with it.
Edit: A Network Solutions lookup says it's Allocated to RIPE NCC. So, I did a RIPE lookup as edwardjwlaunt did above, which says this IP belongs to ISG/IP Network Security in Amsterdam, but the address below that says Verizon/Cybertrust. Further research reveals Verizon bought Cybertrust and McAfee is part of a group of antispyware vendors involved with Cybertust. I wonder if McAfee is auto-submitting our scan results to this group?
Message was edited by: samcarter on 3/18/12 2:10:42 PM CDTGot the same msg about 5 hrs ago but stupidly did NOT block it. I ran a full scan 0 virus, etc. I have had no problems since. I'll post if there are any changes.
@all - Status Update
Got a reply from someone at Verizon (he's obviously checking his mail over the weekend).
He confirms that the server with that IP address is indeed just a CRL repository, and so should not (on the face of it) be blocked. Verizon (and/or CyberTrust - Ubizen) are going to investigate, and the first thing to do is find someone in McAfee to talk to. I've given a few contact addresses and sent a PM to someone on the SiteAdvisor team for forwarding to TrustedSource.
Verizon et al are aware of this thread and may be keeping an eye on it for any relevant breaking news.
Thanks for that update!
I was following this thread a while since I got the same problem on two of my laptops. After I suspected my first laptop to have caught a trojan two weeks ago, I did a reinstall of this one and was scared to read this message yesterday. So hopefully I still got rid of whatever I had on my PC.
@all : FYI
One reason to keep this under close scrutiny is that if you allow Netguard to block access to that IP address no checking for revoked certificates held there can be carried out.
From a thread in the Comodo forums :
The entries you've posted above all appear to be standard certificate revocation checks, something Windows does quite often.
See this article on Wikipedia for an overview of Certificate Revocation Lists.
Message was edited by: Hayton on 18/03/12 23:03:38 GMTIn the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates(or more specifically, a list of serial numbers for certificates) that have been revoked, and therefore should not be relied upon
The necessity of consulting a CRL (or other certificate status service) prior to accepting a certificate raises a potential denial-of-service attack against the PKI. If acceptance of a certificate fails in the absence of an available valid CRL, then no operations depending upon certificate acceptance can take place.
Morning All
I am very security aware from a consumer point of view on a basic level and do all I can within limits of knowledge. However thought worth sharing. I got this message for first time this morning dont remember a warning previously for anything else and do regular checks but had trouble with laptop yesterday wouldn't start until rolled back three days. Chrome related? Updates from windows all within last three days. I am on BT Broadband Infinity and not really had any issues at all so when this flagged up alarm bells ringing.
netgauard blocked it BUT what steps do I need to now take? Or just leave well alone? Any advice welcome.
Thanks.
Message was edited by: nickf on 19/03/12 03:23:11 CDTLeave it blocked till Hayton finds out more about it.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: