cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: netguard blocks risky connectio´n

I've gotten the same thing.  Computer has been off for days.  Is clean but it popped up right away related to the the Windows Services ... like someone else had posted.  Trusted Install was waiting for me to approve an update to Office 2007 which is a huge download of over 200MB.  Don't know if that means anything.  I'm leaving it blocked until I here what Hayton finds out.  BTW when I googled the IP address, this thread came up as the number two item related to it and so I joined so I could give this input. 

Re: netguard blocks risky connectio´n

I joined for the same reason: Googled IP address, and wanted to chime in. There were two comments when I signed up yesterday. Looks like this is fairly widespread.

Re: netguard blocks risky connectio´n

The ip is blocked 4 times on 18 march until now

The last one was at 7:03 Pm

samcarter
Level 7
Report Inappropriate Content
Message 24 of 40

Re: netguard blocks risky connectio´n

I just got this myself and came here after Googling the IP. I have FF installed. I had just opened Adobe Reader and Excel 2010 Starter when this came up - not sure if either of these had anything to do with it.

Edit: A Network Solutions lookup says it's Allocated to RIPE NCC. So, I did a RIPE lookup as edwardjwlaunt did above, which says this IP belongs to ISG/IP Network Security in Amsterdam, but the address below that says Verizon/Cybertrust. Further research reveals Verizon bought Cybertrust and McAfee is part of a group of antispyware vendors involved with Cybertust. I wonder if McAfee is auto-submitting our scan results to this group?

Message was edited by: samcarter on 3/18/12 2:10:42 PM CDT
dlasala
Level 7
Report Inappropriate Content
Message 25 of 40

Re: netguard blocks risky connectio´n

Got the same msg about 5 hrs ago but stupidly did NOT block it. I ran a full scan 0 virus, etc. I have had no problems since. I'll post if there are any changes.

Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 26 of 40

Re: netguard blocks risky connectio´n

@all  -  Status Update

Got a reply from someone at Verizon (he's obviously checking his mail over the weekend).

He confirms that the server with that IP address is indeed just a CRL repository, and so should not (on the face of it) be blocked. Verizon (and/or CyberTrust - Ubizen) are going to investigate, and the first thing to do is find someone in McAfee to talk to. I've given a few contact addresses and sent a PM to someone on the SiteAdvisor team for forwarding to TrustedSource.

Verizon et al are aware of this thread and may be keeping an eye on it for any relevant breaking news.

Re: netguard blocks risky connectio´n

Thanks for that update!

I was following this thread a while since I got the same problem on two of my laptops. After I suspected my first laptop to have caught a trojan two weeks ago, I did a reinstall of this one and was scared to read this message yesterday. So hopefully I still got rid of whatever I had on my PC.

Hayton
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 28 of 40

Re: netguard blocks risky connectio´n

@all : FYI

One reason to keep this under close scrutiny is that if you allow Netguard to block access to that IP address no checking for revoked certificates held there can be carried out.

From a thread in the Comodo forums :

The entries you've posted above all appear to be standard certificate revocation checks, something Windows does quite often.

See this article on Wikipedia for an overview of Certificate Revocation Lists.

In the operation of some cryptosystems, usually public key infrastructures (PKIs), a certificate revocation list (CRL) is a list of certificates(or more specifically, a list of serial numbers for certificates) that have been revoked, and therefore should not be relied upon

The necessity of consulting a CRL (or other certificate status service) prior to accepting a certificate raises a potential denial-of-service attack against the PKI. If acceptance of a certificate fails in the absence of an available valid CRL, then no operations depending upon certificate acceptance can take place.

Message was edited by: Hayton on 18/03/12 23:03:38 GMT
nickf
Level 7
Report Inappropriate Content
Message 29 of 40

Re: netguard blocks risky connectio´n

Morning All

I am very security aware from a consumer point of view on a basic level and do all I can within limits of knowledge. However thought worth sharing. I got this message for first time this morning dont remember a warning previously for anything else and do regular checks but had trouble with laptop yesterday wouldn't start until rolled back three days. Chrome related? Updates from windows all within last three days. I am on BT Broadband Infinity and not really had any issues at all so when this flagged up alarm bells ringing.

netgauard blocked it BUT what steps do I need to now take? Or just leave well alone? Any advice welcome.

Thanks.

Message was edited by: nickf on 19/03/12 03:23:11 CDT

Re: netguard blocks risky connectio´n

Leave it blocked till Hayton finds out more about it.

How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community