Hands-on: Acer Predator Triton 700 review
I keep getting requests via my Firewall for a program called "Unknown Process" to access the Internet.
Each time that it makes its request, it has a different serial number attached.
For example: Unknown Process:-1849501 (Find Error)
It is presented exactly as I have shown.
The one above has made 17 requests to get out today but were all declined by me and blocked by the F/W. A check of the F/W log history shows that all such requests are made 17 times (although I only have to say 'no' once - the F/W takes care of all subsequent requests on its own it seems).
The first of each of these requests is classed as a 'New Program' in the F/W, the subsequent 16 are classed as 'Program Access'. The serial number is never used for more than one (17 set of) requests, due I assume to the reason that a new number is created for each set.
Can anyone enlighten me as to what this process may be please and is it legit ?
I have re-built my PC about four times in the past four years and as far as I can recall, they have always been a feature, so do not suspect any alien activity, though I have never allowed the program to connect. The F/W and AV have always been active and AV & Ad-aware scans produce no untoward reports.
I have had another two tonight, with new numbers -1425555 & 1477155 - it looks as if they are random.
The Firewall does not know what the program is or from where it is sourced, it just knows it is a new program and registers it as a first request. It says it's destination is AdSubtract (my Advert display removal program), but that is only listening for incoming stuff I thought.
I did try to find it in a file search on the hard drive under 'Unknown Process' and it came up with the Microsoft Works Word Processor shortcut in C:/Windows/Start Menu/Programs/Microsoft Works (sorry about forward slash - the one on my keyboard has packed up !)
Does this tell you anything ? I was not using this program at the time, but I do use it very often.
Are there other ways of searching for this perhaps?
have a look in sheduled tasks start/programs/accesories/system tools/scheduled tasks (I think on ME). some anti-watsits try to look for updates and sounds like one of these is trying to update.
It has got "unkown process", because the firewall doesn't reconise it... So when it comes up look for the option that is something on the lines of "Show Advanced details"... This will disply the path and file name for this process and when you get these post them through, so we can help you!!!
Have you run any anti-malware scans?
Is this unknown process perhaps spyware or a rogue dialler trying to 'phone home'?
Hi, you are not alone - have a look here, might help.
What I posted was from ZA's Advanced details when I said the Firewall does not know what this is etc. - not very helpful is it !
However, look below for a possible clue, very close to your interpretation in fact.....
I have no scheduled tasks set up other than the Tune-up Application start and PCHealth Scheduler -I do all my maintenance tasks manually so that I can make my own records of when I did them. There isn't much I do actually, just AV and Adaware scans mostly. I don't even let NAV update via its own live update routine - I always connect to the I/N VIA Norton and check for update every time I want to use it before I proceed with any other task. So nothing there to help us wiz-king, but look below and see what you think.
Yes, have run Adaware and AV scans and as you have read above, employ a very secure method of using the I/N. My current build began from day one with a ZA Firewall and right up-to-date AV standard and has always been topical. I download VERY little stuff off the web and say no to absolutely every request the F/W presents for anything to connect unless it's because I have just asked for it. This is the advice you get from Zone Alarm, then if something stops working or does not work, you can examine what you are allowing out or not, see if this is the cause and act accordingly.
Now YOU are on to something - not exactly what you offered, but on that same website, I found two threads which match exactly my experiences, rightdown to the repeats and the different numbers generated for each one. Almost every contributor to these two threads, cited Zone Alarm as either the source of information - or even the cause of the message (and this is where mattyc_92 got close).
One responder offered this explanation and coming from Dell, I am inclined to sit up and listen - what do you all think ?
""I was told a few days ago (by Dell tech) that this is becoming common and happens because basically the firewall is detecting the attempt at internet access before the operating system has had time to properly identify the program asking for access. So if you see the alert after starting IE or OE, or some other program you KNOW is trying to access the net (*because you just asked it to*), it is okay to allow; otherwise, at least I have found, you have to close and reopen the program.""
So, that perhaps is why it cannot be traced, being just an instantly created temporary message because the OS has not fully identifed the process, so it is untraceable because in effect it does not exist ? (It's the "find error" bit that confuses me a little though). What do you think mattyc_92,you have been the closest to this so far ?
In my case, I should say that I do not have to do anything, I just deny access and carry on and it has been thus for ages. There is an old saying "if it ain't broke, don't try to fix it" which may be a key phrase in this situation as my PC has been behaving better since my last rebuild in mid 2003 than it has done since its first year of operation. It seems to have been able to recover from its infrequent ills on its own, by re-starting or re-booting etc., and carries on as if nothing had ever been wrong - I couldn't really be happier with it. Two years ago, I came close to throwing out of the window - it turned out to be a motherboard failure - no wonder !
This thread is now locked and can not be replied to.