[duplicate]Tell Me Why This Is Happening Over & Over & Over!
Windows 7 HP 64bit Firewall activity log
2011/07/21 14:18:49.975 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:18:50.006 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50514, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: 21C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localservice.
2011/07/21 14:18:50.038 [bDFW] Ip 2001:0000:5EF5:79FB:2C02:2D96:A972:7E05 added to device {ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}.
2011/07/21 14:18:50.038 [bDFNDISF] Received address change notification: device="{ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}" address=2001:0000:5EF5:79FB:2C02:2D96:A972:7E05 added.
2011/07/21 14:18:50.038 [bDFWCORE] Addresses changed: IPv4: 0 IPv6: 1.
2011/07/21 14:18:50.038 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50154, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:18:50.069 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:64012, Remote Address: FF02:0000:0000:0000:0000:0000:0001:0003:5355, Protocol: 17, Local Packet: 0, PID: 44C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k networkservice.
2011/07/21 14:18:50.162 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50514, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: 21C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localservice.
2011/07/21 14:18:50.194 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50154, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:18:50.194 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50154, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:18:50.272 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:56700, Remote Address: FF02:0000:0000:0000:0000:0000:0001:0003:5355, Protocol: 17, Local Packet: 0, PID: 44C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k networkservice.
2011/07/21 14:18:50.381 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:56700, Remote Address: FF02:0000:0000:0000:0000:0000:0001:0003:5355, Protocol: 17, Local Packet: 0, PID: 44C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k networkservice.
2011/07/21 14:18:50.521 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50514, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: 21C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localservice.
2011/07/21 14:18:50.677 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50514, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: 21C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localservice.
2011/07/21 14:18:50.724 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: 192.168.0.12:53865, Remote Address: 94.245.121.251:3544, Protocol: 17, Local Packet: 0, PID: 214, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k netsvcs.
2011/07/21 14:18:51.738 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: 192.168.0.12:53865, Remote Address: 94.245.121.251:3544, Protocol: 17, Local Packet: 0, PID: 214, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k netsvcs.
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Adapter name: {EF221C30-B638-4423-8BC0-99A584D2F2C8}
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Adapter description: Realtek PCIe GBE Family Controller
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Adapter friendly name: Local Area Connection
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Medium type: 1
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Address: FE80:0000:0000:0000:7931:F395:FC55:0A34. Mask: 64.
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Address: 192.168.0.12. Mask: 120.
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Dns Server 192.168.0.1
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: Gateway: 192.168.0.1
2011/07/21 14:18:52.050 [bDFWCORE] GetAddresses: DHCPv4: 192.168.0.1
2011/07/21 14:18:52.097 [bDFWCORE] Updating profiles:
2011/07/21 14:18:52.097 [bDFWCORE] Adapter name: {EF221C30-B638-4423-8BC0-99A584D2F2C8}, flags: 2, stealth: 2, zones: 0
2011/07/21 14:18:52.986 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:18:53.750 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: 192.168.0.12:53865, Remote Address: 94.245.121.251:3544, Protocol: 17, Local Packet: 0, PID: 214, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k netsvcs.
2011/07/21 14:18:56.980 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:18:57.760 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: 192.168.0.12:53865, Remote Address: 94.245.121.251:3544, Protocol: 17, Local Packet: 0, PID: 214, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k netsvcs.
2011/07/21 14:18:59.990 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:03.001 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:05.762 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: 192.168.0.12:53865, Remote Address: 94.245.121.251:3544, Protocol: 17, Local Packet: 0, PID: 214, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k netsvcs.
2011/07/21 14:19:06.995 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:10.006 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:13.016 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:17.010 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:20.021 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:21.768 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: 192.168.0.12:53865, Remote Address: 94.245.121.251:3544, Protocol: 17, Local Packet: 0, PID: 214, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k netsvcs.
2011/07/21 14:19:23.032 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:27.025 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:30.036 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:33.047 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:37.041 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:40.051 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:43.062 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:47.056 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:50.067 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:53.077 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:53.779 [bDFW] Ip FE80:0000:0000:0000:2C02:2D96:A972:7E05 removed from device {ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}.
2011/07/21 14:19:53.779 [bDFNDISF] Received address change notification: device="{ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}" address=FE80:0000:0000:0000:2C02:2D96:A972:7E05 removed.
2011/07/21 14:19:53.779 [bDFWCORE] Addresses changed: IPv4: 0 IPv6: 1.
2011/07/21 14:19:53.779 [bDFW] Ip 2001:0000:5EF5:79FB:2C02:2D96:A972:7E05 removed from device {ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}.
2011/07/21 14:19:53.779 [bDFNDISF] Received address change notification: device="{ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}" address=2001:0000:5EF5:79FB:2C02:2D96:A972:7E05 removed.
2011/07/21 14:19:53.779 [bDFWCORE] Addresses changed: IPv4: 0 IPv6: 1.
2011/07/21 14:19:53.779 [bDFW] Ip FE80:0000:0000:0000:0000:FFFF:FFFF:FFFE added to device {ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}.
2011/07/21 14:19:53.779 [bDFNDISF] Received address change notification: device="{ff761ca3-1976-4b7a-b41a-e70a7cfd0cef}" address=FE80:0000:0000:0000:0000:FFFF:FFFF:FFFE added.
2011/07/21 14:19:53.779 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:53698, Remote Address: FF02:0000:0000:0000:0000:0000:0001:0003:5355, Protocol: 17, Local Packet: 0, PID: 44C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k networkservice.
2011/07/21 14:19:53.795 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50154, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:53.889 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:53698, Remote Address: FF02:0000:0000:0000:0000:0000:0001:0003:5355, Protocol: 17, Local Packet: 0, PID: 44C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k networkservice.
2011/07/21 14:19:54.029 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50154, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
2011/07/21 14:19:54.138 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50514, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: 21C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localservice.
2011/07/21 14:19:54.388 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:50514, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:3702, Protocol: 17, Local Packet: 0, PID: 21C, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localservice.
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Adapter name: {EF221C30-B638-4423-8BC0-99A584D2F2C8}
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Adapter description: Realtek PCIe GBE Family Controller
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Adapter friendly name: Local Area Connection
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Medium type: 1
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Address: FE80:0000:0000:0000:7931:F395:FC55:0A34. Mask: 64.
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Address: 192.168.0.12. Mask: 120.
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Dns Server 192.168.0.1
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: Gateway: 192.168.0.1
2011/07/21 14:19:55.792 [bDFWCORE] GetAddresses: DHCPv4: 192.168.0.1
2011/07/21 14:19:55.839 [bDFWCORE] Updating profiles:
2011/07/21 14:19:55.839 [bDFWCORE] Adapter name: {EF221C30-B638-4423-8BC0-99A584D2F2C8}, flags: 2, stealth: 2, zones: 0
2011/07/21 14:19:57.071 [bDFW] [FILTER] Blocked packet because of rule 24. Direction: Outbound, Local Address: FE80:0000:0000:0000:7931:F395:FC55:0A34:59747, Remote Address: FF02:0000:0000:0000:0000:0000:0000:000C:1900, Protocol: 17, Local Packet: 0, PID: C38, Process: c:\windows\system32\svchost.exe, Cmd. Line: -k localserviceandnoimpersonation.
Comments
-
Hello,
What exactly is happening ? Please explain the issue including your system details.
Kind regards,0 -
System: i5 2400 Processor, 4GB RAM, Windows 7 Home Premium 64bit
When advised in my previous thread: http://forum.bitdefender.com/index.php?showtopic=27620
to activate the "Increase log verbosity" of the firewall I noticed a deluge of activity being logged (see above. this is only a fraction).
Please advise if this is "normal" activity.0 -
Hello,
Yes, that is normal considering that you have increased the log verbosity so all events associated with the Firewall module will be listed in the log file.
As we already have a topic we discuss on, I will close this topic and we will continue troubleshooting on the first topic you started, located at the link below:
http://forum.bitdefender.com/index.php?showtopic=27620
Please check my answer in the same topic mentioned above.
Kind regards,0
