TorqueDemo trying to connect Microsoft
by Tim Hutcheson · in Torque Game Engine · 09/06/2005 (5:25 am) · 5 replies
I don't want to sound paranoid but my firewall just kicked this out for the first time:
So the C runtime library decides to contact big brother?
Anybody else ever see this?
Quote:
[9/6/2005 7:18:08 AM]
Direction: outgoing
Local Point: 192.168.0.100, port 1371
Adapter: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport
Remote Point: crl.microsoft.com [131.107.115.28], port http [80]
Protocol: TCP
Application path: c:\Torque\example\torqueDemo.exe
Description: torquedemo
File version:
Created: 2005/9/4, 00:58:56
Modified: 2005/9/5, 16:48:17
So the C runtime library decides to contact big brother?
Anybody else ever see this?
About the author
#2
09/06/2005 (7:13 am)
Ok, thanks. Am a little surprised to see this suddenly pop up when I 've been running TGE for a year, at least. I made a firewall rule for it.
#3
But it could be some secure component checking for the CRL. Or maybe even a virus or something? Torque itself has no explicit code to trigger this behavior.
09/06/2005 (10:08 pm)
We don't actually use IE for anything in Torque that I'm aware of. We do spawn it from the demo app to bring up the purchase/product page, but it's running as its own thing (should be the same behavior as typing the URL into the run box).But it could be some secure component checking for the CRL. Or maybe even a virus or something? Torque itself has no explicit code to trigger this behavior.
#4
BUT... I just remembered, if you have any Microsoft-signed DirectX drivers, DirectX9 will connect to crl.microsoft.com to check for an expiration on the certficate that declares the drivers authentic. And that connection would appear to come from your executable.
You can turn the 'feature' off through IE, by going into tools... internet options... advanced tab... security section... uncheck 'check for publisher's certificate revocation' and 'check for server's certificate revocation'. You'll probably have to restart.
I doubt it is a virus/spyware thingy, but checking that angle wouldn't hurt.
09/07/2005 (7:29 am)
Ah! Ben's right, Torque just triggers your default browser, so any CRL connections would appear to come from iexplore.exe or whatever.BUT... I just remembered, if you have any Microsoft-signed DirectX drivers, DirectX9 will connect to crl.microsoft.com to check for an expiration on the certficate that declares the drivers authentic. And that connection would appear to come from your executable.
You can turn the 'feature' off through IE, by going into tools... internet options... advanced tab... security section... uncheck 'check for publisher's certificate revocation' and 'check for server's certificate revocation'. You'll probably have to restart.
I doubt it is a virus/spyware thingy, but checking that angle wouldn't hurt.
#5
09/07/2005 (12:02 pm)
Hmm, that could be reasonable. It would be neat if someone could do some more research on this.
Torque Owner Karthik Krishnan