Windows 10: Lots Of Connections on netstat / Wireshark

So I haven't needed to netstat anything in a while and certainly never did on Win 10 but I don't remember so many active, established connections before.

I have established connections with Twitter, Pandora, Google, Microsoft, Linode Networks, Akamai, CloudFlare and probably a few others I haven't looked up just yet. Now I don't necessarily think most of these are a problem. Linode, Akamia and CloudFlare are the most questionable but they could easily be backbone type stuff Comcast uses, I don't know.

However, what makes me wonder is that the PID associated with these connections are connected to WebProxy.exe

Furthermore, Wireshark is actively communicating with most of the names I mentioned above that showed up in Netstat, even when no browser is open. I previously disabled Microsofts supposed settings that allow them to track your online usage but could this be part of something I missed? Do I just not recall correctly that all of my traffic should be going through a WebProxy? Should I still be talking to Twitter even though I am not on that website nor do I have a browser open?

I've noticed weird things and redirects every once in a while and I do a thorough cleanup which never produces much of anything (I am a tech who has cleaned up 100's of PC's, so it wasn't half azz).

Any thoughts would be appreciated.

:)

 

Windows 10 - Delivery Optimization hogging bandwidth

I just had the worst quality Skype call with my son in Australia I have ever had, and this was on a wired connection. Once we ended the call I noticed that the activity light on my Ethernet connection was still flickering like crazy. I fired up Wireshark
and was quite disturbed to find my PC with several open connections to a server in Korea. C2 server I thought, and so checked the executable with netstat -aob - it was DoSvc. I used Process Explorer to find the svchost running it and killed the process.
The flickering light stopped dead.

Not your finest hour Microsoft. IMHO, you need to rethink the update strategy.

 

Windows 10 home Remote Assistance Ports

If you have all ports open and have successfully established a connection, try running netstat -na from the Command Line. You will need to know the IP addresses of the local and remote computer which then netstat shows the port connectivity source to
destination.

 

According to several sources, WebProxy.exe is part of the Panda Internet Security Suite... if you have this installed, then it redirects traffic through itself so it can watch for malicious activities. If you don't have this installed, it may be that you have a virus or malware.

 

I've put it on client PCs but have since went to a different anti-virus. Im not 100% sure if I put it on my personal PC but I'm leaning towards... probably.

Should I have active communication with Twitter and other websites when my browser is closed?

 

Well, you will have to identify where those connections are coming from. You might want to disable the webproxy and check their source process id's. They might be "live tile" updates, or they might be other background services that you might have installed but forgotten about.