Sudden increase in connections to hosts in foreign countries by Gr

B

bzrdhd

A few months ago, we noticed a significant change in the behavior of
Groove.exe. Starting on one computer, Groove.exe proceeded to make brief
connections (over ports 2492, 443, 80) to many different hosts in foreign
countires (such as Brazil, China, and the Russian Federation). There is
nothing apparent within the Groove client interface to account for the
activity, which continues today. Has anyone experienced similar behavior?
 
F

Frances Selkirk [MSFT]

Probably someone has either added you as a contact or is in a workspace with
you. The details get complicated. See this KnowledgeBase article:

"You see many open SSTP TCP connections and many connections to relay
servers when you run the "netstat" command while Groove is running"
http://support.microsoft.com/kb/914722

If it appears that strangers are adding you as a contact, make sure that you
are not listed in the Groove public directory. You can configure this in the
"List me in" section of Preferences/Options/Identities.

I hope this helps!
 
B

bzrdhd

Above all, we are concerned that this sudden onslaught of outbound traffic to
foreign hosts is a sign of malicious activity because we do not think that it
was initiated by anything that our Groove users did within the Groove
client-- at least not at the time that the traffic started.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

New books 10
Outlook connector crashes outlook 0
Outlook crashes with Outlook connector 2002 0

Top