Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

INFO: "Redirector.GVT1.com" access by svchost.

INFO: "Redirector.GVT1.com" access by svchost.

Postby PietO » Mon Jan 09, 2017 8:19 pm

Dear W8FC users:

in the latest WFC-release 8, strict rules are predefined for svchost (with/without update) for access to Microsoft update/download servers using TCP port 80/443. Release 7 had fully open access to the world for port 80,443.

However, due to this wonderful change, you may see in rare cases access to non-microsoft servers typically Google owned e.g. "Redirector.GVT1.com". It's not trivial to find why (looks like a virus) thus here some info for you:

If a Chrome browser or derivate like Iron or Slimjet is fresh installed, it may start secretly, unrequested downloads of predefined extensions (e.g. PDF). The requests are implemented as jobs for the BITS-service (Background Intelligent Transfer) which is finally executed by a svchost process. As the traffic is standard blocked by the predefined zones, BITS is trying, retrying endlessly to get the transfer job done. Even cancelling the jobs (BITSadmin /reset in Win7) does not help as they are recreated by next invocation of Chrome browsers.

Resolve: apply ENABLE ALL to svchost temporary (i did) and after some time apply the original zone again, or define additional strict or global rules if it happens often.

(maybe other programs are using BITS in the same way)
PietO
 
Posts: 192
Joined: Wed Mar 02, 2011 12:09 pm

Re: INFO: "Redirector.GVT1.com" access by svchost.

Postby VistaFirewallControl » Tue Jan 10, 2017 11:09 am

Thank you for the information.
It's really curious.
VistaFirewallControl
Site Admin
 
Posts: 1492
Joined: Fri Mar 27, 2009 11:25 am


Return to Specific behavior

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred