[newprouser]

Hey all ,

I have Microsoft Outlook 2010 installed on my win 7 x64 PC to access my company's emails through the exchange server. Now , i haven't saved my credentials, so every time I open outlook , I'm prompted to enter it.

The issue I'm facing is , many times, i see svchost.exe downloading data from the exchange server, even when i have not opened outlook or set outlook to work offline.

I was wondering how it is able to access the data without authenticating, since I had made sure even the credential manager is also empty.

Also this issue seems to happen only in win 7 for some reason. Note: i have not made any changes to outlook configuration.

[cluberti]

Which svchost is accessing the Exchange server, and what exactly is it accessing? Does it leave any event log entries on either side?

[newprouser]

Quote

Which svchost is accessing the Exchange server

note sure what you mean by "which", since svchost.exe is a system process . Did you mean to ask if svchost is running as which user[NETWORK SERVICE, SYSTEM] ?

Quote

what exactly is it accessing

That is a mystery to me too. I'm was able to see the exe downloading data through comodo firewall. By seeing the destination IP, i concluded it was accessing the exchange server. [I have no other
software/tool which would access that particular IP].

Quote

Does it leave any event log entries on either side

I don't have access to the other side. On my side , i checked the windows logs part in event log. The apps and services logs were way too big. Is there any specific folder/application where i can find the details ?

[cluberti]

newprouser, on 30 June 2012 - 07:47 AM, said:

Quote

Which svchost is accessing the Exchange server

note sure what you mean by "which", since svchost.exe is a system process . Did you mean to ask if svchost is running as which user[NETWORK SERVICE, SYSTEM] ?

There are more than 1 svchost process - I was curious as to which one was doing the downloading.

[Tripredacus]

What are you using to know that svchost.exe is downloading data from Exchange?

[newprouser]

Tripredacus, on 02 July 2012 - 07:58 AM, said:

What are you using to know that svchost.exe is downloading data from Exchange?

There is a feature in Comodo Firewall program to list all the active connection. I used it to find about svchost.exe accessing exchange server.

[allen2]

Try using process explorer to check which services (usually many services use the same svchost process) are accessing your exchange server.

[newprouser]

hi allen2,

as you mentioned i'm able to see a dozen processes listed in the svchost.exe accessing the exchange server ... I have attached a screenshot displaying them...

I have that BITS can be used to trasfer data in the background , maybe that could be the culprit ?

Attached File(s)

•  Svchost Net Access.jpg (484.87K)
  Number of downloads: 12

[allen2]

Some of those services can be stopped then restarted without causing problems and this way you could check if the issue is still there after stopping each one and thus removing one possible culprit. Here is the list of the services i'd try in the order of the most probable to the less :
BITS
wuauserv
schedule
lanman server
browser
Hope this help. If you don't find it this way, you could try this way to make each service use a different process.