Jump to content

svchost.exe accessing microsoft exchange server without permission

newprouser

By newprouser
in Windows 7

 Share

Recommended Posts

newprouser

newprouser

Posted
Posted

Hey all ,

I have Microsoft Outlook 2010 installed on my win 7 x64 PC to access my company's emails through the exchange server. Now , i haven't saved my credentials, so every time I open outlook , I'm prompted to enter it.

The issue I'm facing is , many times, i see svchost.exe downloading data from the exchange server, even when i have not opened outlook or set outlook to work offline.

I was wondering how it is able to access the data without authenticating, since I had made sure even the credential manager is also empty.

Also this issue seems to happen only in win 7 for some reason. Note: i have not made any changes to outlook configuration.

Link to comment
Share on other sites

newprouser

newprouser

Posted
  • Author
Posted
Which svchost is accessing the Exchange server

note sure what you mean by "which", since svchost.exe is a system process . Did you mean to ask if svchost is running as which user[NETWORK SERVICE, SYSTEM] ?

what exactly is it accessing

That is a mystery to me too. I'm was able to see the exe downloading data through comodo firewall. By seeing the destination IP, i concluded it was accessing the exchange server. [i have no other

software/tool which would access that particular IP].

Does it leave any event log entries on either side

I don't have access to the other side. On my side , i checked the windows logs part in event log. The apps and services logs were way too big. Is there any specific folder/application where i can find the details ?

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted
Which svchost is accessing the Exchange server

note sure what you mean by "which", since svchost.exe is a system process . Did you mean to ask if svchost is running as which user[NETWORK SERVICE, SYSTEM] ?

There are more than 1 svchost process - I was curious as to which one was doing the downloading.
Link to comment
Share on other sites
newprouser

newprouser

Posted
  • Author
Posted

What are you using to know that svchost.exe is downloading data from Exchange?

There is a feature in Comodo Firewall program to list all the active connection. I used it to find about svchost.exe accessing exchange server.

Link to comment
Share on other sites
newprouser

newprouser

Posted
  • Author
Posted

hi allen2,

as you mentioned i'm able to see a dozen processes listed in the svchost.exe accessing the exchange server ... I have attached a screenshot displaying them...

I have that BITS can be used to trasfer data in the background , maybe that could be the culprit ?

post-193613-0-86649500-1341388591_thumb.

Link to comment
Share on other sites
allen2

allen2

Posted
Posted

Some of those services can be stopped then restarted without causing problems and this way you could check if the issue is still there after stopping each one and thus removing one possible culprit. Here is the list of the services i'd try in the order of the most probable to the less :

BITS

wuauserv

schedule

lanman server

browser

Hope this help. If you don't find it this way, you could try this way to make each service use a different process.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...