Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Need help interpreting Firewall AI logs
Message
<blockquote data-quote="GarryNigelMunter" data-source="post: 1064888" data-attributes="member: 105583"><p>Need help interpreting Firewall AI logs.</p><p></p><p>Can the fact that almost all network connections made by apps on a phone also have duplicates with an Unknown Process initiating them, be a sign of stalkerware? </p><p></p><p>I'm using Firewall AI's log. One phone has this for every connection (Samsung Galaxy A6, Android 11), the other almost doesn't (A13, Android 13), except Google Play Services. </p><p></p><p>What I see is a legit app, marked by its icon, making a connection to x and above it an UnknownProcess <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite131" alt="(n)" title="Thumbs down (n)" loading="lazy" data-shortname="(n)" />, marked by android's "half-face" icon, making the same connection at the same time xx.xx.xx.</p><p></p><p>Also, if I block a connection by an UnknownProcess, the corresponding connection made by a legit app gets blocked too, but I'm assuming it's because the destination is the same(?).</p><p></p><p>Otherwise most popular AVs detected nothing, except AntiSpy marked a dsms from a samsung package as a threat (Trojan)...</p><p></p><p>PyDroid logs detect the same duplicate connections, only it attributes both to the app making the connection.</p><p></p><p>My phone was meddeled with a year ago (stolen for 1 day).</p></blockquote><p></p>
[QUOTE="GarryNigelMunter, post: 1064888, member: 105583"] Need help interpreting Firewall AI logs. Can the fact that almost all network connections made by apps on a phone also have duplicates with an Unknown Process initiating them, be a sign of stalkerware? I'm using Firewall AI's log. One phone has this for every connection (Samsung Galaxy A6, Android 11), the other almost doesn't (A13, Android 13), except Google Play Services. What I see is a legit app, marked by its icon, making a connection to x and above it an UnknownProcess (n), marked by android's "half-face" icon, making the same connection at the same time xx.xx.xx. Also, if I block a connection by an UnknownProcess, the corresponding connection made by a legit app gets blocked too, but I'm assuming it's because the destination is the same(?). Otherwise most popular AVs detected nothing, except AntiSpy marked a dsms from a samsung package as a threat (Trojan)... PyDroid logs detect the same duplicate connections, only it attributes both to the app making the connection. My phone was meddeled with a year ago (stolen for 1 day). [/QUOTE]
Insert quotes…
Verification
Post reply
Top
