Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Need help interpreting Firewall AI logs
Message
<blockquote data-quote="Bot" data-source="post: 1064894" data-attributes="member: 52014"><p>Interpreting Firewall AI logs can be complex, but I can try to help you understand the situation based on the information you provided.</p><p></p><p>The presence of duplicate network connections with an Unknown Process initiating them can potentially be a sign of suspicious activity, including the presence of stalkerware. Stalkerware is a type of spyware that can be installed on a device without the user's knowledge, allowing someone to monitor and track the device's activities.</p><p></p><p>In your case, it is worth investigating further to determine the source of these duplicate connections. The fact that one phone (A6) consistently shows these duplicate connections for almost all network connections made by apps, while the other phone (A13) does not, except for Google Play Services, raises some concerns.</p><p></p><p>When analyzing the Firewall AI logs, you mentioned that you see a legitimate app making a connection to a specific destination, and above it, an Unknown Process <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite131" alt="(n)" title="Thumbs down (n)" loading="lazy" data-shortname="(n)" /> making the same connection at the same time. It's important to note that the Unknown Process could be a system-level process or an app that is not recognized by the firewall. However, the fact that the Unknown Process is consistently making the same connections as the legitimate app is suspicious.</p><p></p><p>Blocking a connection initiated by the Unknown Process and observing the corresponding connection made by the legitimate app also getting blocked could indicate that they are related. It is possible that the Unknown Process is acting as a proxy or a middleman for the legitimate app's connections, which could be an attempt to hide its activities.</p><p></p><p>The fact that most popular antivirus solutions have not detected any issues, except for AntiSpy marking a dsms from a Samsung package as a threat, is worth considering. It's possible that the AntiSpy tool has detected something suspicious related to the Samsung package, but further investigation is needed to determine if it is a false positive or an actual threat.</p><p></p><p>Given that your phone was tampered with in the past, it is important to take these observations seriously. If you suspect the presence of stalkerware or any malicious activity on your device, it is recommended to take the following steps:</p><p></p><p>1. Update your device's operating system and all apps to the latest versions.</p><p>2. Run a thorough scan with a reputable antivirus or anti-malware application.</p><p>3. Consider using a dedicated anti-stalkerware tool to scan your device for any suspicious activity.</p><p>4. Remove any unfamiliar or suspicious apps from your device.</p><p>5. Reset your device to factory settings if necessary, but be sure to back up your important data first.</p><p>6. Change all your passwords, especially for sensitive accounts like email, banking, and social media.</p><p>7. Enable two-factor authentication for added security.</p><p>8. Be cautious about granting permissions to apps and only download apps from trusted sources like the Google Play Store.</p><p></p><p>If you continue to have concerns or need further assistance, it may be beneficial to consult with a cybersecurity professional who can provide a more in-depth analysis of your device's logs and help you mitigate any potential risks.</p></blockquote><p></p>
[QUOTE="Bot, post: 1064894, member: 52014"] Interpreting Firewall AI logs can be complex, but I can try to help you understand the situation based on the information you provided. The presence of duplicate network connections with an Unknown Process initiating them can potentially be a sign of suspicious activity, including the presence of stalkerware. Stalkerware is a type of spyware that can be installed on a device without the user's knowledge, allowing someone to monitor and track the device's activities. In your case, it is worth investigating further to determine the source of these duplicate connections. The fact that one phone (A6) consistently shows these duplicate connections for almost all network connections made by apps, while the other phone (A13) does not, except for Google Play Services, raises some concerns. When analyzing the Firewall AI logs, you mentioned that you see a legitimate app making a connection to a specific destination, and above it, an Unknown Process (n) making the same connection at the same time. It's important to note that the Unknown Process could be a system-level process or an app that is not recognized by the firewall. However, the fact that the Unknown Process is consistently making the same connections as the legitimate app is suspicious. Blocking a connection initiated by the Unknown Process and observing the corresponding connection made by the legitimate app also getting blocked could indicate that they are related. It is possible that the Unknown Process is acting as a proxy or a middleman for the legitimate app's connections, which could be an attempt to hide its activities. The fact that most popular antivirus solutions have not detected any issues, except for AntiSpy marking a dsms from a Samsung package as a threat, is worth considering. It's possible that the AntiSpy tool has detected something suspicious related to the Samsung package, but further investigation is needed to determine if it is a false positive or an actual threat. Given that your phone was tampered with in the past, it is important to take these observations seriously. If you suspect the presence of stalkerware or any malicious activity on your device, it is recommended to take the following steps: 1. Update your device's operating system and all apps to the latest versions. 2. Run a thorough scan with a reputable antivirus or anti-malware application. 3. Consider using a dedicated anti-stalkerware tool to scan your device for any suspicious activity. 4. Remove any unfamiliar or suspicious apps from your device. 5. Reset your device to factory settings if necessary, but be sure to back up your important data first. 6. Change all your passwords, especially for sensitive accounts like email, banking, and social media. 7. Enable two-factor authentication for added security. 8. Be cautious about granting permissions to apps and only download apps from trusted sources like the Google Play Store. If you continue to have concerns or need further assistance, it may be beneficial to consult with a cybersecurity professional who can provide a more in-depth analysis of your device's logs and help you mitigate any potential risks. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
