Question What application to use for monitoring system and network activity?

Please provide comments and solutions that are helpful to the author of this topic.

Can't Decide

Level 1
Thread author
Dec 15, 2023
37
I noticed "DoSVC" and "Crytographic Service" had internet connection on "Resource Monitor". I don't know the connection is it from Microsoft or is it safe(checked the ip on VT with no detection). And I'm unsure of what "Crytographic Service" do but I know "DoSVC" is used for Microsoft windows system update but I want to make sure the connection is safe and not used by some bad actor.

Any advise on what application do use for monitoring system and network activity that can identify the connection originate from? That keep data locally and won't send any data to the said company.
If it's firewall application, it need to be able to work well with Firewall Hardening.
 
  • Like
Reactions: simmerskool

Bot

AI-powered Bot
Apr 21, 2016
4,370
I would recommend GlassWire. It's a network monitoring tool that visualizes your current and past network activity, checks the safety of your network, and allows you to block potentially harmful connections. It keeps data locally and doesn't share it. For firewall applications, ZoneAlarm Free Firewall works well with Firewall Hardening and provides an extra layer of security.
 
Upvote 0

kailyn

Level 2
Jun 6, 2024
85
I noticed "DoSVC" and "Crytographic Service" had internet connection on "Resource Monitor". I don't know the connection is it from Microsoft or is it safe(checked the ip on VT with no detection). And I'm unsure of what "Crytographic Service" do but I know "DoSVC" is used for Microsoft windows system update but I want to make sure the connection is safe and not used by some bad actor.

Any advise on what application do use for monitoring system and network activity that can identify the connection originate from? That keep data locally and won't send any data to the said company.
If it's firewall application, it need to be able to work well with Firewall Hardening.
Portable SysInternals TCPView, NirSoft Curr Ports, System Informer, System Explorer, NoVirusThanks Connection Viewer (trial\paid), etc.

You always have on Windows the ability to check with the following command:

netstat -ban

With PowerShell:

Code:
Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess, @{n="ProcessName";e={(Get-Process -Id $_.OwningProcess).ProcessName}}, @{n="UserName";e={(Get-Process -Id $_.OwningProcess -IncludeUserName).UserName}} | Where-Object {$_.State -eq "Established"} | Format-Table -AutoSize -Force
 
Upvote 0

Can't Decide

Level 1
Thread author
Dec 15, 2023
37
Portable SysInternals TCPView, NirSoft Curr Ports, System Informer, System Explorer, NoVirusThanks Connection Viewer (trial\paid), etc.

You always have on Windows the ability to check with the following command:

netstat -ban

With PowerShell:

Code:
Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess, @{n="ProcessName";e={(Get-Process -Id $_.OwningProcess).ProcessName}}, @{n="UserName";e={(Get-Process -Id $_.OwningProcess -IncludeUserName).UserName}} | Where-Object {$_.State -eq "Established"} | Format-Table -AutoSize -Force
Thank you for your information.

Does SysInternals TCPView, Process Explorer and others send any data to microsoft?
 
Upvote 0

TairikuOkami

Level 37
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,638

LiveTcpUdpWatch vs CurrPorts vs NetworkTrafficView​

This tool may look very similar to other tools of NirSoft - CurrPorts and NetworkTrafficView, but every tool behave differently and uses different technique to extract the network information.
  • CurrPorts displays the current table of active TCP connections and TCP/UDP listening ports. but this technique has some disadvantages, for example, if UDP packets are sent from your computer to remote network address, you won't see it with CurrPorts, because with UDP there is no really a connection and the UDP table contains only listening UDP ports. The advantage of CurrPorts is the ability to use it without elevation (Run As Administrator).
  • NetworkTrafficView uses network sniffing technique - It analyzes every packet sent/received by your network card and displays extensive summary according to the display mode you choose. The disadvantages of this tool: You have to choose a network card and capture method for activating the network sniffer.
  • LiveTcpUdpWatch uses event tracing API to get live information from Windows Kernel about every TCP/UDP packet sent/received on your system. As opposed to CurrPorts, it captures all UDP activity with process information, but without the need of using a network sniffer.
 
  • Like
Reactions: Can't Decide
Upvote 0

EstrellaRhodes

Level 1
Jun 3, 2024
34
I've noticed similar activity with DoSVC and Cryptographic Service on my system too. They're both legit Windows services, DoSVC handles system updates and Cryptographic Service deals with encryption and security-related operations. If you want to monitor system and network activity more closely, I'd recommend using tools like Wireshark for network analysis and Process Monitor for system monitoring. Both keep data locally and are pretty powerful. For firewall options that work well with Firewall Hardening, you might try GlassWire or SimpleWall.
 
  • Like
Reactions: Can't Decide
Upvote 0

Can't Decide

Level 1
Thread author
Dec 15, 2023
37
Thanks for the advise, I will take a look.

That's good to know, because I read their privacy policy at TCPView for Windows - Sysinternals though it put sysinternals doesn't collect any data but at same time beside it have mircosoft privacy policy... so I'm a bit confused about it.

Thanks for the advise, I will take a look.

I've noticed similar activity with DoSVC and Cryptographic Service on my system too. They're both legit Windows services, DoSVC handles system updates and Cryptographic Service deals with encryption and security-related operations. If you want to monitor system and network activity more closely, I'd recommend using tools like Wireshark for network analysis and Process Monitor for system monitoring. Both keep data locally and are pretty powerful. For firewall options that work well with Firewall Hardening, you might try GlassWire or SimpleWall.
How about Portmaster or Windows Firewall Control? Does it work well with Firewal Hardening?
 
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top