Question What application to use for monitoring system and network activity?

Please provide comments and solutions that are helpful to the author of this topic.

C

Can't Decide

Level 1
Thread author
Dec 15, 2023
35
I noticed "DoSVC" and "Crytographic Service" had internet connection on "Resource Monitor". I don't know the connection is it from Microsoft or is it safe(checked the ip on VT with no detection). And I'm unsure of what "Crytographic Service" do but I know "DoSVC" is used for Microsoft windows system update but I want to make sure the connection is safe and not used by some bad actor.

Any advise on what application do use for monitoring system and network activity that can identify the connection originate from? That keep data locally and won't send any data to the said company.
If it's firewall application, it need to be able to work well with Firewall Hardening.
 
  • Like
Reactions: simmerskool
Sort by date Sort by votes
Bot

Bot

AI-powered Bot
Apr 21, 2016
3,703
I would recommend GlassWire. It's a network monitoring tool that visualizes your current and past network activity, checks the safety of your network, and allows you to block potentially harmful connections. It keeps data locally and doesn't share it. For firewall applications, ZoneAlarm Free Firewall works well with Firewall Hardening and provides an extra layer of security.
 
  • Like
Reactions: simmerskool and Can't Decide
Upvote 0
kailyn

kailyn

Level 2
Jun 6, 2024
84
Can't Decide said:
I noticed "DoSVC" and "Crytographic Service" had internet connection on "Resource Monitor". I don't know the connection is it from Microsoft or is it safe(checked the ip on VT with no detection). And I'm unsure of what "Crytographic Service" do but I know "DoSVC" is used for Microsoft windows system update but I want to make sure the connection is safe and not used by some bad actor.

Any advise on what application do use for monitoring system and network activity that can identify the connection originate from? That keep data locally and won't send any data to the said company.
If it's firewall application, it need to be able to work well with Firewall Hardening.
Click to expand...
Portable SysInternals TCPView, NirSoft Curr Ports, System Informer, System Explorer, NoVirusThanks Connection Viewer (trial\paid), etc.

You always have on Windows the ability to check with the following command:

netstat -ban

With PowerShell:

Code: 
Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess, @{n="ProcessName";e={(Get-Process -Id $_.OwningProcess).ProcessName}}, @{n="UserName";e={(Get-Process -Id $_.OwningProcess -IncludeUserName).UserName}} | Where-Object {$_.State -eq "Established"} | Format-Table -AutoSize -Force
 
  • Like
Reactions: Can't Decide
Upvote 0
C

Can't Decide

Level 1
Thread author
Dec 15, 2023
35
kailyn said:
Portable SysInternals TCPView, NirSoft Curr Ports, System Informer, System Explorer, NoVirusThanks Connection Viewer (trial\paid), etc.

You always have on Windows the ability to check with the following command:

netstat -ban

With PowerShell:

Code: 
Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort, State, OwningProcess, @{n="ProcessName";e={(Get-Process -Id $_.OwningProcess).ProcessName}}, @{n="UserName";e={(Get-Process -Id $_.OwningProcess -IncludeUserName).UserName}} | Where-Object {$_.State -eq "Established"} | Format-Table -AutoSize -Force
Click to expand...
Thank you for your information.

Does SysInternals TCPView, Process Explorer and others send any data to microsoft?
 
Upvote 0
TairikuOkami

TairikuOkami

Level 36
Verified
Top Poster
Content Creator
Well-known
May 13, 2017
2,553
www.nirsoft.net

View TCP/UDP network activity of every application on Windows

LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system.
www.nirsoft.net

LiveTcpUdpWatch vs CurrPorts vs NetworkTrafficView​

This tool may look very similar to other tools of NirSoft - CurrPorts and NetworkTrafficView, but every tool behave differently and uses different technique to extract the network information.
  • CurrPorts displays the current table of active TCP connections and TCP/UDP listening ports. but this technique has some disadvantages, for example, if UDP packets are sent from your computer to remote network address, you won't see it with CurrPorts, because with UDP there is no really a connection and the UDP table contains only listening UDP ports. The advantage of CurrPorts is the ability to use it without elevation (Run As Administrator).
  • NetworkTrafficView uses network sniffing technique - It analyzes every packet sent/received by your network card and displays extensive summary according to the display mode you choose. The disadvantages of this tool: You have to choose a network card and capture method for activating the network sniffer.
  • LiveTcpUdpWatch uses event tracing API to get live information from Windows Kernel about every TCP/UDP packet sent/received on your system. As opposed to CurrPorts, it captures all UDP activity with process information, but without the need of using a network sniffer.
Click to expand...
 
  • Like
Reactions: Can't Decide
Upvote 0
E

EstrellaRhodes

Level 1
Jun 3, 2024
24
I've noticed similar activity with DoSVC and Cryptographic Service on my system too. They're both legit Windows services, DoSVC handles system updates and Cryptographic Service deals with encryption and security-related operations. If you want to monitor system and network activity more closely, I'd recommend using tools like Wireshark for network analysis and Process Monitor for system monitoring. Both keep data locally and are pretty powerful. For firewall options that work well with Firewall Hardening, you might try GlassWire or SimpleWall.
 
  • Like
Reactions: Can't Decide
Upvote 0
C

Can't Decide

Level 1
Thread author
Dec 15, 2023
35
TairikuOkami said:
www.nirsoft.net

View TCP/UDP network activity of every application on Windows

LiveTcpUdpWatch is a tool for Windows that displays live information about all TCP and UDP activity on your system.
www.nirsoft.net
Click to expand...
Thanks for the advise, I will take a look.

kailyn said:
No
Click to expand...
That's good to know, because I read their privacy policy at TCPView for Windows - Sysinternals though it put sysinternals doesn't collect any data but at same time beside it have mircosoft privacy policy... so I'm a bit confused about it.

lokamoka820 said:
Wireshark.
Click to expand...
Thanks for the advise, I will take a look.

EstrellaRhodes said:
I've noticed similar activity with DoSVC and Cryptographic Service on my system too. They're both legit Windows services, DoSVC handles system updates and Cryptographic Service deals with encryption and security-related operations. If you want to monitor system and network activity more closely, I'd recommend using tools like Wireshark for network analysis and Process Monitor for system monitoring. Both keep data locally and are pretty powerful. For firewall options that work well with Firewall Hardening, you might try GlassWire or SimpleWall.
Click to expand...
How about Portmaster or Windows Firewall Control? Does it work well with Firewal Hardening?
 
  • Like
Reactions: lokamoka820 and TairikuOkami
Upvote 0

Similar threads

vtqhtr413
    • Applause
    • Like
Technology Hubble Network makes Bluetooth connection with a Satellite for the first time
Replies
0
Views
396
Technology News
vtqhtr413
vtqhtr413
R
Question Comodo Firewall and AnyDesk
Replies
6
Views
427
Comodo
Bot
Bot
silversurfer
    • Like
    • +Reputation
Deprecated Microsoft to discontinue Application Guard app and browser extensions in May 2024
Replies
4
Views
775
Web Extensions
Can't Decide
C

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top