"suspicious network activity detected" Norton Internet Security firewall warning while log in
DeltaForce64x
✭✭✭
ok so after the latest patch, I started to get a warning from my security software, which says the title and shows me some random IP number tries to connect my computer which Norton asks me to allow or block it. I got suspicious because the IP numbers are entirely random numbers (numbers starts and ends with numbers, usually it were starts some 4-5 digit number and then ends like bethesda.net or something related to bethesda or zenimax), but it was always ends with text , now its completely starts and ends with numbers. I'm using this software (Norton Internet Security) since like 3 years now, never get a sudden pop up warning like this before, Norton have a ability to show every single connection to ask the user allow or block if its suspicious, its in automatic-firewall setting and not in some setting like "learning rule" so my firewall seems ok and doing its job.
If I block the connection -which I did- during in game log in screen, (non steam version) it gave me an error says "couldnt connect the game server, login failed" connect made by eso64.exe to that random IP address, unfortunately I forgot to take a screenshot plus its in a different language(my local language) so I do not think it can help in any way, I want to say sorry since you may notice my English is absolute cancer since its not my native language
so in basic words, what should I do, should I allow the connection which seems only way to play, what if eso files got corrupted in a bad way or something? a malware can attack the game files and somehow "convert" them into a botnet or something?
or I'm overreacting? thanks in advance
If I block the connection -which I did- during in game log in screen, (non steam version) it gave me an error says "couldnt connect the game server, login failed" connect made by eso64.exe to that random IP address, unfortunately I forgot to take a screenshot plus its in a different language(my local language) so I do not think it can help in any way, I want to say sorry since you may notice my English is absolute cancer since its not my native language
so in basic words, what should I do, should I allow the connection which seems only way to play, what if eso files got corrupted in a bad way or something? a malware can attack the game files and somehow "convert" them into a botnet or something?
or I'm overreacting? thanks in advance
0
-
Morgul667✭✭✭✭✭
✭✭✭✭✭Unless you have dome critical files and secrets on your computer id try to allow the connexion once and see if i can connect
If ok id then keep it that way0 -
Elsonso✭✭✭✭✭
✭✭✭✭✭Hard to tell without the IP address. However, if the IP address starts with 159.100.232 (PC EU) or 198.20.200 (PC NA) then it is OK.0 -
Merlin13KAGL✭✭✭✭✭
✭✭✭✭Norton (which is far from my favorite for load of reasons - I can also offer a free alternative that's just as robust) should offer a way to see the detail about the connection request.
Assuming ESO is listed as an 'approved' application under Norton, most connections will originate from your PC and be outgoing (thus approved, by default.) Addons have zero effect on whether or not you can connect to the base game.
Norton should also have an option to allow "this time only." to see if that allows you to connect. This can split the difference between complete lock out and what @Morgul667 recommended. Usually best to know what something's up to before letting it have access.
You can also look in the Norton logs (deny first, then it should make an entry on the IP address making the attempt) and do an internet lookup of the site in questionJust because you don't like the way something is doesn't necessarily make it wrong...
Earn it.
IRL'ing for a while for assorted reasons, in forum, and in game.I am neither warm, nor fuzzy...
Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS1 -
DeltaForce64x✭✭✭I removed my addons which was skyshards and harvest, still happens. this is the screenshot of firewall warning http://imgur.com/a/9jQvp0
-
DeltaForce64x✭✭✭Nevermind, I'm going to uninstall the game and will download steam version instead, thanks anyway0
-
Elsonso✭✭✭✭✭
✭✭✭✭✭@DeltaForce64x HEY! That is the EU megaserver. You are fine to allow connections. Don't waste your time uninstalling.1 -
DeltaForce64x✭✭✭lordrichter wrote: »@DeltaForce64x HEY! That is the EU megaserver. You are fine to allow connections. Don't waste your time uninstalling.
are you sure? I didn't looked the whois website you gave because I'm super paranoid of my PC security, did you saw my screenshot?0 -
Merlin13KAGL✭✭✭✭✭
✭✭✭✭You're good to allow it.
Here is the reverse DNS lookup for that address:
ip-tracker.org/locator/ip-lookup.php?ip=159.100.232.100
And here is the list of ports used per ZoS:
WHAT PORTS DO I NEED TO OPEN FOR THE ELDER SCROLLS ONLINE?Edited by Merlin13KAGL on July 24, 2017 12:44PMJust because you don't like the way something is doesn't necessarily make it wrong...
Earn it.
IRL'ing for a while for assorted reasons, in forum, and in game.I am neither warm, nor fuzzy...
Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS2 -
AdicusDio✭✭✭In the future, you can usually "whitelist" known safe .exe (like the game) to be allowed via your firewall. I use tinywall after getting a serious bug from comodo, and that needed strict "yes or no" during it's set up, then never have to worry about it.0
-
Merlin13KAGL✭✭✭✭✭
✭✭✭✭@AdicusDio , strict is what you want from a firewall. Comodo allows the option to identify a program as an installer for that very reason and will set appropriate permissions in the process.Just because you don't like the way something is doesn't necessarily make it wrong...
Earn it.
IRL'ing for a while for assorted reasons, in forum, and in game.I am neither warm, nor fuzzy...
Probably has checkbox on Customer Service profile that say High Aggro, 99% immunity to BS0 -
DeltaForce64x✭✭✭@Merlin13KAGL @lordrichter holy cow, thanks! I wasn't even aware there is a port-verified official help eso website, thanks guys, you both saved me downloading another 120GB lol, for the record, I scanned my system with malwarebytes and malwarebytes anti-rootkit says "no malware found" so I'm ok, just to be safe
thank you!0 -
Elsonso✭✭✭✭✭
✭✭✭✭✭DeltaForce64x wrote: »lordrichter wrote: »@DeltaForce64x HEY! That is the EU megaserver. You are fine to allow connections. Don't waste your time uninstalling.
are you sure? I didn't looked the whois website you gave because I'm super paranoid of my PC security, did you saw my screenshot?
As @Merlin13KAGL posted, that IP address is owned by ZeniMax and is part of the block of IP addresses that they use for the EU megaserver.
https://www.whois.com/whois/159.100.232.100
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '159.100.224.0 - 159.100.239.255'
% No abuse contact registered for 159.100.224.0 - 159.100.239.255
inetnum: 159.100.224.0 - 159.100.239.255
netname: TRRLNET
descr: Zenimax Online Studios
country: US
admin-c: JP10089-RIPE
tech-c: JP10089-RIPE
status: LEGACY
remarks: For information on "status:" attribute read https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources
mnt-by: JPACE-MNT
created: 2013-09-25T10:40:11Z
last-modified: 2016-02-09T21:48:51Z
source: RIPE
Edited by Elsonso on July 24, 2017 12:54PM2 -
DeltaForce64x✭✭✭thanks dude, much appreciated for detailed reply, I'm glad people like you exists in forums, (I meet many trolls on steam forums)
I can take a fresh breath and play my sorc, cheers1
