locktime

Open full view…

Use NetLimiter to look for malware that is sending data

normandy
Wed, 24 Feb 2021 16:15:42 GMT

In order to combat malware, I am trying to use NetLimiter to block any outgoing traffic to unknown remote addresses. I have allowed traffic to known/trusted apps (Google, Malwarebytes, Norton, Adobe, etc.) I let NetLimiter ask me and I check the remote Address IP to see if it is Microsoft, Akamai, or something else that seems like it could be trusted. I am not sure which windows processes I might specifically look for that might be involved in sending data -- Background Intelligent Transfer Service sounds like one that might. Are there any other services I should look for that malware might commonly use? Anyone have experience doing this that might have any suggestions? Ant help would be appreciated. Thx.

janbilek
Fri, 05 Mar 2021 00:41:49 GMT

To get some overview about services, please, check an info at the end of [this article](https://www.netlimiter.com/docs/basic-concepts/filters/system-services-and-windows-store-apps).