Question What are those remote connections ?

[Firewall.exe]

What are those remote-connections?

I installed TCPView from sysinternals.
As you can see on the image below: vchost.exe, lsass.exe, wininit.exe and system do not
display their remote adress.

Why is that? What do the symbols instead of a remote adress mean?
Are they hiding their connection?










Straight forward, in my Task-Manager are some suspicious services running.
They are from Microsoft, not a Virus. But that doesn't make it any better.

List of services/application:
CompPkgSrv.exe (Component Package Support Server)
Mobsync.exe
Text Input Application

I would like to find out what EXACTLY each of those services/applications does.
Why are they running, what are they doing?
I cannot find any proper documentation on this anywhere after searching for 2+ hours...

For the first service i mentioned CompPkgSrv.exe i would simply like to know what the
purpose of this app is.

For the second service mobsync.exe, i disabled the Synchronisation-Center
in the Windows Control-Panel, yet mobsync.exe is invisible in my Task-Manager
every time i boot my PC. Why? What does it do??

For the third question, Text input Application starts itself immediately
when i type anything on my pc, anywhere.
If end the process it doesn't reappear until the exact moment when i start typing...
Honestly this could easily be a keylogger or some sort of spyware.
At least it does behave as if it would be.

So much for that, now one more question:
There is this weird "temp-folder" creating itself every once and a while.
It has a strange name, bunch of numbers and letters and it includes a bunch of dll's.
What is this?? When i delete it, it re-creates itself after couple of hours or so.
I would like to terminate the source of this problem, which process is responsible for
creating this temp-folder? What are those dll's?

Any help is welcome! But if you are only going to tell me i should leave things as how
they are, no. I didn't come here to get bullied, i came for actual help. Thank you.

 

[Firewall.exe]

What are those remote-connections?

Task-Manager has a vew settings, showing TCP and UDP connections is not one of them.
Is it possible with cmd/powershell?
Anyways, i installed TCPView from sysinternals.
As you can see on the image below: vchost.exe, lsass.exe, wininit.exe and system do not
display their remote adress.

Why is that? What do the symbols instead of a remote adress mean?
Are they hiding their connection?

 

[ex_bubblehead]

They ARE displaying their remote address. They are connected to the IPV6 loopback address (look up loopback). You have MUCH learning to do before you are even remotely ready to be looking at that particular display.

 

[Firewall.exe]

Because i dont need it. Deleted it - Browser working as normal.

They ARE displaying their remote address. They are connected to the IPV6 loopback address (look up loopback). You have MUCH learning to do before you are even remotely ready to be looking at that particular display.

Indeed there is much to learn, how am i supposed to know what those symbols mean when i never saw this before? I read remote-adress and some of the services do have an actual remote-adress while some are displaying on a symbol instead of an adress, whatever this means.
So before i check what loopback stands for, are those services connected to a microsoft server? Would be very possible that svchost.exe or system has an active connection to a microsoft server, smartscreen for example has to be online to work. So what does online mean, its constantly connected to a ms server?

Id like to remove the star symbol and instead reveal the real remote-adress and to find out where those services are connected.

 

[COLGeek]

Expand your column width to see if the addresses are presented, IPv6 addresses are much longer than IPv4 addresses.

 

[Firewall.exe]

What do you mean by expand your column width ?
I see no option to expand more, i unchecked everything besides IPv6 and this is what remains:

But this does not show me the remote adress.

 

[COLGeek]

What do you mean by expand your column width ?
I see no option to expand more, i unchecked everything besides IPv6 and this is what remains:

But this does not show me the remote adress.

See the borders to the left and right of the column headers? Can you click on those and move them (widening the fields)?

 

[Firewall.exe]

Update:
The wired TEMP-FOLDER stopped creating itself.
I have no clue why, it does not appear anymore.

By the way, the question has not been resolved.
I still dont know why microsoft created this TEMP-FOLDER so many times on my personal computer and i also still dont know what the dll's inside the folder did.

Basically, this Windows 10 Forum was not helpful at all.

 

[Deleted member 14196]

Good luck elsewhere

 

[Firewall.exe]

So what do the symbols mean.
Those ones being displayed instead of a remote-adress.
What is their meaning?
This is a Windows 10 Forum Thread here right?
Good luck is all you got? Well, thats bad.

 

[ex_bubblehead]

:: = IPV6 all addresses
* = all addresses

As for this forum not being helpful that's entirely on you.

 

[DSzymborski]

He's wishing you "good luck" in the sense that there are forums with far more conspiracy-minded people than there are here and more willing to spend the time sorting out this mess.

 

[TommyTwoTone66]

What you have uncovered is the Windows DISM system. This is used to download and install apps via the "Windows Store" and install updates via the Windows Update service.

It does behave quite suspiciously, and recreates itself if you delete it, but it is a normal part of Windows 10 and 11 which is present on every install.

The symbols in the "TCPView" application you ran mean that those are "listening" connections, The connections you are seeing are open and listening for connections from outside. This is perfectly normal behaviour for the Windows DISM system, so that MS can push "Critical" updates if needed.

 

[Firewall.exe]

:: = IPV6 all addresses
* = all addresses

As for this forum not being helpful that's entirely on you.

Well i wouldnt say entirely, more like 50% 50%

So this symbol :: (woonder how you even typed it) stands for IPV6 all adresses. (full ipv6 adress range??)
And this smybol * stands for all adresses meaning everything like IPV4, IPV6, TCP, UDP ?

So those symbols indicate "all adresses" and what does that even mean? What do you mean by "all adresses"?
What's the meaning behind this?
I will search for the "loop-back" term now. That's atleast something i can do myself.

 

[Dragos Manea]

Why so much hassle? What you have to hide? Why so obsessed with services and what they send? Honestly this is suspicious, it means you have something to hide. If you really want something private go on linux. I dont mind being scanned and my activity being monitored because I DONT DO ANYTHING WRONG. It was someone who stripped almost everything in regards with telemetry from windows and guess what no major performance improvement, only single digit percentage boost.

 

[TommyTwoTone66]

It means they are open connections waiting for another IP to connect, and that could be "any" address, or said another way, the connection will accept "all" addresses. It is just what an open, listening connection looks like.

 

[Firewall.exe]

He's wishing you "good luck" in the sense that there are forums with far more conspiracy-minded people than there are here and more willing to spend the time sorting out this mess.

I am not a conspiracy minded person.
The only mess i see here is swearing being prohobited, but mocking users by calling their questions a mess is ok.

I am simply concerned about my privacy and security while using windows, i like to control windows not being controlled by windows.
I like to be in control of my hardware and my operating system as faar as privacy and security goes.
There are enough brainless human beings using their iphones and google and stock windows settings for constant tracking and telemetry.
I am happy to say i am not one of those people.

 

[USAFRet]

i like to control windows not being controlled by windows.

Thats one of the issues with windows....there are a LOT of things going on that you and I do not have control over.

 

[TommyTwoTone66]

I am not a conspiracy minded person.
The only mess i see here is swearing being prohobited, but mocking users by calling their questions a mess is ok.

I am simply concerned about my privacy and security while using windows, i like to control windows not being controlled by windows.
I like to be in control of my hardware and my operating system as faar as privacy and security goes.
There are enough brainless human beings using their iphones and google and stock windows settings for constant tracking and telemetry.
I am happy to say i am not one of those people.

If you are remotely concerned about the ability for a corporation to track you, to the extent that you refuse to use an iPhone, then you absolutely should not be using Windows.

Windows is far more invasive than the iPhone when it comes to tracking and telemetry. You are exposed to around 10 different companies tracking your data and usage on Windows, whereas on the iPhone it is just 3.

I think you would be a lot more comfortable using Linux.

 

[Firewall.exe]

What you have uncovered is the Windows DISM system. This is used to download and install apps via the "Windows Store" and install updates via the Windows Update service.

It does behave quite suspiciously, and recreates itself if you delete it, but it is a normal part of Windows 10 and 11 which is present on every install.

The symbols in the "TCPView" application you ran mean that those are "listening" connections, The connections you are seeing are open and listening for connections from outside. This is perfectly normal behaviour for the Windows DISM system, so that MS can push "Critical" updates if needed.

I disabled windows store and update aswell blocked then in firewall, perhaps that's the reason DISM system finally stopped being annoying.
I mean what's the logic here, those dll's are being pushed on my PC into the temporary directory so how important can they be? If those are critical dll's they would be implement into windows by default.
For example on the other hand windows is spamming me that my virus protection is out of date every day many many times instead of automatically pushing it. (any way to automatically do that?)
But while i have to confirm each single virus update, the DISM system just has privileges to be annoying like only a handfull other things like firefox update...

Alright so;

svchost.exe for exmaple is listening which i can clearly see by myself because of the status. but the remote-adress is still just a symbol, not an actual adress which i could write down to find out more about it.

And what about;

this svchost.exe on the other hand does not show any information about it's status.
It also uses another symbol instead of revealing any remote adress which i could write down to figure out more information.

It there no possibility to identify the the connection?
Where is it connecting to and what data is being exchanged?

Are you aware of any way to prevent DISK system from creating the annoying temporary dll's?
Other than disabling store and update and blocking via firewall?

 

[TommyTwoTone66]

Anything is possible, you could code up another .DLL to run in the background and kill this process every time Windows starts it. The real question is why would you want to do this?

If you have disabled the store and blocked it in your firewall, you will certainly never accidentally buy Microsoft Solitaire Collection or subscribe to Office 365, so the problem is dealt with, no?

You are not able to entirely disable these Windows features unless you upgrade to Windows Enterprise, which is expensive.

 

[Firewall.exe]

Why so much hassle? What you have to hide? Why so obsessed with services and what they send? Honestly this is suspicious, it means you have something to hide. If you really want something private go on linux. I dont mind being scanned and my activity being monitored because I DONT DO ANYTHING WRONG. It was someone who stripped almost everything in regards with telemetry from windows and guess what no major performance improvement, only single digit percentage boost.

I am attempting to better understand windows 10 and a big part of that is online activity.
I simply care about my privacy and i dont like to be tracked, i like to stay in control.
I dont like any big tech crap spying on me.

I have nothing to hide, again i simply care about privacy that's it.
If you can understand that might aswell just shut down your computer and go to sleep for a while.
I have Linux installed on another computer but i am not yet familiar with it as much as with windows 10, and obviously even here have a long way to go.

This is NOT about performance, it is about PRIVACY, i will try to be as clear as possible:
I am worried about modern day privacy because tracking and spywhere is litterally EVERYWHERE, especially Big-Tech are involved. Could aswell say Big-Tech = Big-Brother.
I ALSO DO NOTHING WRONG AND I STILL DONT WANT AND DONT ALLOW ANYONE TO SCAN, LOG, OR MONITOR MY DIGITAL ACTIVITY.
If it's okay for some people when big-tech like google, facebook, amazon, microsoft, apple, etc. spy on them, and by spying i mean litterally knowing everything about them because that's what they do - creating profiles about indiviual human beings checking their interest their chat partners, phone calls, emails, targeted adversting, geo location tracking, hell this list doesn't have an end.

Because one cares about their privacy and in the very end democracy and freedom does absolutly in no way mean they have anything to hide.

Are you good with Google having your whole Private Image Gallerie Synced on their Servers?
I am not.
The fun thing is, phone even constantly sends geo-location-tracking while it is powered off. (Hint put it in thinfoil). (hint 2 DONT use stock android, there is a google free and spyware free android version here: https://lineageosroms.com/ and you can check each single app from the playstore for trackers here: https://exodus-privacy.eu.org/en/ and use aurora store.apk instead of google playstore.
Also fun, when you opt-out from google sync and tracking, they still sync and track you.
Freedom is in great danager, just look at China.

LAST WORDS

This is why i dont understand people in this Forum.
I came here with some relatively simple questions but instead of ansers i am being charged with "conspiracy and political background questions".
You dont allow me to ask simple questions, you always want to know my reason and tell me to just forget about it.
Why do you even need to ask for my reasons?
Where is discretion?
Its so difficult getting help here..

 

[TommyTwoTone66]

Again, if you have a problem with using Google as a search engine, and using Facebook as a website, you should also have a problem with using Windows as an operating system.

You are expecting it to be something that it is not. The OS that you want is Linux, not Windows.

If you think this DISM behaviour is bad, wait until you see what they do with your usage statistics! And what about when Windows 11 starts making a Microsoft account mandatory?

However "bad" windows is now regarding data security and privacy, it will only get worse as time goes on. Save yourself a lot of time and effort worrying about this stuff and just switch over to Linux.

 

[Firewall.exe]

If you are remotely concerned about the ability for a corporation to track you, to the extent that you refuse to use an iPhone, then you absolutely should not be using Windows.

Windows is far more invasive than the iPhone when it comes to tracking and telemetry. You are exposed to around 10 different companies tracking your data and usage on Windows, whereas on the iPhone it is just 3.

I think you would be a lot more comfortable using Linux.

The only reason i use windows over linux is the amount of supported programms and applications.
For exmaple i do not beleve adobe photoshop and adobe premiere do work on linux, i am also a gamer which is not for linux.
I am very disgusted by iphone because of the insane people playing crazy amounts of money for their products, i cant even beleve what people are doing, they are sleeping in camps right infront the iphone store just to wait for the opening to rush the store and lose their mind entirely. and then comes tiktok and, and and and.. better i stop now.
But let me show you those 2 screenshots, they are goldlike.


Where did you get that information that iphone/apple is releated to 3 tracking companies while windows/microsoft is releated to 13 ?
That sounds very bad.
If there would be a hostsfile with all the thousands of domains belonging to those tracking companies i could block them all at once, or let me guess that's way to easy?

I am learning Linux but way more familiar with Windows.
For the moment i would like to ATLEAST TRY and push my privacy in windows as far as possible.

 

[USAFRet]

For the moment i would like to ATLEAST TRY and push my privacy in windows as far as possible.

Part of the problem is that some/many of these services are undiscoverable, due to Windows being a closed source application.
And even if you could disable them, you'll break the OS.

Add on top of that your applications. Adobe, for isntance.
It also talks to home base regularly.


I'm NOT saying you should not care about your privacy. Just know that there are a lot of connections, used by the system and accounts that have greater access than your admin account.

 

[Rogue Leader]

@Firewall.exe clearly your goals with Windows are not aligning with the knowledgebase of this site. Suffice to say you have found out that unfortunately disabling a lot of Windows tracking features breaks Windows functionality. Linux is clearly your best answer at the end.

This thread has clearly run its course and arguing back and forth is not helping the OP at all. Closed.