newprouser Posted June 27, 2012 Posted June 27, 2012 Hey all ,I have Microsoft Outlook 2010 installed on my win 7 x64 PC to access my company's emails through the exchange server. Now , i haven't saved my credentials, so every time I open outlook , I'm prompted to enter it.The issue I'm facing is , many times, i see svchost.exe downloading data from the exchange server, even when i have not opened outlook or set outlook to work offline.I was wondering how it is able to access the data without authenticating, since I had made sure even the credential manager is also empty.Also this issue seems to happen only in win 7 for some reason. Note: i have not made any changes to outlook configuration.
cluberti Posted June 28, 2012 Posted June 28, 2012 Which svchost is accessing the Exchange server, and what exactly is it accessing? Does it leave any event log entries on either side?
newprouser Posted June 30, 2012 Author Posted June 30, 2012 Which svchost is accessing the Exchange servernote sure what you mean by "which", since svchost.exe is a system process . Did you mean to ask if svchost is running as which user[NETWORK SERVICE, SYSTEM] ?what exactly is it accessingThat is a mystery to me too. I'm was able to see the exe downloading data through comodo firewall. By seeing the destination IP, i concluded it was accessing the exchange server. [i have no othersoftware/tool which would access that particular IP].Does it leave any event log entries on either sideI don't have access to the other side. On my side , i checked the windows logs part in event log. The apps and services logs were way too big. Is there any specific folder/application where i can find the details ?
cluberti Posted June 30, 2012 Posted June 30, 2012 Which svchost is accessing the Exchange servernote sure what you mean by "which", since svchost.exe is a system process . Did you mean to ask if svchost is running as which user[NETWORK SERVICE, SYSTEM] ?There are more than 1 svchost process - I was curious as to which one was doing the downloading.
Tripredacus Posted July 2, 2012 Posted July 2, 2012 What are you using to know that svchost.exe is downloading data from Exchange?
newprouser Posted July 3, 2012 Author Posted July 3, 2012 What are you using to know that svchost.exe is downloading data from Exchange?There is a feature in Comodo Firewall program to list all the active connection. I used it to find about svchost.exe accessing exchange server.
allen2 Posted July 3, 2012 Posted July 3, 2012 Try using process explorer to check which services (usually many services use the same svchost process) are accessing your exchange server.
newprouser Posted July 4, 2012 Author Posted July 4, 2012 hi allen2,as you mentioned i'm able to see a dozen processes listed in the svchost.exe accessing the exchange server ... I have attached a screenshot displaying them...I have that BITS can be used to trasfer data in the background , maybe that could be the culprit ?
allen2 Posted July 4, 2012 Posted July 4, 2012 Some of those services can be stopped then restarted without causing problems and this way you could check if the issue is still there after stopping each one and thus removing one possible culprit. Here is the list of the services i'd try in the order of the most probable to the less :BITSwuauservschedulelanman serverbrowserHope this help. If you don't find it this way, you could try this way to make each service use a different process.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now