Hello,
That is the client count feature which uses this port.
We will improve this intervall in the new version Spybot 2.1. which we are currently working on.
Best regards
Sandra
Team Spybot
Hello,
That is the client count feature which uses this port.
We will improve this intervall in the new version Spybot 2.1. which we are currently working on.
Best regards
Sandra
Team Spybot
ok well for now I turned off S&D 2 Scanner service and set to disabled (i have malwarebytes). I dont understand this, when the description says "malware scanning services to S&D modules", why does it need to connect to you here at all? I cant think of any other reason than to send you data mined personal information, yes I am the type to turn off automatic updates on everything. (past experience with identity theft made me paranoid a bit)
Last edited by Zatris; 2013-03-21 at 15:04.
After a routine XP SP3 clean rebuild yesterday, including Spybot S&D's v2.0.12.0, I too noticed odd outbound beacon-like network traffic on the connected NIC icon. I ran a Wireshark capture to see what it was and discovered that my system was also sending a continuous flood of high-port UDP packets (at least 1-2 packets every second) to one of the reserved Multicast addresses, 226.178.217.5. If left alone, the flood continues indefinitely. I too tracked this packet storm source down to Spybot S&D's scanner service; however, trying to stop the activity permanently has proved more difficult.
Stopping and disabling the service in Services AND in SB's Settings tab only works temporarily because as soon as you open the SB Start Center - Settings tab again, it automatically sets bits to reactivate the scanner service at Startup. Now I'd hate to have to create a hosts file loopback against a an actual SB service; the comedy practically writes itself, but that's what it may come to.
A quick Internet search on the issue found many other users complaining of this same exact traffic and it appears it has been going on for some time now. Some users say they have even received warning notices from their ISPs because of broadcast storm this condition is creating. But that's not a bug? Interesting.
Last edited by SnoWolf; 2013-04-06 at 22:02.
It does not send any information here at all
It's a local broadcast and should only reach other Spybot installations on the same local network (the IP address is a special reserved address for broadcasting purposes).
You can use for example Wireshark to have a look at the transmitted text and where it goes to
Since the broadcast should be local, I'm curious as to how it should have reached the ISP. Maybe that's ISPs that haven't correctly separated IPs? If anyone with such a issue could contact us by contact form (refer to this place and my name), we can try to track down why that is so.
Please quote properly - the "not a bug" Sandra mentioned was that a post cannot be edited any more after a certain amount of time. This allows users to correct issues, but prevents posts from becoming useless to future readers that are investigating similar issues (some users tend to delete their questions after they've been answered). If there's private information within a post, and some other good reason to remove it, our moderators will help with that of course regardless of the time that has passed in between of course
I like sarcasm :D That's why I'm now replying: too bad you didn't read Sandras post properly
Last edited by PepiMK; 2013-04-08 at 07:59.
Just remember, love is life, and hate is living death.
Treat your life for what it's worth, and live for every breath
(Black Sabbath: A National Acrobat)
Great Pepi. Now if y'all can expend as much attention to detail fixing the actual problem as you do on inconsequential forum etiquette blunders then we should be all set! In the interim, I've added a loopback to the hosts file for that particular Mcast addy just to be on the safe side.