To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Internet connection attempt: "MICROS~1.EXE"

JohnWick W/ Alumni Posts: 22 Security Scout



Recently I have started to get a lot of these. Running F-Secure Client Security Premium 13.11. Any ideas?


An application wants to conenct to the internet or the local network. The applicaiton is


Location: c:\PROGRA~1\WI7DB9~1\MI4CA5~1.0_X\

IP Address:

Protocol: TCP (443 HTTPS)

Direction: outbound




  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master



    The IP address shown in the screenshot ( belongs to Microsoft's "Azure" technology cloud and is considered a trusted location according to many WHOIS registers.


    I think it should be harmless, maybe related to something like an attempt to automatically upgrade the Microsoft Onedrive client or similar.


    Best regards: Tamas Feher, Hungary.

  • JohnWick
    JohnWick W/ Alumni Posts: 22 Security Scout

    Question here is what is really a “legit Microsoft IP address”? In my eyes: just because whois says “Organization: Microsoft Corporation” does not mean that it can’t be malicious. Say for example that I spin up a server in Azure and load it with malware links. Wouldn’t that give me a “legit Microsoft IP address” also?

  • Gabri3l
    Gabri3l W/ Alumni Posts: 15 Junior Protector

    The reason it's asking to allow, is because  the message is coming from Application Control module which allows you to control new connection attempts, hence the user can decide to allow it or deny even though it is a signed binary, for more information consult our help page: 

  • JohnWick
    JohnWick W/ Alumni Posts: 22 Security Scout

    How do I know it is a signed binary? That would really hep alot with the decision making when this pops up




This discussion has been closed.