4 Replies Latest reply on May 29, 2015 11:23 AM by Hayton

    Risky Connections blocked by NetGuard

    b0por

      Hello. I seem to get a lot of "Risky Connections Blocked" by NetGuard whenever I have a bittorrent client opened. I had tixati downloaded on 3 different PCs and on all of them it prompts mcafee to "block" risky connections from them. The thing is it wasn't downloading any torrents at the time.

       

      I wonder what the program is doing that its making risky connections when its not supposed to be doing anything (it wasn't downloading or uploading and didn't have any active torrents). The program itself seemed to be making connections by itself that were deemed "risky" by mcafee threat intelligence. Does anyone know why this is?

       

      I stopped using Tixati because I feared maybe it was infected by malware or something. I am using Deluge now but now today I have gotten the same "Risky Connection Blocked" by NetGuard. It's the same issue. There's no torrents active, so it's not supposed to be connecting to anyone!

       

      It doesn't seem to be unique to Tixati then because Deluge has the same problem as well. It seems whatever bittorrent clients I download have "risky connections" being detected by NetGuard even when they are idle and have no active torrents. These are supposed to be lightweight minimal clients as well. I think deluge is even opensource. It's strange that they are making these connections without any active torrents. I've downloaded multiple versions and two different clients and mcafee always detects something.

       

      Does anyone know why all these different bittorrent clients are having "risky connections blocked" by NetGuard even when they're idle? Is it safe to use them?

       

      I've done lots of scans by the way with several different antiviruses and malware scanners on all my PCs. I don't seem to have any infections. It's always these programs and not other processes on the system that are making the risky connections anyway. Only when they are open. But strangely not when they have active torrents!

       

      Here's the last IP deluge was connecting to when idle: 42.53.31.1

       

      This IP is in China but the Tixati IPs were in russia and ukraine.

       

      Thanks in advance for any help. It's a headscratcher.