Since I installed VMware in my laptop (to be able to demo some products while on the field), I have noticed in the firewall logs that my laptop is sending an awful lot of http traffic (tcp/80). I use a squid proxy server integrated in the firewall and (valid) web traffic needs to go through a different port. So when I see blocked port 80 requests in the firewall logs, I worry. It's usually something misconfigured, but also could be backdoors or esp adware/spyware.. I have run MS-AntiSpyware and found nothing suspicious. I also use Kaspersky Anti-virus with the additional spyware bases and again found (or let through) anything suspicious.
VMware (v4.5.2-build 8848) virtual NIC is configured on Bridged mode. Funny thing is that it happens even with VMware not running (i.e. virtual machines powered off), although I have noticed three VMware processes running always (VMware NAT Service, VMware DHCP Service and VMware Authorization Service). The virtual OS I have installed is WinXP Pro SP2 with all patches. The host OS is also WinXP Pro SP2 with all patches.
It may not be related at all with VMware, but I would appreciate if any of you have experienced a similar problem and what solution you've found (short of uninstalling VMware, that is :-)
June 27, 2005 6:51 AM
February 3, 2009 2:38 PM