Thinkpads Forum

Can someone explain exactly what Client Security Solution is doing upon booting the OS on my T41 (Win XP Pro w/ SP2). Here’s the sequence of events:

-- OS boots normally. Everything works without issue.

-- After the desktop draws and is populated with the usual icons, up pops a message from Zone Alarm, “cssauth.exe is trying to access the internet, Destination IP: 127.0.0.1:Port 6060. No concerns so far, Client Security Solution is trying to make a local client/server connection, with the client and server on the same OS. So I usually allow this.

-- Next message from ZoneAlarm, “cssauth.exe is trying to access the internet, Destination IP: 4.79.75.61:DNS”. I have no idea where 4.79.75.61 is (searched for it, pinged it, etc.). I always Deny access to this.

-- Next pops up a small dialog box on the center fo the desktop, in the title bar is “Client Security Solution”. In the middle of the dialog box is a simple animation with a red circle moving left and right across a row of white circles, and the message “Processing, Please Wait”. After 20 seconds or so this dialog box goes away, and I never see anything about Client Security Solution again, until I reboot.


Note that I have purposely not installed Client Security Solution. I did install Rescue and Recovery 3 (exact current version is 3.01.0037.00) and recall something about it ‘needing’ some components of Client Security Solution to work/install properly. So, exactly what is CSS doing upon startup, and what will happen if I allow it to access the DNS IP address. Is there any change ot will lock me out of something, such as my HD?[img]

sounds suspicicous.

probably you ought to re-install it.

This is standard, no need for installation. With RnR only installed and no CSS components enabled (encrypt backups and the like), the CSS core is still running and checking the system, security chip, ect. No biggie but does seem odd nonetheless. If it really disturbs you, people have been known to use MSCONFIG to disable it at start up without any issues.

Do you have any insights as to why the CSS core, even though disabled, would be going out to a DNS server?

Did a Sam Spade IP Whois on it

http://www.samspade.org/t/ipwhois?a=4.79.75.61

Looks like it is going to a Level 3 net backbone in Colorado; many net communications go through there.
Seems to me to behave like the Windows Clock synchronizer or other programs that send out a request for a certain server on the net; I think it just wants to check for a certain level of connectivity.

I don't think that denying it access or giving it access does anything; just to be safe, you might want to try to grant it access once and see what happens. I am pretty sure that nothing bad can happen going to that IP, worst case would be a ping timeout waiting for a response.