This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I have a serial for the video editing software "Filmora" and I am trying to prevent it from accessing the internet. I've blocked my (Win7) firewall for both of the two running executables from Filmora's installation directory, but it still connects to the internet and invalidates my (legitimate) registration serial.

So, as a 2nd step (1st being the firewall blocking), I installed "Process Monitor" hoping to find a process/executable that is somehow connecting to the internet from Filmora, but could not. TOO MANY ENTRIES and I really don't know how to read the log very well.

So, my 3rd idea was to install Wireshark and see if I can identify an "outbound" process/executable that way. I've installed Wireshark a couple of times, but it is even more complex than process monitor, so I thought I'd find a forum (this one) and ask for help.

What's the best way to use Wireshark to monitor Filmora in order to determine which process is accessing the internet, so I can block it in my firewall? Thanks in advance.

asked 08 May '16, 11:57

Wire_Birch's gravatar image

Wire_Birch
6112
accept rate: 0%


I might post a more detailed answer, but for posterity I seemed to have solved my problem. Long story short Wireshark showed a connection to a chinese IP Address, which I investigated and it turns out it's associated with "Wondershare". Blocked the single IP address, which worked for about a day, then it didn't. Fired-up Wireshark a 2nd time and discovered that a different IP address was being used, but it was in the same "block" of IP Addresses, so I blocked the whole range in my firewall (by making a rule), and that seems to have done the trick. Working now for about 2 days. Maybe in a week or so I'll post details on how to build the rule. I want to give it time to make sure it's a durable fix.

permanent link

answered 09 May '16, 11:38

Wire_Birch's gravatar image

Wire_Birch
6112
accept rate: 0%

I ended up going to my firewall settings (wf.msc in Win 10) and blocking all outbound connections by default. I then re-enabled all my default inbound & outbound rules, added in a few rules for msOutlook, Kerberos, DFS and high TCP/UDP ports, and it seems to have done the trick with preventing any unauthorized program accessing the internet (ahem... Filmora).

permanent link

answered 24 Feb '17, 03:46

MX6's gravatar image

MX6
61
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×23
×12
×3
×1

question asked: 08 May '16, 11:57

question was seen: 14,873 times

last updated: 24 Feb '17, 03:46

p​o​w​e​r​e​d by O​S​Q​A