VMware Communities
alvinoo
Contributor
Contributor
‎08-20-2018 07:15 PM

What is antivirus blocking

Hi there,

It seems like Antivirus is potentially blocking some of the process in VM ware. Can anyone advise?

2018-08-20 21_57_02-Logs - OfficeScan.png

0 Kudos
1 Reply
bluefirestorm
Champion
Champion
‎08-20-2018 08:10 PM

Yes, C:\Windows\SysWOW64\VMnat.exe is VMware NAT service. You can see this in services.msc.

The antivirus log shows a potential C&C callback; and the callback IP address belongs to Rackspace

https://whois.arin.net/rest/net/NET-65-61-137-64-1/pft?s=65.61.137.117

It is possible that one or more VMs you are running is infected with some virus that has Command and Control (C&C) capability that wants a "phone home".

As the destination IP address is a hosting provider, it is hard to determine whether it is a true C&C phone home or it is benign. You have to check the VMs that you were running during these times when these were blocked.

0 Kudos