A while back, I noticed that IE 11 has been doing some strange things. I've spent months watching, logging, sniffing.. and I'm quite confused.
I happen to be fortunate, and own a router that reports activity. I use an old program called WallWatcher, which monitors all of the router activity, including access, blocked incoming connections, allowed outgoing connections, etc. One day I happened to
go out for a while and I left my system running.
Note, I am very anal about my computer. I do no automatic updates on anything, and strictly control all startup items and services. I do not subscribe to the customer experience program, and all entries in task scheduler for that part, have been disabled.
When I got back in, I noticed that an outgoing connection to 93.184.215.200 on port 443 had happened 10 minutes prior. I contacted the ISP for that service, and they confirmed that it is a part of the Microsoft system.
I have no add-ons enabled in IE, other than a single default Bing search engine. Search suggestions and top results are disabled.
IE is quite sneaky though. I can start the browser, my default page is blank. It will generally wait until this is some form of internet traffic, but not always. Today for example, I opened IE, did nothing, and within 30 seconds it tried to hit that IP noted
above. I also use another program called Peer Block, and that IP is blocked. IE was so pissed that it couldn't connect to that IP, that it tried 5 times to connect. Normally it only tries once and then stops.
I've also had issues with multiple tries at boot time, for my system to go out to various crl.microsoft.com addresses. And to me, that's spying. I have those addresses blocked now as well. I can understand that MS wants to fight the piracy issue. But my
license is legit and valid. There is no practical or logical reason for MS to hit the CRL servers every time I boot my system. That tells me they are trying to track me, and that doesn't make me a happy camper.
So, tell me, Microsoft... what is SO damn important that you need to hit your 93 address on port 443? Why do you go there, at mysterious times even when IE is not running? Why do you go there when IE loads? And more importantly, just exactly WHAT information
is being sent on a secure port?
Just to note, I have done multiple virus and malware scans, using various programs and the latest definitions. This has been ongoing for months, so if it was some form of virus style activity, someone would have caught it and fixed it.
Just sayin...