Help Center/
Security Technologies and Applications/
Best Practices/
Host Security Checks/
Host Security Check (Windows)/
Troubleshooting Process/
Method 1: Using Tools to Detect Security Issues/
Step 3: Analyzing the Network
Updated on 2022-12-01 GMT+08:00
Step 3: Analyzing the Network
This section describes how to use TCPView to view the current TCP connection status and detect suspicious processes. Suspicious processes are highlighted in red.
Prerequisites
You have downloaded the TCPView tool.
Procedure
- Open the TCPView folder and double-click the Tcpview.exe file. In the displayed dialog box, click Agree.
- Check the TCP connection status of the target process to analyze whether it is a Trojan.
- If an unknown process has a large number of connections in the SYN_SENT state, the process may be a Trojan.
- If a process connects to regular ports (for example, 6666 or 2333), or its host automatically parsed in the RemoteAddress column contains keywords such as mine, pool, or xmr, the process may be infected with viruses.
- (Optional) You can use the security detection websites to check external remote addresses or URLs.
Parent topic: Method 1: Using Tools to Detect Security Issues
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot