![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
252 questions
Hello,
Thank you for posting in Microsoft Community forum.
Seeing that the network you mentioned is connected to the public IP address 192.162.1.1 and is sent out over port 445, this is really a concern. Here are some possible causes and troubleshooting steps:
- Port 445 is commonly used for Microsoft's SMB protocol and is primarily used for file sharing and printing services. If you're seeing system-initiated connections, it could be one of the following reasons:
File sharing: If file sharing is enabled on your computer, you might try to connect to another device.
Malware: Although you have a comprehensive virus scan, some malware may masquerade as a system process or use other methods to hide its activity.
- If you don't need file sharing, you can disable file and print sharing in Control Panel.
- Use a network monitoring tool to further analyze traffic and see what specific requests and responses are being made to understand the purpose of the connection.
Use a tool, such as Process Explorer, to view the specific process associated with the connection and confirm that it is a system process.
- Open the Event Viewer and check the system and security logs for unusual events related to the network connection.
- Ensure that the operating system and all software are up-to-date to prevent known vulnerabilities from being exploited.
- If possible, check the logs of your router and other network devices to confirm that there is no unusual activity.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Regards,
Jill Zhou
