consent.exe

Hi does anyone know why consent.exe which is the consent ui for
administrative applications would want to accesss the internet. I know the
obvious that it could be a virus or spyware but I am running an up to date
windows onecare and do regular scans and nothing is found. Also my router as
an inbuilt firewall. My vista ultimate is fully up to date. There are no
rogue programs in task manager or in the registry. Shieldsup shows my system
as full stealth. I therefore think its the operating system thats doing it
but why?
--
malcp

Because every darn thing in Vista thinks it needs to talk to someone?

Since installing ZoneAlarm, I'm amazed at all the processes that want to
talk to my router, DNS, want to "multicast" to who knows where, and, in a
few cases, actually call somewhere out on the 'net.

What does disk defragmenter, for example, have any damn reason to talk to
anyone? Just defragment, for cryin' out loud.
(Sorry, end of rant.)

I've not seen consent.exe yet come up. Are you operating as a Standard User
or as an Administrator?

Val

"malcp" <> wrote in message
news:313F446C-088F-449F-806D-...
> Hi does anyone know why consent.exe which is the consent ui for
> administrative applications would want to accesss the internet. I know
> the
> obvious that it could be a virus or spyware but I am running an up to date
> windows onecare and do regular scans and nothing is found. Also my router
> as
> an inbuilt firewall. My vista ultimate is fully up to date. There are no
> rogue programs in task manager or in the registry. Shieldsup shows my
> system
> as full stealth. I therefore think its the operating system thats doing
> it
> but why?
> --
> malcp

I am operating as an administrator. I have it blocked in onecare firewall and
it does not seem to affect operations but it would be nice to know why it
needs to access the internet. anyone at Microsoft got an answer.
--
malcp


"Val" wrote:

> Because every darn thing in Vista thinks it needs to talk to someone?
>
> Since installing ZoneAlarm, I'm amazed at all the processes that want to
> talk to my router, DNS, want to "multicast" to who knows where, and, in a
> few cases, actually call somewhere out on the 'net.
>
> What does disk defragmenter, for example, have any damn reason to talk to
> anyone? Just defragment, for cryin' out loud.
> (Sorry, end of rant.)
>
> I've not seen consent.exe yet come up. Are you operating as a Standard User
> or as an Administrator?
>
> Val
>
> "malcp" <> wrote in message
> news:313F446C-088F-449F-806D-...
> > Hi does anyone know why consent.exe which is the consent ui for
> > administrative applications would want to accesss the internet. I know
> > the
> > obvious that it could be a virus or spyware but I am running an up to date
> > windows onecare and do regular scans and nothing is found. Also my router
> > as
> > an inbuilt firewall. My vista ultimate is fully up to date. There are no
> > rogue programs in task manager or in the registry. Shieldsup shows my
> > system
> > as full stealth. I therefore think its the operating system thats doing
> > it
> > but why?
> > --
> > malcp
>
>
>

"malcp" <> wrote in message
news:313F446C-088F-449F-806D-...
> Hi does anyone know why consent.exe which is the consent ui for
> administrative applications would want to accesss the internet. I know
> the
> obvious that it could be a virus or spyware but I am running an up to date
> windows onecare and do regular scans and nothing is found. Also my router
> as
> an inbuilt firewall. My vista ultimate is fully up to date. There are no
> rogue programs in task manager or in the registry. Shieldsup shows my
> system
> as full stealth. I therefore think its the operating system thats doing
> it
> but why?
> --
> malcp


It -looks- like it's an MS exe. Claims it's a "Consent UI for administrative
applications." I don't know... maybe it's part of UAC. Why it accesses the
internet? Dunno. Seems like everything wants to access the internet these
days. ;-)

Lang

There is a MalWare version of Consent.exe
Right Click ALL of the ones you find and look for
Microsoft details in Properties

http://spywarefiles.prevx.com/RRHJID...NSENT.EXE.html
Consent.exe - Malware

"malcp" <> wrote in message
news:313F446C-088F-449F-806D-...
> Hi does anyone know why consent.exe which is the consent ui for
> administrative applications would want to accesss the internet. I know
> the
> obvious that it could be a virus or spyware but I am running an up to date
> windows onecare and do regular scans and nothing is found. Also my router
> as
> an inbuilt firewall. My vista ultimate is fully up to date. There are no
> rogue programs in task manager or in the registry. Shieldsup shows my
> system
> as full stealth. I therefore think its the operating system thats doing
> it
> but why?
> --
> malcp

a number of processes need to contact the internet, this is quite norma
and is part of how the internet works.
for instance DNS = domain name server, when you type an address of
page into a browser then your computer needs to contact a dns server t
resolve the url as an i.p. it is this ip number which your compute
then looks up to find the page in question,
as for consent.exe, i am not 100% sure about this, but i think tha
this has to do with getting permissions for various software to ge
elevated rights to run on your computer, for instance a program lik
regsupreme may want to do things to the registry, however windows need
to verify whether or not the program has a key held with an authority t
permit it to run..
ok, as i said i am not sure about the ins and outs of this however
think i am not too far of the mark here.

it would be cool if microsoft wrote something a little mor
comprehensive about such processes, as it is we usually need to loo
these things up in some obscure corner of the web

--
mar
-----------------------------------------------------------------------
marz's Profile: http://forums.techarena.in/member.php?userid=3946
View this thread: http://forums.techarena.in/showthread.php?t=78356

http://forums.techarena.i

Why oh why would "consent.exe be connecting to 64.18.25.38?" Thi
address resolves to
OrgName: Baltimore Technologie

--
v0ids0ul

"v0ids0ul" <> wrote in message
news:...
>
> Why oh why would "consent.exe be connecting to 64.18.25.38?" This
> address resolves to:
> OrgName: Baltimore Technologies
>
>
> --
> v0ids0ul



Sounds dodgy. Don't give consent.exe consent.

--
Jon

"Jon" wrote:
> "v0ids0ul" <> wrote:
>> Why oh why would "consent.exe be connecting to 64.18.25.38?" This
>> address resolves to:
>> OrgName: Baltimore Technologies

> Sounds dodgy. Don't give consent.exe consent.

With the obvious caveats about its level of authority, according to
Wikipedia "Baltimore Technologies" was at one time in the business of
selling PKI certificates but sold that business to Betrusted in 2003.

ARIN maps that IP address to Baltimore Technologies (as the OP stated), but
the nameservers for that domain are shown as NS3.US.BETRUSTED.NET and
NS4.US.BETRUSTED.NET, which support the info from Wikipedia.

Betrusted in turn is now Cybertrust; the base Vista distribution includes a
root certificate issued by Cybertrust. Interestingly, there is a root
certificate that's part of the standard Windows XP distribution from
Cybertrust, which (unusual for a root certificate) includes a CRL link --
and that CRL link ("www2.public-trust.com") maps to 64.18.25.45, which is
also registered to Baltimore Technologies.

My guess is that the OP is running an application whose executables are
signed by a certificate issued by Betrusted, Cybertrust, or one of their
relatives, and that the system is attemting to validate that certificate.
Recall that the text (and colors) used in a UAC challenge window are
different depending on whether the requesting executable is or is not
validly signed.

So...the request is probably legitimate, but refusing to approve the request
for external access is probably harmless.

Joe Morris

"Joe Morris" <> wrote in message
news:CY5Rj.4057$Rk6.214@trnddc07...


> With the obvious caveats about its level of authority, according to
> Wikipedia "Baltimore Technologies" was at one time in the business of
> selling PKI certificates but sold that business to Betrusted in 2003.
>
> ARIN maps that IP address to Baltimore Technologies (as the OP stated),
> but the nameservers for that domain are shown as NS3.US.BETRUSTED.NET and
> NS4.US.BETRUSTED.NET, which support the info from Wikipedia.
>
> Betrusted in turn is now Cybertrust; the base Vista distribution includes
> a root certificate issued by Cybertrust. Interestingly, there is a root
> certificate that's part of the standard Windows XP distribution from
> Cybertrust, which (unusual for a root certificate) includes a CRL link --
> and that CRL link ("www2.public-trust.com") maps to 64.18.25.45, which is
> also registered to Baltimore Technologies.
>
> My guess is that the OP is running an application whose executables are
> signed by a certificate issued by Betrusted, Cybertrust, or one of their
> relatives, and that the system is attemting to validate that certificate.
> Recall that the text (and colors) used in a UAC challenge window are
> different depending on whether the requesting executable is or is not
> validly signed.
>
> So...the request is probably legitimate, but refusing to approve the
> request for external access is probably harmless.
>
> Joe Morris
>


Interesting research. Cybertrust subsequently also bought by Verizon
Business.


Verizon Business acquires Cybertrust
http://www.networkworld.com/news/200...ybertrust.html

I can spot a "GTE CyberTrust Global Root" certificate in my store which
supposedly



Protects e-mail messages
Proves your identity to a remote computer
Ensures the identity of a remote computer
Ensures software came from software publisher
Protects software from alteration after publication
All issuance policies



but I tend to work on the principle that if things work fine without these
mysterious connections to information-gathering government-connected
organizations, then there's no real need for them.


--
Jon