Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Bing is my home page, everytime I start Firefox TCP ports are opened to Facebook, how can I stop this?

  • 13 replies
  • 4 have this problem
  • Last reply by cor-el

more options

Windows XP 64 bit fully patched

All Replies (13)

more options

What do you mean by Firefox TCP ports. Also, where are you getting this info from?

more options

I run netstat to a file before and after starting firefox and the following shows up.

TCP    Slowpoke2:4749  ESTABLISHED     1432    [ekrn.exe]
 TCP    Slowpoke2:4750  ESTABLISHED     1432     [ekrn.exe]
more options

Should be fine. Just the facebook server connected to your computer

more options

It is NOT fine, I do NOT want the facebook server connecting to my PC with out my permission.

more options

I can assure you this is NOT a security issue unless you make it one. Do you have any third party Facebook software installed on your computer that checks your status etc? If so, and you are worried, remove it. If you are really that bothered about this, you can block the port in your router, if you have one, but that would mean you can't use facebook. If it causing you problems, you should do a scan for malware using a trusted piece of software. We recommend malwarebytes. If you want to know how trusted your anti-virus is, tell me the name of it.

more options

Well you posted what your problem is... you are using ESET that is connecting to facebook... that's ekrn.exe! just uninstall (NOD?) or other ESET software...

more options

dragoniak, I just found that out, I was just coming on to post, then I got an email pop up, you had answered for me

dcbohn, Remove ESET. Then you have no problem.

more options

Thank you for contacting ESET Customer Care.

This is basically how our web access protection works: ekrn.exe scans all IN/OUT traffic. The communication was started by other application and routed via ekrn.exe to scan for threats. This makes it looks like ekrn.exe was trying to access to facebook (or any other IP address) when in reality is another application. Unfortunately, it is not possible to figure out what application actually downloaded it. The only way would be by disabling Web access protection and see what app starts this communication.

more options

After a temp disable of eset I get this result

 TCP    Slowpoke2:1162  TIME_WAIT       0
 TCP    Slowpoke2:1164  TIME_WAIT       0
 TCP    Slowpoke2:1166  TIME_WAIT       0
 TCP    Slowpoke2:1168  TIME_WAIT       0
 TCP    Slowpoke2:1170  TIME_WAIT       0
more options

Using further tools I discover that when I start facebook /w bing as home page TCP ports are opened to both facebook and google. They soon time out, but still not happy about it. If I goto another page then back to bing, a TCP port opens to facebook. True it times out but I still do not like this.

more options

Start Firefox in Diagnose Firefox issues using Troubleshoot Mode to check if one of the extensions or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance/Themes).

You may also be having RSS feeds to Firefox is trying to refresh.

Create a new profile as a test to check if your current profile is causing the problems.

See "Basic Troubleshooting: Make a new profile":

There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins" in case there are still problems.

If that new profile works then you can transfer some files from the old profile to that new profile, but be careful not to copy corrupted files.


more options

OK, safemode still opens ports, but a new profile does not open the TCP ports to google and facebook, so the issue is the profile. I frequently use tools such as regedit to fix issues on customers machines so I am not a complete novice. Are there any tools to edit the firefox profiles or are they part of the windows registry file itself?

more options

You can check if it is caused by bookmarks or other data stored in places.sqlite by copying that file to as new profile.