If you’ve ever encountered the following dialog – you know that an application has crashed in Windows.
As the dialog indicates, Microsoft is checking for a solution to the problem – which means it’s communicating back to Microsoft servers. While this may not be a problem for your enterprise environment, it’s additional noise that you typically don’t want/need in your malware sandbox. The following screenshot shows example HTTP traffic reporting the error.
If you’re running an IDS such as Suricata – Emerging Threats also has a couple of signatures that can help you identify this traffic/behavior.
You can disable this behavior by following these few steps:
- Open the Control Panel and select System and Security
- Select Action Center
- Select Change Action Center Settings
- Select Problem reporting settings
- Select Never check for solutions
