• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

consent.exe

M

malcp

#1
Hi does anyone know why consent.exe which is the consent ui for
administrative applications would want to accesss the internet. I know the
obvious that it could be a virus or spyware but I am running an up to date
windows onecare and do regular scans and nothing is found. Also my router as
an inbuilt firewall. My vista ultimate is fully up to date. There are no
rogue programs in task manager or in the registry. Shieldsup shows my system
as full stealth. I therefore think its the operating system thats doing it
but why?
--
malcp
 

My Computer

#2
Because every darn thing in Vista thinks it needs to talk to someone?

Since installing ZoneAlarm, I'm amazed at all the processes that want to
talk to my router, DNS, want to "multicast" to who knows where, and, in a
few cases, actually call somewhere out on the 'net.

What does disk defragmenter, for example, have any damn reason to talk to
anyone? Just defragment, for cryin' out loud.
(Sorry, end of rant.)

I've not seen consent.exe yet come up. Are you operating as a Standard User
or as an Administrator?

Val
 

My Computer

M

malcp

#3
I am operating as an administrator. I have it blocked in onecare firewall and
it does not seem to affect operations but it would be nice to know why it
needs to access the internet. anyone at Microsoft got an answer.
--
malcp
 

My Computer

L

Lang Murphy

#4
It -looks- like it's an MS exe. Claims it's a "Consent UI for administrative
applications." I don't know... maybe it's part of UAC. Why it accesses the
internet? Dunno. Seems like everything wants to access the internet these
days. ;-)

Lang
 

My Computer

M
#6
a number of processes need to contact the internet, this is quite normal
and is part of how the internet works.
for instance DNS = domain name server, when you type an address of a
page into a browser then your computer needs to contact a dns server to
resolve the url as an i.p. it is this ip number which your computer
then looks up to find the page in question,
as for consent.exe, i am not 100% sure about this, but i think that
this has to do with getting permissions for various software to get
elevated rights to run on your computer, for instance a program like
regsupreme may want to do things to the registry, however windows needs
to verify whether or not the program has a key held with an authority to
permit it to run..
ok, as i said i am not sure about the ins and outs of this however i
think i am not too far of the mark here.

it would be cool if microsoft wrote something a little more
comprehensive about such processes, as it is we usually need to look
these things up in some obscure corner of the web.


--
marz
 

My Computer

J

Joe Morris

#9
With the obvious caveats about its level of authority, according to
Wikipedia "Baltimore Technologies" was at one time in the business of
selling PKI certificates but sold that business to Betrusted in 2003.

ARIN maps that IP address to Baltimore Technologies (as the OP stated), but
the nameservers for that domain are shown as NS3.US.BETRUSTED.NET and
NS4.US.BETRUSTED.NET, which support the info from Wikipedia.

Betrusted in turn is now Cybertrust; the base Vista distribution includes a
root certificate issued by Cybertrust. Interestingly, there is a root
certificate that's part of the standard Windows XP distribution from
Cybertrust, which (unusual for a root certificate) includes a CRL link --
and that CRL link ("www2.public-trust.com") maps to 64.18.25.45, which is
also registered to Baltimore Technologies.

My guess is that the OP is running an application whose executables are
signed by a certificate issued by Betrusted, Cybertrust, or one of their
relatives, and that the system is attemting to validate that certificate.
Recall that the text (and colors) used in a UAC challenge window are
different depending on whether the requesting executable is or is not
validly signed.

So...the request is probably legitimate, but refusing to approve the request
for external access is probably harmless.

Joe Morris
 

My Computer

#10
With the obvious caveats about its level of authority, according to
Wikipedia "Baltimore Technologies" was at one time in the business of
selling PKI certificates but sold that business to Betrusted in 2003.

ARIN maps that IP address to Baltimore Technologies (as the OP stated), but
the nameservers for that domain are shown as NS3.US.BETRUSTED.NET and
NS4.US.BETRUSTED.NET, which support the info from Wikipedia.

Betrusted in turn is now Cybertrust; the base Vista distribution includes a
root certificate issued by Cybertrust. Interestingly, there is a root
certificate that's part of the standard Windows XP distribution from
Cybertrust, which (unusual for a root certificate) includes a CRL link --
and that CRL link ("www2.public-trust.com") maps to 64.18.25.45, which is
also registered to Baltimore Technologies.

My guess is that the OP is running an application whose executables are
signed by a certificate issued by Betrusted, Cybertrust, or one of their
relatives, and that the system is attemting to validate that certificate.
Recall that the text (and colors) used in a UAC challenge window are
different depending on whether the requesting executable is or is not
validly signed.

So...the request is probably legitimate, but refusing to approve the request
for external access is probably harmless.

Joe Morris

Interesting research. Cybertrust subsequently also bought by Verizon
Business.


Verizon Business acquires Cybertrust
http://www.networkworld.com/news/2007/051407-verizon-business-acquires-cybertrust.html

I can spot a "GTE CyberTrust Global Root" certificate in my store which
supposedly



Protects e-mail messages
Proves your identity to a remote computer
Ensures the identity of a remote computer
Ensures software came from software publisher
Protects software from alteration after publication
All issuance policies



but I tend to work on the principle that if things work fine without these
mysterious connections to information-gathering government-connected
organizations, then there's no real need for them.


--
Jon
 

My Computer

v0ids0ul

New Member
Messages
7
#11
Why would consent.exe then wait until I hit "control-alt-delete" to execute this call to home? If it weren't for Comodo Firewall stopping it (and blocking the control alt delete until my attention was received) I wouldn't have noticed. So basically I hit control alt delete and just about every time this consent.exe tries to call home.. Why not attempt while my computer is in a normal session? It's like it purposely tries to hide itself from when a user might possibly have task manager open... I just find it odd is all. No matter to whom they are calling home and what for. I mean we all know that the Software Licensing service calls home with every boot to validate your Vista copy, but for what reason does this consent have to wait for a control alt delete?
 

My Computer

Messages
43
#12
Good People,
I, also, for the first time got a consent.exe request which I denyed with no visible negative effects.

Did we ever get a definitive resolution of the whys and wherefors regarding consent.exe?

In my case, consent is located in %windir%\system32 and the properties tab looks to be normal for MS-supplied software.

My version of Vista is Vista Ultimate and the file size is 81,920 bytes.
karl
 

My Computer

H

HappyAndyK

#13
If the consent.exe is situated in the system32 folder then its the legit
MS process; else malware. so I suggest you check up its location and/or
its Properties and then take appropriate action. If its the legit MS
file, I dont see any reason for denying permission to connect, but if
its malware, run your anti-malware in safe mode.


--
HappyAndyK
 

My Computer

Messages
43
#14
HappyAndyK,

Quoting from my original post:
======
In my case, consent is located in %windir%\system32 and the properties tab looks to be normal for MS-supplied software.

My version of Vista is Vista Ultimate and the file is 81,920 bytes.
========

For your general info, the environment variable %windir% is, for most users, C:\Windows.

For example,
the DOS command CD %windir% will change the directory to C:\windows (assuming that you installed onto C)

I was hoping that someoone would confirm the file size for me.

Malware is perfectly capable of replacing files in the system32 directory.

karl
 

My Computer

R

Roberto le Corneille

#15
"Karl Snooks" <guest@xxxxxx-email.com> wrote in message
news:fcd7dbe9bc1bde33e1c0bafccc0a8cd0@xxxxxx-gateway.com...

> For example,
> the DOS command CD %windir% will change the directory to C:\windows
> (assuming that you installed onto C)
>
> I was hoping that someoone would confirm the file size for me.
>
> Malware is perfectly capable of replacing files in the system32
> directory.
>
> karl
Mine is 80KB File verson 6.0.6001.1800
HTH
rgds
Roberto
 

My Computer

E

Energy jobs

#17
I've not seen consent.exe yet come up. Are you operating as a Standard
User
or as an Administrator?
When starting the Snipping Tool .,

consent.exe wants to connect to the Internet, and after that
SnippingTool.exe
also wants to connect .

Is that normal ? Can anyone confirm that behaviour ?

I believe consent.exe is part of the UAC (User Account Control) ?

Why do they both want internet access ,?


Energy jobs
 

My Computer

OldGuru

New Member
Messages
1
#19
Today I logged into my account on my son's notebook (I rarely use my account on that notebook) and I saw that firewall notice for the first time. The OS on the notebook is 32-bit Vista Home Premium. I use a Vista x64 and has never seen that message.

My son is not too concerned about security when he surfs Internet, so I naturally became suspicious. I blocked the program for a simple reason; while the publisher was shown as Microsoft, it was NOT digitally signed by Microsoft and it was attempting to connect to 199.7.71.72 which is assigned to VeriSign Global Registry Services.

I find it curious that an unsigned program tries to directly contact Verisign. Does Verisign provide an API that can be exploited by a malicious program to produce fake signature validation?
 

My Computer

Messages
43
#20
Old Guru, I never had any ill-consequences from denying Consent.exe. I use Comodo Computer Internet Security. At the time, I was running Vista Ultimate. Am presently using Win 7 RC and haven't seen the msg anymore. Anoithe old guru, karl snooks
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)