Internet requests whenever TX16Wx loads?
-
- KVRer
- Topic Starter
- 6 posts since 21 Apr, 2022
Hi! I'm wondering what's the rationale behind this behavior, namely that TX16Wx connects to the internet every time it is loaded. This is some OCSP certificate traffic which is benign by and of itself but why? I'm blocking these and it does not seem to affect performance of the plugin but, seeing that the sampler looks like an ethical product with no intention to rip you off or steal you data or whatever, I hope this concern can be cleared up. Thanks and sorry for my being paranoid. I'm using v. 3.5.0 free version.
-
- KVRAF
- 2402 posts since 27 May, 2005 from Stockholm
Not sure what you are seeing. TX16Wx will only connect to the internet to check licence status, i.e. when Pro mode is activated. And even so, it should only be iff you actually have an activation on the machine (not trial mode).
Code signature verification (always done, but explicit - initiated by code - in the case of licence checks) might also cause a request being generated indeed (by system though - not sure that happens in-process).
If you block the requests, can you tell me to where they are going? Easy enough to check if it is a licence check.
Code signature verification (always done, but explicit - initiated by code - in the case of licence checks) might also cause a request being generated indeed (by system though - not sure that happens in-process).
If you block the requests, can you tell me to where they are going? Easy enough to check if it is a licence check.
TX16Wx Software Sampler:
http://www.tx16wx.com/
http://www.tx16wx.com/
-
- KVRer
- Topic Starter
- 6 posts since 21 Apr, 2022
Thanks for the reply. Sure, here are the details. Again, I stress for anyone who reads this it's a weird (imho) but absolutely harmless behavior on behalf of the software, no real complaint here. I'm on Windows 10. TX16Wx Pro mode is NOT activated. So the requests are to 104.18.32.68 and 172.64.155.188, these correspond to ocsp.comodoca.com.cdn.cloudflare.net and it seems to be a certificate authority, communication is over HTTP and OCSP, about 30 TCP packets in total. If you allow everything to complete there appear three new OCSP certificates in Windows; from that point on loading/unloading the plugin does not produce new internet requests (you can use "certutil -urlcache ocsp" to view, "certutil -urlcache ocsp delete" to start anew) which makes sense since the certificates are not expired or something to that effect. How do I know it's really TX16Wx? I've loaded it a zillion times and it's 100% reproducible, and no other plugin does the same. My firewall displays the request as going from the VST host process. Disclaimer -- I've got an IT background but not in security. So the bottom line is, it's probably initiated by the interaction of Windows and some of the frameworks you're using. Thanks for your attention to this post and maybe, maybe you could do something about it...
-
- KVRAF
- 2402 posts since 27 May, 2005 from Stockholm
So that is not TX16Wx really. It is just Windows verifying the code signing certificate. Should only happen once (or every time the machine cache is invalidated). 100% harmless.
If it does not happen for other plugins, I guess they are either not signed (bad - susceptible for modifications by third party), or they are signed with certs that are already installed on your machine. (Quite possible - there are a lot of authorities).
Just to make clear: TX16Wx does not collect any user info beyond licence information (in Pro mode only). I hate data mining with a fervour.
If it does not happen for other plugins, I guess they are either not signed (bad - susceptible for modifications by third party), or they are signed with certs that are already installed on your machine. (Quite possible - there are a lot of authorities).
Just to make clear: TX16Wx does not collect any user info beyond licence information (in Pro mode only). I hate data mining with a fervour.
TX16Wx Software Sampler:
http://www.tx16wx.com/
http://www.tx16wx.com/
