I am starting to look at my network activity to determine if there's anything on my system communicating with the outside world that shouldn't. How do I determine what is valid and needed?
For example, I had no network activity for a minute, but I still had the following communicating at over 1 KB/sec: svchost.exe (LocalService and NoImpersonation), Address: 239.x.x.x
Others I know are needed, with my router IP.
Edit: For the example I gave, the destination is 239.255.255.250:1900 Location http:// 192.168.1.2 :2869/upnphost/udhisapi.dll?content=uuid:090dfd23-5421-4924-97ab-8968907a1da0 I'm guessing it's Windows Media Player based on what I've seen, though I never ran the 'startup'/installation for it, so it shouldn't have permission to spread information (unless Windows OS license agreement is somehow tied to that).