What is SingleClick Discovery Protocol?

Status
Not open for further replies.

Bobbye

Posts: 16,313   +36
I am checking a log and for the first time, see a firewall exception as follows:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

All I can find is that it's a 'Dell thing'. Thing is, I have 2 Dell machines running currently without this exception.

I find that the Worm/Agobot.54352 connects to the following IRC Server to deliver system information and to provide remote control using this port:

Server: blast.p**********
Port: 10421

Basically the same post is all over the internet but Google and Wiki let me down!

Can someone please explain? I could just think it means using a single click instead of a double click to open or execute. If that's it, I still don't understand why it's an exception.
 
Here's what i got (so far at least)
  • SingleClick Discovery is part of Dell's Advanced Network Services Software product. (It's a network protocol implementation)
  • You should also find a Windows service on the machine. Here's the HJT entry
    Code:
    O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe

Since this is an optional software package it's not required on all Dell machines.

So the Dell app is legit. I haven't read the product stuff to know if/when/why someone wants it running though my guess is it's not really needed if you're looking at a home network.

Not sure why (maybe just chance?) that your worm is using the same UDP port

/* edit */
Just glanced at the document TOC and definitely not required for home networks! (is this on a business network?). Here's the section names in dell's doc
  • Detecting Network Connection Failures
  • Server Load-Balancing Mechanisms
  • Fast EtherChannel/Gigabit EtherChannel/IEEE 802.3ad Static Mode
  • Multi-Vendor Teaming
  • Network Topologies
 
I checked for the Service right off and it's not running currently. I do see this in the Combofix log:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

Here's the thread if you want to take a look- doesn't look like a business to me.

Thanks.
 
1) When you say "the service wasn't running"...
> Did you see services.msc? (or you speaking of not seeing it in HJT?)
> I'm trying to understand if the Service at least exists? (in services.msc)

2) Think you forgot to provide the link to thread
 
I stand corrected (i prowled around and found some additional info)

See Remote access to home media extends to phones.
> SingleClick Systems developed the software and it can apply to home networks. Dell uses it in some of their computers

An excerpt below
SingleClick has been making management systems for small LANs for several years, and Dell began including its software on selected PCs as Dell Network Assistant in 2005, according to Zarkiewicz. Customers can view, monitor and repair their networks with the software and designate one computer as the network's media server, then install special software on it. Any system on the network can then access multimedia content from that server.
 
Dell teamed up with SingleClick Systems to develop the utility, which features various setup wizards, including file and print sharing, a digital home interface and self-diagnosis and self-healing capabilities.

A full version of Dell Network Assistant is pre-installed on all Dell consumer notebooks and desktops available today. Current Dell customers can view a product demonstration and download the application at http://www.dell.com/networkassistant After initiating the software, customers have access to the full version for 90 days. After that, the utility will continue to provide basic support, such as network status, troubleshooting and help with repairs. Customers can purchase the full version for $39.95 to use for the life of the system.
 
Status
Not open for further replies.
Back