# deploy.jar



## Deborahjm

After receiving GREAT support from this forum when my computer was infected, I started using online-armor. I am getting to know it, I think as it gives me messages about what is requesting access. 
However, I do not know enough to answer some of its questions. 
For example, right now it is asking about deploy.jar wanting to use windows\system32\svchost.exe (Process ID=1668)
Is there a place for me to reference what I should be allowing and what I should not be allowing? Or a way for me to determine what is OK or not?

Thanks so much for all of your help, as I learn to maintain my computer better!!
Deborah


----------



## tetonbob

Hi -

Are you trying to update your Java when you receive this message? If so, you can allow it. Or, are you using some other application which uses Java?

The biggest thing to consider when training a new firewall is to be aware of what applications are running at the time of a message from the firewall. If you're running a known safe application and receive a message, it's generally ok to allow.

For more help, try this online help page for Online Armor

http://www.tallemu.com/webhelp3/Popups.html

Or, the Online Armor support forums.

http://support.online-armor.com/


----------



## Deborahjm

Hi 
I was on the internet, which is what made me nervous, I was updating iTunes.

I will read the places you gave me the links to read for more information.

Thank you
Deborah


----------



## tetonbob

I don't use iTunes, but from a quick look around, it seems like it has a Java based component, which might account for the alert. Did it give the exact location of the deploy.jar file?


----------



## Deborahjm

First it says:
deploy.jar wants to use another process to access DNS

The process it wants to use is
C:\Windows\system32\svchost.exe (Process ID=1668)

It then says this means:
An unknown program(deploy.jar) is trying to use trusted program (svchost.exe) using LPC Port: \RPC Control\DNSRsolver.
This could result in (deploy.jar) gaining access to the internet through the trusted program.

It does not say anything about where deploy.jar is located.

Thanks
D


----------



## tetonbob

Did you deny it access for now? Of course, that's always the safe route when unsure, and I think it may be best now that you've described it in more detail for me. There are legitimate reasons for allowing svchost.exe access to the internet, but without more detail about what application is calling it via deploy.jar, you're right to be cautious.

Can you perform a search of the machine for deploy.jar ? Note, a search may not find anything, anyway.

Still and all, it may be best to ask the folks at Online Armor to help you.


----------



## Deborahjm

I first showed hidden folders and then did a search. There were no results. I blocked, and it gave me the very same message.
I did not have 'remember my decision checked, and so it just repeats the same pop up as soon as I click on block.
I was not able to join the forum yet. there was a difficulty with the verification ...there was nothing in the verification box for me to enter for verification, and it won't accept my registration without it. 
I have emailed them for help.
I now also have a deploy.jar pop up that wants to start:
C:\Program Files\Bonjour\mdnsNSP.dll
I again unchecked show hidden files and did not find the folder Bonjour
Thanks
Deborah


----------



## tetonbob

That message is actually helpful. Bonjour Service is part of iTunes.

http://www.systemlookup.com/search.php?type=filename&client=malwaresearch-ff&search=Mdnsnsp.dll

http://www.systemlookup.com/O23/4433-mDNSResponder_exe.html

http://www.apple.com/support/bonjour/

http://en.wikipedia.org/wiki/Bonjour_(software)

That might explain why it's attempting to use the DNSResolver


----------



## tetonbob

From your topic which was resolved a few days ago...

c:\program files\Bonjour\mDNSResponder.exe

Bonjour shows in the Installed Programs list.


----------

