Yaeh, I know. I just found this on my system, and it was especially suspicious to me because of all the web attacks lately. Or maybe it's just normal paranoia.

I found two instances - one going to crl.microsoft.com and one to crl.verisign.com. After I saw the verisign one, I realized that 'crl' probably meant 'certificate revocation list'.

But it's always foolish to let your system security rest on your own interpretation of an acronym, so I was glad to come across yout post.

If you think that's something, try going to:
www.jhfdjhahjd.com
www.hhjdajhfhja.net
www.WebSiteThatDoesntExsist.com/net

see what happen's...

Okay, so I figured out part of the issue, but what needs to be done to STOP the system from accessing the crl site besides using a firewall? I'm connected through a pathetic 28.8k connection right now and have sent more than 70MB in the last couple of hours :-/

I have Xp, then, when updates whit a ms patch, starting doing this stranges calls to crl.verisign.com.
Before the patch, nothing never tries to connect.-
Its possible that verisign search for illegal soft?

Why does NAV try to connect to the verisign site BEFORE completing loading NAV and NIS? This happens every time on my system (W98SE with all updates installed), and thus locks my machine up umtil I agree to go online. Is there any way of stopping this happening or of rescheduling the verisgn check until everything has loaded and I want to go on line?

In IE Tools->Internet Options->Advanced, turn off
the options that check for the CRL, eg. "Check for Publisher's CRL", "Check for Server's CRL", and "Warn about site certificates", (located towards the end of the list of checkboxes).
Note: Do this at your own risk!!!
And thanx! I didn't make the association between
.crl in the URL and a CRL. I appreciate your questions and answer, as I myself was wondering why my system was connecting to these sites. BTW.
There is STILL a bit of problem, not mentioned in the replies. In order to use certain sites, you need to create a "hole" in your Firewall that permits your system to do something more than connect to those sites. Exactly what that something more is, I am not certain of at this time. I will be testing it, as I suggest you do, as well. The problem is "how big" a "hole" in your Filrewall, that you create, to permit your system to do something more than connect to these sites. (I am hoping I am wrong about this, but I don't think I am.) More specifically, EVERYONE knows these site names. And a half decent hacker, could use these site names in messages sent to your system, that are SPOOFED with these site names, in order to gain access to your system! The amount of access is dependent upon how large the hole is in the Filrewall. I REALLY hope I'm mistaken about this, as it is a certain unsolvable hack, unless you remove the Firewall hole.

most firewalls have adequate rules for SSL/HTTPS connections so you shouldn't have to open any new ports

Spoofing the IP/Damain name in a packet sent to your computer for these sorts of secure connections would be pointless.
here's why: A normal secure connection goes something like this. (C=your computer S=Secure server H=Hacker's PC)
C->S: I want a secure connection!
S->C: Who are you and how can I be sure it's you?
C->S: Here's my ID from my last visit (or please give me an ID I'm new)
S->C: what's the password?
C->S: #*&@$@^!^&*(^! (encrypted response, up to 128bit encryption key, by the time a hacker decrypts this it's no longer valid)
S->C: Connection authorized and completed (now all the secured actions are carried out)

If a hacker was spoofing his packets as coming from a server you trust it would be more like this:

H(spoofing as S)->C: Delete everything you can get your hands on!!!
C->S: What did you just say?
S->C: I didn't say anything.
C: WTF? OK, forget about all that!

just a nice way to say hi. i looked through your pages and felt good.

Thanks a lot treat! That was causing big problems for me.

This idea of checking for CRL without my approval pisses me off. I changed IE settings and blocked crl.verisign.com w/firewall. Not sure why they want to make my machine go to the web site.

Matt

Hi,
Everything I have read here sounds familiar to me. I recently installed two bits of new software (from MAGIX and from XPsound) for which I had to register online and now every time I boot up my computer I am forced to connect to crl.versign.com re before NAV is up & running. I checked in NAV to see what the connection was, went to the verisign site (they should have called their site crl.veriunhelpful.com), and found no further info. Having read all the comments here, I am still not clear. Can anyone actually tell me what the purpose of this connection is? What is my computer checking, or what is verisign checking? I understand from an earlier helpful person ('treat') how I can change my internet options to stop this happening, but like Matthew Lind above, I am not sure whether this could cause me problems later on. Could it be that one of my recentl installed programs is insisting on making a check when I boot up?

thanks for these posts so much.
i had this problem form 2 days...when i tried to delete anything (file, folder, whatever) it took about 10 seconds for the "are u sure" window to pop up. and 2 days ago the firewall started to warn about this crl attemp to connect.
i also noticed that as long as i were NOT connected to internet i had absolutely no problem at all, very fast delete behaviour as usual. but as i connected it slwed everything down.
by simply blocking with firewall those attempts nothing really improved...while changing internet settings work perfectly, in particular the IE Tools->Internet Options->Advanced->Warn about site certificates option, if unticked solves the problem. thanks :)

Good to have found that page. Two of our family network-PC's suddenly wanted to go to crl.verisign.com and I feared it could be a virus or so.
Thx for that page, you saved me from worst fear: reinstall windows to every of our computers (4 in total). Would have taken me crazy, especially since I already had done last week on my gaming pc....

So glad to have found this site! Thought perhaps i was just being paranoid!

pc (win98 se) works fine when modem is unplugged,but as soon as it gets 'access' to my pc the problems start. Internet runs fine(if a little slower) yet i'm unable to access any files on my system- documents/applications etc, attempting to do this results in verisign attempting to send a packet out to itself - at which point pc freezes,regardless of whether i 'let it out' (via f/wall) or not. Seems ok this evening, but had me quite worried yesterday!
certainly felt it was trying to see what i was upto!
wonder what verisign/microsoft will come up with next...

Now I hate verisign right along with microsoft :-)

just to add to the paranoia/confusion/whatever:
I have 2 different screensavers i BOUGHT (yes, Virginia, paid for and all) from 3PlaneSoft. The bloody things seem to want to call M$ (131.107.99.244)after each reinstall, and i get the crl.microsoft.com addy as a name. using the peerguardian.net lookup tools....there was a reference to abuse@hotmail.com (?)
i'm using sygate personal firewall, so i'm going to try blocking the applications and see what happens.
as far as i know, 3planesoft is NOT part of Our Beloved Empire...but another reference i found in one post mentioned the directX diagnostic tool wanting to talk to the mothership, probably to see if it was the newest version, or whatever. OR, the eyecandy screensavers were using the directX tool included with the screensaver, and wanted to be sure it was kosher.
I agree with the above post...this is NOT the way to make folks feel like they're secure, tho.

"Trusted Computing", indeed!