Prevent HP printer from accessing internet_auto updating

[Cheryl_27]

Anyone know if there's a way to keep HP printers from automatically connecting to their server & (possibly) updating firmware & other actions?

This is an Office Jet Pro 8600 - set up on wireless home network in Vista.  Most newer HP printers probably use the same method(s) of connecting & downloading.

For one thing, I don't want it updating firmware in the background, when I don't know what the changes are.

 

The other day, I was replacing cartridges for the 1st time on this printer - using after market carts.  As soon as I replaced one & it went thru initialization, printer began to go online, saying it would ... (update something?) & also that "Web Services would be enabled."  The message went by fast, didn't catch everything.  I tried to cancel it.  AFAIK, it didn't have a "cancel this operation" button.  Ultimately, I powered it off.

Later when turned it back on, the display showed some download? resuming - but gave no explanation.  Tried to cancel, but again had to power off.  After that, I went in & re-disabled the Web Services - which it had indeed enabled.  Prerviously, they were disabled.

 

I've searched HP's support site, posted on their user forum.   I got one unofficial reply on their forum, that in order to change settings for it not to update, you have to enable part of their software called "Web Services."  Dunno if that's the only way to do this, but enabling Web Services itself requires accepting a software license, that includes acceptance for other 3rd party apps, that are part of the Web Services.

3rd parties & their apps that Web Service license terms state, HP specifically denies any responsibility for.

 

Even if settings under the Web Services software stopped the printer from phoning home, I question whether the settings would remain effective, once you disable the Web Services software, after making settings changes.

 

Maybe I could block the printer's internet access with Kaspersky's firewall / application rules?  But since it's wireless, there's a chance that blocking everything would break it's wireless function.

Maybe blocking - in KIS firewall - most of the HP files, except for Local Network?

The attachment shows all the HP files that Kaspersky finds.

[Torolol]

i usually block the destination IP/address using various means, like router config or even something like using hosts file.

[Cheryl_27]

Thanks to you both.

The suggestions require that I know the IP address(es) that the printer would use.  Perhaps several different ones?

Some softwares that connects for updates may try a default address (based on your locale).  Then if that one fails, moves to the next address in their list.  Who knows how many addresses a company like HP could use for background connections.

 

First, how would I know even the default IP address it was going to use (much less back-up addresses)?  Short of allowing it to start connecting and having sniffing software already running?

But that might start updating the firmware or other things.

[+Fahim S. MVC]

You can make sure it always has the same IP address in 2 ways.  Either you tie an IP Address to the MAC address of the printer in your router, or you set the printer up with a static IP address in the printer.

 

The instructions to set up a static address on the printer for the 8500 (which I imagine will be largely the same as yours):

http://www.ehow.com/how_8265636_set-officejet-pro-8500-a909.html

[Cheryl_27]

Fahim, maybe I'm misunderstanding you.  But what you & the article you linked are talking about is the IP address that the printer uses over the network.  i.e., the address that's often assigned by the router, for all devices connected to the router.  Like 192.168.1.100.  That address shown in the routing table is not the same as an  IPa of some server(s) that the printer might contact for updates.

 

Yes, on occasion the router assigned address for a device may change, if a static address isn't forced.

 

Someone can correct me if I'm wrong. 

[Cheryl_27]

Or, were you referring to assigning a static IPa to the printer, then blocking that IPa from accessing the internet - possibly using the router?

The printer already has a static address - to fix problems of its address occasionally changing & causing problems for a laptop printing to it.

 

But I'm still not sure about blocking the printer's static address (completely) in the router, which may break wireless printing.  Versus blocking only internet access for that static address.

When it gets to those type of finer details, I'm not that familiar w/ blocking a device. 

How to block only its internet access vs. blocking all network communication - using the router.  The latter probably breaking wireless printing.

 

UPDATE.  I can't guarantee that this has blocked all printer access to the internet, but here's what I did in my Cisco WRT54GL router.

 

Log on to the router EWS (standard info is admin/admin), go to "Access Restrictions" or similar.
Click "edit list of PC's" and put in the MAC address of the printer. (found in the printer network config / settings).

Then on the router main Internet Access page, click "Deny Access."
Check "Everyday" and "24 hours" for times to block it.
Save the settings.

 

I'm not sure if there's an option in the printer's menu to "update" or "Hhhh-Peee, phone home" - to see if it would now fail to connect.  Maybe.

If there is & it still managed to connect, there's no Cancel button, once it starts downloading something.

There's only, "Oh heeell no, buddy.  You started this download & I'm finishing it!" 

Only way I've found to stop a download in progress is turn off the printer.

[+Fahim S. MVC]

Or, were you referring to assigning a static IPa to the printer, then blocking that IPa from accessing the internet - possibly using the router?

The printer already has a static address - to fix problems of its address occasionally changing & causing problems for a laptop printing to it.

 

But I'm still not sure about blocking the printer's static address (completely) in the router, which may break wireless printing.  Versus blocking only internet access for that static address.

When it gets to those type of finer details, I'm not that familiar w/ blocking a device. 

How to block only its internet access vs. blocking all network communication - using the router.  The latter probably breaking wireless printing.

 

UPDATE.  I can't guarantee that this has blocked all printer access to the internet, but here's what I did in my Cisco WRT54GL router.

 

Log on to the router EWS (standard info is admin/admin), go to "Access Restrictions" or similar.

Click "edit list of PC's" and put in the MAC address of the printer. (found in the printer network config / settings).

Then on the router main Internet Access page, click "Deny Access."

Check "Everyday" and "24 hours" for times to block it.

Save the settings.

 

I'm not sure if there's an option in the printer's menu to "update" or "Hhhh-Peee, phone home" - to see if it would now fail to connect.  Maybe.

If there is & it still managed to connect, there's no Cancel button, once it starts downloading something.

There's only, "Oh heeell no, buddy.  You started this download & I'm finishing it!" 

Only way I've found to stop a download in progress is turn off the printer.

 

This is exactly what you need to do.  The printer won't be able to talk to the internet now, but will be able to talk to other machines on the network.

If you are worried about it not working, try setting the access block on your router so your PC can't talk to the internet.

[+BudMan MVC]

So OP - you state this is on your wifi network..  If so then just don't give it a gateway..  This can be done on your dhcp server not handing out that info for the printers mac and a reservation.  Or by just setting the IP static on the printer and not setting the gateway.

 

There you go no internet access for that printer no matter what services you enable on it.  No blocking to do in firewall, without a gateway there is no internet.  But it would be able to talk to any box o your network juts fine for printing.  Only if you had multiple segments on your local network would this solution be a problem.

 

so here is where you set IP on printer

 

 

Just don't setup default gateway, or dns (unless you need it to resolve local names via your local dns?)  Then you could set that - but without a gateway.. It just can not go anywhere other than your local network.

[Cheryl_27]

Thanks Fahim & BudMan.

BudMan - like a lot of my own instructions to others, some of your statements confuse me a little, like the old Sat. Night Live skit, where they were trying to read & decipher the written instructions on handling nuclear power plant emergencies.

One line of instuctions was, "you can't put too much water in a nuclear reactor."

They spent a long time debating whether that meant "the more water, the better," or, "too much water is bad."

 

But really, it's probably just a lack of my understanding.  But in context of this discussion, what do some of the statements mean?

BTW, I guess your screen shot is from your printer's configuration software / setup?  Maybe from the printer's EWS? 

I added a shot of the Network / IP address config screen, from the EWS for my  HP office jet Pro 8600.  You can see my current settings .

I assume my screen shot is the same thing you showed in the screen shot.

 

"just don't give it a gateway."  Very basically, what does leaving the "Default Gateway" blank cause the printer, or other devices trying to connect to the printer, or wireless scanning feature, to do / not do?

Note that earlier I  manually set a static printer address (to keep it from randomly changing & messing up printing to it from a laptop).  You may ? have missed that info in the long post.

 

"Just don't setup default gateway, or dns (unless you need it to resolve local names via your local dns?)  Then you could set that - but without a gateway."

? Meaning, you could set a DNS address (local), if it's needed to resolve local names?

Question on that:  What happens (or would not / could not happen) if no DNS address is entered at all?  (but, see notes on my screen shot, for ? special case). 

I haven't tried, but I'm not sure which of these fields the IPa config wizard would allow leaving blank.

 

"It just can not go anywhere other than your local network."  I'm not 100% sure what's meant there.

"It" being what?  And, "can not go anywhere other than your local network?"     That sorta confuses me, like, "you can't put too much water in a nuclear reactor."

[+BudMan MVC]

Dude my screen shot is from from your printers manual

 

Office Jet Pro 8600

http://h10032.www1.hp.com/ctg/Manual/c03026243.pdf

 

If that is your printer  setup for IP, then yes leave the default gateway blank.  The default gateway is the IP address a machine/device with an IP uses to talk to other IPs not on that network.

 

So for example in your example 192.168.2.xxx, lets call it 100, I am going to throw out an other term here - I want you to look it up!!  rfc1918.. Here I will help you hiding that IP is pointless.. http://en.wikipedia.org/wiki/Private_network

 

See your mask there 255.255.255.0 or /24 bit -- is saying the network 192.168.2. 1 to 254, where .0 is the wire or network and .255 is broadcast - every address on that network..  If you want to go to somewhere else other than a 192.168.2.1 to 254

address then you have to send the traffic to the gateway 192.168.2.1 in your case.. This would be your router IP address.

 

If you have 2 routers sounds like you have this

 

internet - router -- 192.168.2.0/24 -- router 2 -- 192.168.1.0/24?

 

If you do not give it (your printer) a gateway, then it would only be able to talk to other devices/computers on 192.168.2.0/24 or 192.168.2.0 mask 255.255.255.0

 

So your setting your printer IP manually??  Or is it set via dhcp and a reservation?  Or static dhcp which is a term that is misleading if you ask me.  Its a reservation for a lease.

 

I am more than happy to explain anything you do not understand at whatever level we need to discuss it so it makes sense to you..  Maybe I don't have problems with instructions for nuclear reactors because I was a nuke in the navy way back in the day and have actually read the manual for one and ran one, etc.. hehehe

 

""It" being what?  And, "can not go anywhere other than your local network?""

 

So you don't understand the use of the term it, when the whole conversation is about your printer??  What else would we be talking about - your dog???? 

 

If your interface will not allow you to leave it blank - then just put in something WRONG!!  I don't know your setup, its possible you want your printer to resolve a local name to talk to ldap server or something for auth of your users to print..