Hi,
I'm using Kerio 2.1.5 & have 2 PCs one with XP Home + SP2 & other with XP pro + SP1.

On both PCs I have seen the message from Kerio:
Personal Firewall has detected that application
'C:\WINDOWS\SYSTEM32\SVCHOST.EXE' was replaced by
another application with description 'Generic Host Process for Win32
Services' Do you want to accept replacement of this application ?
(on the XP Home, I initially thought the message came since I had
just updated with SP2 and thought SP2 had made the change)

I understand in general that svchost has to do with running DLLs, is
a legit exe, is in the right folder and its size seems OK but haven't found
anything on the net regarding this message.

Could someone help re:
(a)where does one find the "application description" in the installed
XP that Kerio is talking about
(b)What does the message mean/what should I do (how does one check
what caused the replacement/what is doing this and why)
I disallowed replacement and everything seems to keep working) ?

BR,Vjeko

Hi vjeko

... and welcome to Wilders :)

"Generic Host Process for Win32 Services" is a descriptive name for "svchost.exe". The new prompt is pointing to the correct path "C:\WINDOWS\system32\svchost.exe", had you done any recent Windows updates prior to getting this?

Regards,

CrazyM

I get the same thing with Sygate. It asks me if I want to allow svchost.exe, ndisuio.sys, ntoskrnl.exe, lsass.exe and alg.exe.

Should I let them through?
(Sorry I dont know alot about these knid of stuff.)

{QUOTE-> I get the same thing with Sygate. It asks me if I want to allow svchost.exe, ndisuio.sys, ntoskrnl.exe, lsass.exe and alg.exe.

Should I let them through?
(Sorry I dont know alot about these knid of stuff.) <-QUOTE}
Depends on what kind of connection they are wanting to establish. Some of these services will need network access. If you can post particulars on the connection requests for the service (protocol, IP's, ports) then a recommendation could be made.

Regards,

CrazyM