Hi, all

I am new to LnS, so please do no shout to much me if I seem to ask some strange questions.

My question is vert simler to this one:- looknstop.exe wants to connect (http://www.wilderssecurity.com/showthread.php?t=118411&highlight=svchost.exe), but is not LnS asking for access.


I keep getting asked if [i]svshost.exe can connect to the internet, is there any reason it needs access, I have the DNS service disabled so it not that.

All help is thanked for in advance.

Take Care,
TheQuest 8)

First was "svshost.exe" a typo and you meant svchost.exe?

A number of different processes will run under svchost.exe and some may need access to the network/Internet.

Permit it and enable logging in application control to see what type of connections it is making. With some sample logs posted we can take it from there.

Regards,

CrazyM

Hi, CrazyM

Thank you for your reply.

-{ Quote: "First was "svshost.exe" a typo and you meant svchost.exe?" }-
Yes it was a typo. :-[

I removed it from the applicaton filtering [another :-[ ] , but the next time it ask I will set it allow and have logging on it.

Thanks very much once again your reply and help in the mean time.

Take Care,
TheQuest 8)

Hi, all

Do I have Configure Look'n'Stop for my Router because I see an old Sticky telling how to do so, or do the new Versions of LnS do it for me [by me I mean the router].

My router [Nat and firewalled] is not on a network as such, just a stand alone PC from the router to the PC on a Lan cable, used as first line of defence.

Thanks for any help in advance.

Take Care,
TheQuest 8)

Hi, CrazyM

-{ Quote: "Permit it and enable logging in application control to see what type of connections it is making. With some sample logs posted we can take it from there." }-
It is not connecting all the time so here are the only log entries so far, I hope it is of some kind of help:-

02-16-06,01:10:28 U+3 'APP: Allowed ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE
02-16-06,01:10:28 U+4 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
02-16-06,01:10:29 U+5 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
02-16-06,01:10:30 U+6 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
02-16-06,01:10:32 U+7 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
02-16-06,01:10:36 U+8 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
02-16-06,01:10:44 U+9 'APP: Allowed ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE
02-16-06,01:10:44 U+10 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
02-16-06,01:10:44 U+11 'APP: Allowed ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE
02-16-06,01:10:44 U+12 'APP: Allow TCP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 80, IP: 207.46.253.219


With Thanks for any your help with this.

Take Care,
TheQuest 8)

-{ Quote: "Yes it was a typo. :-[ " }-
Just wanted to be sure it was that and not some malware.

-{ Quote: "Do I have Configure Look'n'Stop for my Router because I see an old Sticky telling how to do so, or do the new Versions of LnS do it for me [by me I mean the router]." }-
If everything is working fine right now it is not required.

02-16-06,01:10:28 U+4 'APP: Allow UDP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
This is svchost.exe doing DNS lookups (being proxied/handled by your router 192.168.1.1) which is OK to allow. Even though you have the DNS Client Service disabled (used for caching) your system via svchost.exe will still do lookups.

02-16-06,01:10:44 U+12 'APP: Allow TCP ' Generic Host Process for Win32 Services EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 80, IP: 207.46.253.219
The IP belongs to Microsoft, do you have Windows Update enabled?

Regards,

CrazyM

Hi, CrazyM

Thanks once again for replying.

-{ Quote: "If everything is working fine right now it is not required." }-
Seem to be working fine, is there a test I should or can do to test LnS with the router, [other then a leak test[s], because trying to download the tests sets off my AV and AT, [and I d not think turning them off to downlod something to do a test is a good Idea.]

-{ Quote: "This is svchost.exe doing DNS lookups (being proxied/handled by your router 192.168.1.1) which is OK to allow. Even though you have the DNS Client Service disabled (used for caching) your system via svchost.exe will still do lookups." }-
I am usually [I have life time License] an OutPost user [but as it look to be going the same way as ZAP Big, Fat and wants to phone home about everything] so was not sure about the DNS caching in LnS.

-{ Quote: "The IP belongs to Microsoft, do you have Windows Update enabled?" }-
I do not as a rule have it enabled but had just done some Windows Updates and had not yet [unenabled] disabled it in services. [I try never use IE other then for Windows Updates]

Thanks very nuch for your help again.

Take Care,
TheQuest 8)