Generic host process for win32 services is trying to act as a server. what would you like to do? application svchost.exe port :2726 -udp parent: services.exe ------------C:windows\explorer.exe has tried to use svchost.exe through OLE Automation, which can be used to hijack other applications. explorer.exe might be using svchost.exe to connect to the internet. I just denied, with no subsequent surfing problems. is this benign? thx

-{ Quote: "Generic host process for win32 services is trying to act as a server. what would you like to do? application svchost.exe port :2726 -udp parent: services.exe ------------C:windows\explorer.exe has tried to use svchost.exe through OLE Automation, which can be used to hijack other applications. explorer.exe might be using svchost.exe to connect to the internet. I just denied, with no subsequent surfing problems. is this benign? thx" }-

"Generic Host Process" is a normal process that is necessary if you want to surf the Internet. I don't think it's necessary to allow it to act as a server, but that's not always the case. Sometimes it IS necessary, depending on the configuration if your ISP's servers. Most likely it is your internal DNS server that resolves host names into IP addresses. It can also pertain to automatic updates via Microsoft. There can be multiple instances of svchost.exe running when you view Windows task manager. I've received the exact same message before, usually when my NOD32 antivirus is trying to do automatic update. Port 2726 is not a normal port exploited by malware, according to the information I was able to gather. Here is a statement from the following webiste:

http://www.auditmypc.com/port/udp-port-2726.asp

-{ Quote: " UDP port 2726 uses the Datagram Protocol, a communications protocol for the Internet network layer, transport layer, and session layer. This protocol when used over PORT 2726 makes possible the transmission of a datagram message from one computer to an application running in another computer. Like TCP (Transmission Control Protocol), UDP is used with IP (the Internet Protocol) but unlike TCP on Port 2726, UDP Port 2726 is connectionless and does not guarantee reliable communication; it's up to the application that received the message on Port 2726 to process any errors and verify correct delivery.
" }-

Port 2726 is the TAMS Port (Traffic Analysis & Monitoring System). Since this has to do with TCP/IP protocol analysis, it could be related to the packet filtering system of the firewall. However, the fact that the alert is saying the process wants to act as a server makes me think it is related to your DNS resolution. In either instance, it is most likely a legitimate process necessary for your TCP/IP communications.

I would also read this very informational thread regarding the process' functioning as a server:

http://www.wilderssecurity.com/archive/index.php/t-15463.html