ICMP (type:0/subtype:0)

Hi Bill,

I haven't seen that looping ICMP stuff before. Is it constant or does it come after a specific type of network access? More on the exact circumstances might help to better isolate the cause for what you are seeing.

As to "Generic Host Process for Win32 Services" (whew! long name - let's just call it svchost.exe from here forward ), I have never given "server" rights to this for the Internet because that will allow whatever ports it is listening on to be open and listening to connection attempts from the Internet. This would allow connection attempts to port 135, for example, which could allow messanger spam in and many other things. If you have 445 listening, then your SMB access could listen to connections from the Internet, as well. And other ports, too.

Many people find they need to allow svchost.exe access outbound to the network to support things like DNS resolution and other basic network services. I have never found an issue with allowing it out. In the Programs panel in ZA+ on my system, svchost.exe has both Trusted and Internet Access out checked, and question marks in the two Server columns. (I like question marks in case something changes on the system, and suddenly it wants server rights - I'd want to see it ask so I'd know. Normally, it does not ask for server rights on my system, but that may be related to how my services are configured.)

Hope that helps,
LowWaterMark

 

Yes, you're right Bill - same answer, more or less. That is an exact condition I see at times by having svchost.exe set to "?" program permissions. The parameters listed in the pop-up, if there are any, (port, protocol, addresses), should clarify what condition is causing the alert (inquiry) in the first place. (Although, there are times when not all those fields have data in them, at least I see that at times in ZA+. It makes it hard to make an intelligent decision whether to allow it or not. So, in my case, if there is no data - then I just say no.)