Been monitoring it on my firewall recently and am curious if I have to allow it to send and receive data. I know it is an important Windows function but the idea that windows constantly is sending and receiving bytes on my computer really bothers me from a security and a privacy standpoint. Anything that can be done about this? Is there any other Windows files that I should be worried about blocking?
Surprisingly, HowToGeek has an excellent look at svchost.exe. Lots of screenshots and shows you what all Windows is doing with this service running (multiple times probably). http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/
Internet access for SVCHost is a tradeoff. If you disable the DNS service, time service, and a few others, you don't have to give SVCHost any internet access. I believe this will also prevent updating from working properly as well. This is where privacy/security and convenience clash. You have to decide what fits your needs. If you're running a 3rd party firewall, you do have more options. The different internet services that run via SVCHost use different ports and protocols. By specifying allowed ports and destination IPs, you can allow the more useful services internet access while still controlling what they do and where they connect.
