Yes or by third party firewall. You can not block these processes from outbound access, at least not fully. That's why I always monitor svchost.exe for suspicious outbound connections. I do block explorer.exe from outbound access, for some reason it does sometimes try to connect out. Monitoring the browser is a lot harder of course, because you can't know which connections are legit or not. The only thing you can do is install anti-tracking extensions, but that does not stop the browser and extensions from spying on you. So it comes down to trust.
DNS resolution is performed by svchost.exe. In Win 10, svchost.exe is used for everything "under the sun." Difficult if not impossible to monitor outbound connections from it.
Only few ports on Svchost has to be allowed. so at least you will reduce the "unwanted" outbound connections.
Rasheed I use Adguard for the anti tracking part. Not the extension but rather the paid desktop version. itman For sure. I was just goofing around because of too much time. I only Blocked the svchost.exe at the time.
not to get too off topic but take a look at my screen shot. a million Skype connections and I have never used Skype
Perhaps it´s enabled as a background app. See Windows 10: Background Apps - Turn On or Off in Windows 10.
By default Skypehost.exe is running in the background even if you don't use Skype. You can disable it:
Actually today is the first time I saw it's connections. Thanks, I will disable that bugger. I think this version came with Office that I got when I was still working and so It might be different.
Rasheed- It is a simple concept and intuitively obvious. That's why I wonder why many feel comfortable using Windows Firewall (without any of the onerous tweaks) as WF at default has Zero Outbound protection. But again, I wonder at many things...
CS yes Windosw does have outbound control but I chose to use a third party software to control it. Unless you want to get deep into the Windows Firewall
If you are worried about outbound connections doesn't that mean your machine is already compromised? If you can't trust the programs you install, then why install them?
Yes, svchost.exe really only requires for the most part ports 53/67/68/UDP and 80/443/TCP outbound connections. The problem is allowing all services those connections is insecure. So multiple outbound svchost.exe firewall rules have to be created; one for each requesting service. And the user has to have the smarts to know what is a legit service versus a malware one.
because if you are a home user, using only your home network , being careful on what you allow on your system, and don't let RATs or keyloggers active on your system, you won't need much of "outbound control" Exact. Exact, not a easy task for beginners sure. I just use WF with advanced settings (all outbound connections, in all profiles blocked) then disabled a whole batch of rules, create manually some for my needed apps, etc...
I don't see what's wrong with the Windows Firewall, like I said you have to use a HIPS to protect against firewall bypassing methods, this means don't allow apps to inject code into network enabled processes, and don't allow apps to install drivers for no good reason. BTW, is it possible for you to test SpyShelter against popular banking trojans?
Oh my god, I forgot about this thread. Well thank you to everyone participating. I've been busy with something lately but I'll have a look at your answers asap. Thank you.
It doesn't have any intrusion detection system(IDS), so you're not protected against any of the threats shown in the below screen shot. Nor does it have any botnet protection.
not its purpose anyway, WF is just a basic FW meant to block inbound connections only, and it is enough for most users. About botnet , it is not the job of a FW to protect about it. If you are part of a botnet , it means you are compromised by a RAT , so your security setup failed already. If you need an IPS/IDS , then you have to add a 3rd party FW. I don't think MS will add those kind of features to its FW (i wish they do ^^ ).
It reminds me similar question that appears on forum from time to time- "if you want/need (optional) anti-logger/HIPS/anti-exe...or whatever you mean...doesn't that mean your machine is already compromised/infected?" How is the sense of discuss if everything comes down to such question? Should I be compromised if I want to control what want go out from my system? Why you don't conssider that someone want to reduce amount of leaking data also...why should I agree that some apps want to call and speak with its servers? May I have a quite "clean" network traffic or you are for idea that everything could send/receive data without our knowledge or control?
If you're worried about such things then I suggest you're using the wrong Operating System and / or have the wrong programs installed.
@ichito , Don't get me wrong, it's your machine. I use O&O Shutup10 to reduce Windows 10 telemetry but I'm not obsessed by it, if I was I wouldn't be using Windows. All that said, we're going a bit off topic now about @zagmarfish 's recommendation for a good anti-keylogger, no?
I think you try to ridicule my words...it's your matter but looking on your security setup one month ago I think you've felt more worried than happy https://www.wilderssecurity.com/thr...etup-these-days.111264/page-1538#post-2651568 Cheers.
Again, off topic. I'm not in the slightest ridiculing you, and my set up is for the fun and enjoyment of security software, not for fear of infection. If you wish to continue this discussion feel free to send me a PM because I will not continue to take this thread any further off topic. Cheers.
Since we are off-topic let's keep being off-topic. I'm not in a hurry anyway. My point of view is that I'd rather have a program that warns me "this is trying to access the internet; this asks to be launch on startup; this is creating an Alternate Data Stream; this is program is trying to hide its process..." wether these actions are legitimate or not. I know most people don't want to worry about and rather leave the burden of decisions to their antimalware but I'rather decide by myself. As far as I'm concerned, only my browsers and my av need to access the internet. If a program needs an update I can take care of it by myself. With all due respect, it doesn't make sense. It's when your machine is compromised that you can't worry about outbound connections anymore. And why would you trust any program at all? Sourceforge was a trustworthy source for many, many years. And they took advantage of it. And what it your favourite software source was hacked before you know it? No one can predict these kind of things.