is normal for chrome to connect to 1900 port UDP 239.255.255.250

@Floyd 57 sure, I occluded the other rows, for security reasons so to speak
but left svchost, it has alot of connections actually, also smartscreen.exe

as for SW
svchost is in the disabled list of processes, so is systemsettings and smartscreen (in the grey area and unthicked), all settings by henry are set to block Microsoft processes in the blocklist and settings ("block spying, block application servers, block updates"), then I have DHCP and DNS in system rules set to "on", block inboud /outbound as said
sometimes I don't see ip address, it's just port 0, but usually they are associated with Azure (thankfully, I mean it could have been hacker.it)

It must be DHCP and DNS (they allow system and svchost), but I loose connectivity after some time if I disable,

I am considering the option of denying all ip, but allowing few known ones

 

DHCP/DNS, probably the culprit, but dunno how to setup so DHCP is a tad more secure

 

fixed upnp for chrome by Floyd so we can close /thread, svchost connections and UDP are normal with DNS / DHCP setup

 

I personally have everything disabled



Dont see why u need em enabled?
I also enabled QUIC on chrome.exe



also make sure to enable from browser chrome://flags

Experimental QUIC protocol
Enable experimental QUIC protocol support. – Mac, Windows, Linux, Chrome OS, Android

#enable-quic - Enabled

 

@Floyd 57 I loose connectivity if I do, I know about DHCP and perhaps how to set but not DNS why it needs on? is DNS related to DHCP setup? I know how to set DNS on router and host yet this things needs to be on for some reason. Quic is nice to have for some reason I can see no difference on vs off?

 

https://nordvpn.com/blog/what-is-quic-protocol/
https://www.networkstraining.com/what-is-quic-protocol/

It's not supported everywhere.

If u disable dhcp and dns u prob lose connectivity cuz u have system and/or svchost.exe blocked, no? So block em, but don't disable notifications. This way u can create rules that u need for connectivity.

 

@Floyd 57 ok I did it , "system" wants out with igmp multicast: 224.0.0.22 igmp.mcast.net

EDIT: did allow system and igmp but still no INTERNET (so DHCP AND DNS off but system and svchost allowed I don't get INTERNET) rolling back to DNs DHCP on

finally, udp ports are closed by disabling windows services

 

@lucd
do you have this flag in your chrome,if you have disable it.chrome://flags
"Load Media Router Component Extension"
i use ungoogled chromium and that have such flag and i get rid of 239.255.255.250

even if your chrome don't have that flag try run with this flag
--load-media-router-component-extension=0

 

@co22 thanks alot, that option was not set indeed, I overlook it
it appears to be working

 

finally closed all UDP connections by using YUKI settings found on this forum (udp ports are closed by disabling/resetting certain windows services), that in combination with Load Media Router Component Extension "disable", all the weird connections to Azure displayed by blackfog are gone (for now at least), these settings will disable wifi so need to be careful on WlanSvc, Eaphost, KeyIso, Wcmsvc (you can remove dependency on nsi from dhc and other services) also windows updates: DoSvc

Spoiler

sc config AJRouter start= disabled
sc config AXInstSV start= disabled
sc config BDESVC start= disabled
sc config Browser start= disabled
sc config BthHFSrv start= disabled
sc config bthserv start= disabled
sc config CDPSvc start= disabled
sc config CertPropSvc start= disabled
sc config DcpSvc start= disabled
sc config DeviceAssociationService start= disabled
sc config diagnosticshub.standardcollector.service start= disabled
sc stop DiagTrack
sc stop dmwappushservice
sc delete DiagTrack
sc config DmEnrollmentSvc start= disabled
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
sc config DoSvc start= disabled
sc config dot3svc start= disabled
sc config DPS start= disabled
sc config Eaphost start= disabled
sc config EFS start= disabled
sc config fdPHost start= disabled
sc config FDResPub start= disabled
sc config fhsvc start= disabled
sc config FontCache start= disabled
sc config hidserv start= disabled
sc config HomeGroupListener start= disabled
sc config HomeGroupProvider start= disabled
sc config icssvc start= disabled
sc config IEEtwCollectorService start= disabled
sc config iphlpsvc start= disabled
sc config KtmRm start= disabled
sc config LanmanServer start= disabled
sc config LanmanWorkstation start= disabled
sc config lfsvc start= disabled
sc config lltdsvc start= disabled
sc config lmhosts start= disabled
sc config MapsBroker start= disabled
sc config MSDTC state= disabled
sc config MSiSCSI start= disabled
sc config NcaSvc start= disabled
sc config NcdAutoSetup start= disabled
sc config Netlogon start= disabled
sc delete NetTcpPortSharing
sc config p2pimsvc start= disabled
sc config p2psvc start= disabled
sc config PcaSvc start= disabled
sc config PerfHost start= disabled
sc config PhoneSvc start= disabled
sc config pla start= disabled
sc config PNRPsvc start= disabled
sc config PNRPAutoReg start= disabled
sc config PrintNotify start= disabled
sc config QWAVE start= disabled
sc config RasAuto start= disabled
sc config RasMan start= disabled
sc config RemoteAccess start= disabled
sc config RemoteRegistry start= disabled
sc delete RetailDemo
sc config RpcLocator start= disabled
sc config SCardSvr start= disabled
sc config ScDeviceEnum start= disabled
sc config SCPolicySvc start= disabled
sc config SDRSVC start= disabled
sc config SensorDataService start= disabled
sc config SensorService start= disabled
sc config SensrSvc start= disabled
sc config SessionEnv start= disabled
sc config ShellHWDetection start= disabled
sc config SmsRouter start= disabled
sc config SNMPTRAP start= disabled
sc config SSDPSRV start= disabled
sc config SstpSvc start= disabled
sc config swprv start= disabled
sc config SysMain start= disabled
sc config TabletInputService start= disabled
sc config TapiSrv start= disabled
sc config TermService start= disabled
sc config TrkWks start= disabled
sc config tzautoupdate start= disabled
sc config UmRdpService start= disabled
sc config upnphost start= disabled
sc config vmicguestinterface start= disabled
sc config vmicheartbeat start= disabled
sc config vmickvpexchange start= disabled
sc config vmicrdv start= disabled
sc config vmicshutdown start= disabled
sc config vmictimesync start= disabled
sc config vmicvmsession start= disabled
sc config vmicvss start= disabled
sc config VSS start= disabled
sc config WalletService start= disabled
sc config wbengine start= disabled
sc config WbioSrvc start= disabled
sc config Wcmsvc start= disabled
sc config wcncsvc start= disabled
sc config WdiServiceHost start= disabled
sc config WdiSystemHost start= disabled
sc config WebClient start= disabled
sc config Wecsvc start= disabled
sc config wercplsupport start= disabled
sc config WerSvc start= disabled
sc config WinHttpAutoProxySvc start= disabled
sc config WinRM start= disabled
sc config WlanSvc start= disabled
sc config wmiApSrv start= disabled
sc delete WMPNetworkSvc
sc config WPDBusEnum start= disabled
sc config WSearch start= disabled
sc config wuauserv type= own
sc config WwanSvc start= disabled
sc config XblAuthManager start= disabled
sc config XblGameSave start= disabled
sc config XboxNetApiSvc start= disabled

 

you are using outdated windows version, there is no such service browser, BthHFSrv, dcpsvc, HomeGroupListener, HomeGroupProvider, IEEtwCollectorServiceat , WMPNetworkSvc least for me. I also have those services disabled, except:

Device Association Service - for stuff like wired and wireless controllers etc. you might not need it, but never hurts to have it just in case u do, it doesn't do anything when it's not running.
Delivery Optimization - I'm not sure but if this is all it does then it's safe disable


Dot3svc - this is Wired Auto config, if u use ethernet cable u should prob leave it on
Eaphost - Dot3svc depends on this
FontCache - The Windows operating system creates a cache for the fonts so that they can load faster every time you start a program, app, Explorer, etc.
Human Interface Device Service - this is for special buttons on keyboard, such as volume up down play pause etc. I use volume up and down a lot
Performance Logs and Alerts - https://www.windowscentral.com/how-use-performance-monitor-windows-10 , I don't use this personally, but I have not seen it used either. So I guess it doesn't hurt to sit in Manual, just in case
SensorDataService, SensorService, SensrSvc - I got all these manual, haven't done much research on them tho
swprv - required by macrium I think
sysmain - makes pc faster, basically
vmic services - required for VM and stuff
vss - required for macrium
Wcmsvc - needed if you use wifi and stuff. I don't yet it's set to automatic. Needs testing.
wmiApSrv - I have this on manual, in case it's needed
wuauserv - this is for windows updates

 

@Floyd 57
these are the Yuki (wilders' user) settings from 4-5 years ago, I am using latest windows, I injected a ton of scripts to close down UDP+ extra stuff I found on github and something kicked in. I am not getting any UDP from programmes insofar, debloating windows pays off, also no svchost, smartscreen ip in blackfog (fingers crossed that I don't see them anymore)
I like that disabling of chrome but allowing HTTP that you do with SW, unfortunately you won't run data science programs anymore like ANACONDA, ie local servers in chrome, you must switch rules on the fly for SW and allow other protocols, but that's bearable

anyway I think debloating OS is a good idea

judging from my tests
SensorDataService, SensorService, SensrSvc : can be disabled
sysmain : fast pc but not relevant on SSD, also security concern
FontCache: not needed, today they make fast CPUs that can handle this no problem
Device Association Service, not needed
for wifi you need: KeyIso, Wcmsvc, WlanSvc, Eaphost (to start any of the services you need to start with CNG key isolation)
wired: dot3svc
anyway Yuki guy got these things down yet he connected, manually I suppose via wired

for updates you need DoSvc : Delivery Optimization. Can be disabled, if you sideload updates. And the one you mentioned, wuaserv, UsoSvc and uhssvc. BITS is not needed but related for instance for peer to peer (peercaching), updates via peer-2-peer, do they make updates faster I don't think so, not many services are needed to run the OS
there are things that should never be touched too like Appinfo, UserManager

UserManager is fun, it will spawn multiple istances of desktop manager when is disabled, the screen is white, cursor spins and screen flickers, this will go forever

Anyway they made it so these services come back, there are also others that run under user specific tags, its more difficult to disable them, I guess you need something like registry guard from NVT otherwise crapware crawls back

Dcom is very controversial (the only service with "access denied"), but probably essential too
https://www.cybereason.com/blog/dcom-lateral-movement-techniques

 

yes registry guard fixes settings and services coming back, and udp coming back, I had to add certain rules

registry guard as a service, ver 1.7 does the job for now, since windows will default now after restart, they insist really bad at keeping certain settings and services alive, it wasn't like that few years back

these are impossible to stop otherwise, they come back with diff name after underscore


CDPUserSvc_ , MessagingService_ , svsvc_, UdkUserSvc_, WpnUserService_, PushToInstall_, UserDataSvc_, UnistoreSvc_, UsoSvc_, cbdhsvc_, WpnUserService_

 

I don't think you need registry guard, can't you just edit the permissions of the service reg keys?



I think it's SYSTEM that is the one that modifies em, not sure. Ofc u would also change Owner to yourself.

They do not come back for me





As you can see, I got all those disabled with _ (well most, some I kept enabled)





I reply to ur other stuff some other time

Also, all of my _ services are specifically _5670c, while before they were different. So it might be with windows version or smth. But I do not think it gets generated when u disable non_ ones.

 

@Floyd 57 if I disable svchost and re-enable notification and then allow something via notification pop-up window, in this case svchost, only that particular connection is going to be allowed or everything from svchost? I'd say the former

 

so on fresh os with debloating by ntlite, the system has 14 UDP listening connections with chrome, after disabling unneeded services and applying media router tweak: Load Media Router Component Extension in chrome and system wide: 0 UDP port listening, the potentially problematic thing is windows time, port 123