Blocking per module in svchost.exe - Comodo only?

Discussion in 'other firewalls' started by Stone Free, Sep 5, 2006.

Thread Status:
Not open for further replies.
  1. Stone Free

    Stone Free Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    5
    Location:
    London
    I know that Comodo can show exactly which module inside svchost.exe wants access to the net, and it lets you decide if only that module should be blocked or allowed.

    What other firewalls can do this?
     
  2. Stone Free

    Stone Free Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    5
    Location:
    London
    Bump!

    Anyone Please?
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Stone Free,

    Some clarification please,.. when you say "module inside svchost", do you mean the command line,.. examples:-

    "svchost.exe -k netsvcs"
    "svchost.exe -k NetworkService"

    ____
    Stem
     
  4. Stone Free

    Stone Free Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    5
    Location:
    London
    If you use SysInternals Process Explorer and hover your mouse over instances of svchost.exe it lists which services are hosted in that particular instance of svchost.

    For example

    C:\WINDOWS\system32\svchost.exe
    Services:
    DCOM Server Process Launcher
    Terminal Services

    C:\WINDOWS\system32\svchost.exe
    Services:
    DCOM Server Process Launcher
    DNS Client
     
  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I cannot say I have seen direct alerts for "services" in any firewall (I will recheck), only the command line reference, or reference given to services due to port use.

    Maybe other members have more info on this?
     
  6. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    I'm not aware of alerts to block the individual modules from accessing the internet in the firewall but the application blocking controls in many HIPS do allow individual control over the dll's that are allowed. As an example, the DHCP Client is a module and trusted within this application for execution - if it wasn't, an alert would ask to allow/deny and add to the trusted list or not.
     

    Attached Files:

  7. Stone Free

    Stone Free Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    5
    Location:
    London
    Its not necessarily the ability to block the individual modules from accessing the internet, but at least to know which open connections are comming from which module so that I can now whether the module should be accessing the internet or not. If the site and the service look sensible then I can add that site and tcp port to a firewall rule for svchost.
     
  8. Stone Free

    Stone Free Registered Member

    Joined:
    Sep 5, 2006
    Posts:
    5
    Location:
    London
Loading...
Thread Status:
Not open for further replies.