clarification on a firewall pop-up.

Discussion in 'other firewalls' started by jrx10, Jan 31, 2007.

Thread Status:
Not open for further replies.
  1. jrx10

    jrx10 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    85
    Generic host process for win32 services is trying to act as a server. what would you like to do? application svchost.exe port :2726 -udp parent: services.exe ------------C:windows\explorer.exe has tried to use svchost.exe through OLE Automation, which can be used to hijack other applications. explorer.exe might be using svchost.exe to connect to the internet. I just denied, with no subsequent surfing problems. is this benign? thx
     
  2. KDNeese

    KDNeese Registered Member

    Joined:
    Dec 16, 2005
    Posts:
    236
    "Generic Host Process" is a normal process that is necessary if you want to surf the Internet. I don't think it's necessary to allow it to act as a server, but that's not always the case. Sometimes it IS necessary, depending on the configuration if your ISP's servers. Most likely it is your internal DNS server that resolves host names into IP addresses. It can also pertain to automatic updates via Microsoft. There can be multiple instances of svchost.exe running when you view Windows task manager. I've received the exact same message before, usually when my NOD32 antivirus is trying to do automatic update. Port 2726 is not a normal port exploited by malware, according to the information I was able to gather. Here is a statement from the following webiste:

    http://www.auditmypc.com/port/udp-port-2726.asp

    Port 2726 is the TAMS Port (Traffic Analysis & Monitoring System). Since this has to do with TCP/IP protocol analysis, it could be related to the packet filtering system of the firewall. However, the fact that the alert is saying the process wants to act as a server makes me think it is related to your DNS resolution. In either instance, it is most likely a legitimate process necessary for your TCP/IP communications.

    I would also read this very informational thread regarding the process' functioning as a server:

    https://www.wilderssecurity.com/archive/index.php/t-15463.html
     
Loading...
Thread Status:
Not open for further replies.