Grateful for any help with understanding these entries from my firewall log: I have the DNS client service running, and my DNS rules allow bidirectional UDP connections between svchost.exe and my ISP's two DNS servers on remote port 53. The blocked UDP connections in the log came from those DNS servers, and all within a six-second timespan. If I've got this right, then with the DNS client service, all DNS lookups are handled by svchost, so why the attempt to connect to Proxomitron? I checked my event log to see if the service had stopped running (I would guess that's unlikely), but no sign of that. I can't see that this has any security implications - after all, AFAIK I could disable the DNS client service and then individual applications would do DNS lookups themselves, rather than everything going through svchost - but I'm curious as to why it happened.