Generic Host Process for Win32 Services

Does anybody knows if the user must allow "Generic Host Process for Win32 Services" to act as a server into ZoneAlarm?

If I disable, what are the consequences?
Which applications/services will not allowed to be connected from the Internet?

I suppose that I can allow this C:\Windows\system32\svchost.exe to connect the Internet... In this case, what is connecting the Internet?

Very thanks.
Technical

 

Yes, and no. Your firewall should allow for, or be able to be configured for services like DHCP and DNS without allowing it as a server.

Please start by disabling two services. Start -> Run: 'services.msc', stop and disable SSDP Discovery Protocol, and Universal Plug n' Pray.

Now if your computer is not a Lan/ICS host for dynamic addressing then you can stop, and set the DNS Client to manual.

You should avoid allowing the program to act as a server, and if you must I suggest you get a more comprehensive firewall like a rule based appliction filtering firewall which will be more complex to configure.

EDIT: I haven't played with ZA for a while, but you should be able to add your dns servers and your dhcp server(if you have one) to your trusted IP list. That way you are not forced to set the program as a server.

 

Thanks for the quick answer...
I need to allow svchost.exe to connect out to the Internet or I won´t access the net anyway. In my XP, I denied the server rights too.

 

Very thanks. I disabled SSDP Discovery Protocol but I don´t have Universal Plug 'n Pray. I run the application from Gibson company and it says this service is Safely Disabled. Is that right?

I set DNS Client to manual too.

 

Sorry but besides my name, I do not know exactly what are you telling me...
I have a dial-up connection so I suppose I have a dynamic IP but what are the DNS servers and DHCP server? I´m not in a network (although I have a net card). Thanks

 

Thanks for your suggestion, I have heard Kerio is a good one. But I'm afraid I won't be able to configure such a complex firewall. If I set one wrong rule, I won´t be protected and the firewall won't do its job.

 

ZA should work fine for you currently, and maybe one day you will need something more complex, however today is not that day

 

Now, ZA is asking for server rights for almost every program that just access the Internet? What service I must go back to original state? SSDP Discovery Protocol, Universal Plug n' Pray or DNS Client?

I'm dening the access but something goes wrong...
The other option is that, before, this program acept conections from the Internet but I did not know this fact...

 

I get a big trouble. Thanks to GoBack!
I rolled by my system to an earlier safe position...
I don't know exactly what happened. Maybe all those services could not be disabled...

 

Please revue my past comments, I run with all three of those services not running, and tell you when you need to have the DNS Client running. I won't tell people to do things that I know are not safe.

 

I run Look n Stop as my firewall but I checked and while I already had the SSDP Discovery Protocol and Universal PnP disabled I did have the DNS service set to auto. I have just changed it to manual and now SVCHost no longer shows up as being connected all the time on the app filtering tab of LnS. It always did prior to this change. Everything seems to be working correctly, should SVCHost still be allowed to connect or could/should it be blocked all together now?

Thanks in Advance

 

Generic Host Process for Win32 Services (svchost.exe) has many tasks one being resolves and caches DNS. You “have to” set svchost.exe to act-as-server or it won’t accept incoming DHCP packets that lead to disconnections from their ISP, unless they don’t use DHCP. Also you won’t accept incoming DNS packets and that will cause active Connections to time-out; unless “DNS Client” service is disabled then Client Applications itself sends constant DNS packets. And that being the case all the Client Applications will need to act-as-server to receive incoming DNS packets otherwise Time-Outs for all active connections…

Am I mistaking how ZoneAlarm works?

 

For ZoneAlarm act-as-server Feature, does this apply to both TCP & UDP Protocols?

 

If firewalls/configurations didn't seperate services like DNS, and DHCP then that would cause problems. Every software firewall should be able to do this seperation since as even older 9x systems allowed for this while not requiring to make every program a server in application based firewalls.

svchost.exe should not be a general server on the internet, and should be avoided at all costs. However of coarse it does have its services which you might need to allow based on your setup.

In application based firewalls like ZA, when you allow it to be a server, it will allow all inbound tcp/udp connections not started by the connection on ports that is happens to be listening on. Which again is dangerious for svchost.exe

 

So ZoneAlarm does this separation of DHCP/DNS?

UDP is connectionless Protocol btw.

 

I can't verify dhcp, but I know dns is seperated as on 9x you didn't have to make every program a server. I'm sure they have some simple settings to select like checking the box for DHCP if its not already enabled by default.

Of coarse I know udp is connectionless, but that doesn't stop firewalls from monitoring its outbound udp to make a direct connection with inbound udp so its only accepted from that source.

This method is not the most secure, however its even less secure to force the user to make every program a server just so it can resolve dns.

 

Correct; UDP do not contain any connection information such as sequence numbers. Though at the very minimum they contain an IP address & port pairs, all of these data can be analyzed in order to build "virtual connections" in the cache.

 

Well if I must allow SVCHost to connect then something is strange with my LnS setup. I have had SVCHost blocked since last night, today I started my computer up and everything is connecting fine. I am on a cable modem and I believe in the past SVCHost was needed for DHCP and DNS. But it is blocked and everything is connecting fine with no time outs and such. Any ideas on what to check to verify that LnS is running properly?

Thanks

 

Hey JPM

From what you previously said, you have “DNS Client” service set to manual and therefore svchost.exe doesn’t make DNS connections no-longer. However, you are on cable and if you have DHCP enabled and you have svchost.exe set to deny for connecting rights in Application Filtering List than you will experience re-connecting issues with your ISP after certain length of time being connected and without re-booting.