Generic Host Processes

Discussion in 'other security issues & news' started by seakiwi, Nov 4, 2004.

Thread Status:
Not open for further replies.
  1. seakiwi

    seakiwi Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    47
    After doing a Windows update yesterday (XP Home), I am now getting a heap of firewall alerts from Generic Host Processes wanting access to various Microsoft IP addresses, including a Hotmail related one. I do NOT have automatic windows updates enabled.

    What exactly is this generic host process anyway, and why the heck is Microsoft telling things to call home without my permission?

    This has just started since I did the update yesterday so I'm pretty much guessing that's not just a coincidence. Has anyone else noticed this?

    (I am refusing it the outbound connection needless to say)
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,778
    Location:
    Texas
    seakiwi

    Have a look here and see if it helps.
     
  3. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    Thanks ronjor. I've always wanted to know that...
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    if you go to start/run/services.msc and put automatic updates to manual, or it may have been disabled, it stops that happening for me-Generic Host Processes wanting access to various Microsoft IP addresses. then when you next want to go to windowsupdate put automatic updates to automatic.
     
  5. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    I rarely put anything on auto. I just want to know where the enable options are...
     
  6. seakiwi

    seakiwi Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    47
    OK, this is very weird.

    As I said in my original post, I NEVER have windows update set to automatically update - NEVER!

    Since I started getting these firewall alerts, I double checked my My Computer properties and confirmed that I did have auto updates unchecked.

    BUT ... when I went to check in Services just now, I discovered that the automatic update service had been started. Now I did NOT start that service. Which can only mean that somehow, the windows update I did yesterday, started that service without my knowledge, and most definitely without my permission. I don't know how, but I KNOW that I did not start it, and nobody else uses my computer.

    I have just tried to stop the service from running, and received an error message telling me "the service was unable to be stopped" ... I am about to reboot in the hope that a restart might fix this, but I am not happy. As far as I am concerned that is the very last windows update I will do. Any updates I need or want, I will download and install manually from now on.
     
  7. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    In sercices.msc, there are three start up type settings: auto, manual, & disabled. Unless totally disabled, update set to manual can be enabled by another application it seems.
     
  8. isnogood

    isnogood Registered Member

    Joined:
    Sep 22, 2004
    Posts:
    83
    Location:
    France
    Seakiwi, I also had this issue. My solution was to kill the service process with APT from DCS (very cool free utility for such purposes :)) . Simple Task Manager did't work.
    Next, go to admin tools-> services and disable automatic windows update. To be quite sure, search in regedit all instances of corresponding exe file (don't remember exact name) and delete all startup entries. You can also use any of your favorite startup managers also. If you don't killl the service process first, it regenerates automaticaly registry entries, like a Hydra. Next reboot the machine. This should work
    cheers,

    Isnogood
     
  9. seakiwi

    seakiwi Registered Member

    Joined:
    Nov 4, 2004
    Posts:
    47
    Thanks for you help people.

    I rebooted after getting that 'unable to stop the service' error, and that seemed to fix it. Service is now disabled, unchecked under Automatic Updates in My Computer properties, and I have had no further firewall alerts.

    I'd still like to know how MS was able to alter all that via a windows update. I'm reluctant enough at the best of times to 'let MS in my machine', but after this little incident, I'm even more convinced they can't be trusted.

    Thanks for your help! :)
     
Loading...
Thread Status:
Not open for further replies.