Help please: Windows 7 + Eset Smart Security 4.0.474.0 + svchost.exe

Discussion in 'ESET Smart Security' started by 3s3tUs3r, Mar 17, 2010.

Thread Status:
Not open for further replies.
  1. 3s3tUs3r

    3s3tUs3r Registered Member

    Joined:
    Mar 17, 2010
    Posts:
    4
    Hi,

    I've been checking the forum and I couldn't find a topic with my problem, forgive me if I've overlooked something.

    I'm kinda getting desperate with some inbound traffic alerts which I can not put my finger on. I am used to Windows XP and I'm new to Windows 7 because it's installed on a new laptop I recently got. After installing Eset Smart Security on the Windows 7 machine I'm getting inbound traffic alerts during browsing which I don't know what to do with. I took screen grabs of the requests hoping you guys could help me out.. Like for example completely block those ips and/or local ports (which is going to be pretty annoying coz they are on a different local port all the time) or block the ips with the remote port? Btw, I'm using Firefox and many of the requests are also during the use of Facebook.. What I don't get either is why does it connect to svchost.exe while browsing and not to Firefox?

    http://img242.imageshack.us/img242/7623/grab01.jpg

    http://img52.imageshack.us/img52/4391/grab02.jpg

    http://img2.imageshack.us/img2/3841/grab03.jpg

    http://img197.imageshack.us/img197/8797/grab04.jpg

    http://img197.imageshack.us/img197/8784/grab05.jpg

    http://img146.imageshack.us/img146/2910/grab06.jpg

    http://img340.imageshack.us/img340/7505/grab07.jpg


    I don't know what to do with these either, they are not related to browsing..

    http://img715.imageshack.us/img715/6122/grab001k.jpg

    http://img251.imageshack.us/img251/5958/grab002r.jpg

    http://img525.imageshack.us/img525/7115/grab003v.jpg

    Thanks guys..
     
    Last edited: Mar 17, 2010
  2. bachor

    bachor Registered Member

    Joined:
    Mar 6, 2010
    Posts:
    15
    That's normall.

    It's some reply generated from web-servers back to your system (dunno why it's not back to internet browser).
    Those high tcp ports are randomly generated.. you can block it.. or allow.. no matter ;-)

    Correct me if i'm wrong.
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    is it possible that the answer is to verify some digital signatures?
    malware defender (torchsoft) showed up also von svchost and some
    of them ended on verisign servers in germany and usa
     
  4. bachor

    bachor Registered Member

    Joined:
    Mar 6, 2010
    Posts:
    15
    Uhm I think it's rather an TCP ACK..

    ..but dunno why it's not beeing transported back to browser..
     
  5. 3s3tUs3r

    3s3tUs3r Registered Member

    Joined:
    Mar 17, 2010
    Posts:
    4
    I keep blocking them but those requests just don't stop. It's also when I use ftp, I get incoming connects to high random ports also to svchost and not to the ftp program I'm using.
     
  6. 3s3tUs3r

    3s3tUs3r Registered Member

    Joined:
    Mar 17, 2010
    Posts:
    4
    No one?

    :'(
     
  7. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    how did you setup your firewall rules, are all of them custom (try using inbuilt ones)? You seem to be blocking and worrying over legitimate traffic while browsing
     
  8. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    What you are seeing (I think) is the firewall state table losing the plot or timing out too soon. It does the same thing on mine to and has done for quite a few versions of the firewall. I think it was originally noticed with windows 7 but it's late and I may have got that one wrong.

    The firewall looks as if it intermittenly loses track of reply packets from whatever website you are browsing (and it's not just a limited few... I'm getting sick of it, on lots of different sites). If you click to block it, or the tcp stack times out (or however it actually works), the tcp stack simply does a retry and typically gets it ok the next time.

    I saw this in an old thread but don't know if it ever got fixed or taken seriously. Sometimes you just give up and click to continue.

    Sorry for the negativity but I'm getting a bit fed up with this product now, but hey ho, they might all be the same.

    cheers
     
Thread Status:
Not open for further replies.