Malware Defender svchost.exe Physical Disk Access

Discussion in 'other anti-malware software' started by 0strodamus, Sep 14, 2009.

Thread Status:
Not open for further replies.
  1. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    I'm getting occasional prompts in Malware Defender for svchost.exe requesting access to the physical disk. I've set a block rule and haven't had any ill effects. I typically default to blocking any activity like this with network applications. I was wondering if the other Malware Defender users in this forum allow or block this and why.

    On a separate note, I'm trying to figure out why Malware Defender fails the RawDisk test in the Comodo Firewall Test Suite. It was also failing the ActiveDesktop test, but I added an ask rule under System Settings for HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\General\* and that closed the hole. :)
     
  2. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    svchost is permitted to access physical disk in my config. I must picked that config up during initial learning mode setup.
     
  3. wat0114

    wat0114 Guest

    Mine is still at "Ask" so svchost has not yet attempted physical disk access.
     
  4. Scoobs72

    Scoobs72 Registered Member

    Joined:
    Jul 16, 2007
    Posts:
    1,108
    Location:
    Sofa (left side)
    Flicking mine back to "Ask" then and I'll see what happens:)
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    svchost.exe on my os in training mode has never ever accessed physical disk, neither has it attempted to after I locked down svchost.exe.
     
  6. xiaolin

    xiaolin Registered Member

    Joined:
    Aug 11, 2008
    Posts:
    248
    It depends on the services running on your system. Svchost.exe is a generic host process for services that run from DLLs. If one of such service need to access physical disk, you may permit it.

    The RawDisk test in the Comodo Firewall Test Suite test reading, but MD check writing physical disk only.

    Thanks,
    Xiaolin
     
  7. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    Thanks to everyone for your replies and to Xiaolin for the information.

    I'm going to put my rule back to ask as well so that I can try to determine the service that is making the request. It's not something that I see in my logs regularly, so it must be a service that runs on demand and that I don't use often.

    Besides the obvious security protection, one of the things I like about MD is that you can really gain an insight into what is going on "behind the scenes" on your system.

    Darrell
     
Loading...
Thread Status:
Not open for further replies.