outgoing messages from Micrisift

Discussion in 'ESET Smart Security' started by Shankle, Nov 23, 2008.

Thread Status:
Not open for further replies.
  1. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    I had to recently reinstall ESET SS.
    Running Vista Business
    I have my Firewall set to interactive.
    Since the install I am constantly bombarded with outgoing messages
    by Microsoft. Actual title is: "Host process for Windows services" and
    there are others. Why is Microsoft doing this and what are they taking
    from my Puter? At present I just move this window to the lower left hand
    corner of my screen. I let it sit there otherwise I can't get anything done
    because I am repeatedly asked to permit these outgoing messages.
    VERY annoying.
    I am having a difficult time deciding what to allow and what to deny.
    Some insights would be appreciated.
     
  2. ASpace

    ASpace Guest

    Isn't is a pop-up from ESET Smart Security regarding svchost.exe (Host process for Windows services) requiring outgoing access ? If not , could you please make a screenshot and use the forum option to attach it so that it is better seen/understood .
     
  3. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    To HiTech_boy,
    Thanks for responding. I have attached a screen shot of one of the windows
    that keep appearing because of the interactive mode setting of the Firewall.
    Other screens also appear from Microsoft like the one attached.

    If the screen shot is not to your liking please give a few details and I
    will try to comply.
     

    Attached Files:

  4. ASpace

    ASpace Guest

    You are welcome . No worries , the screenshot is OK . It confirms my expectations :)

    ESS informs you and asks permission to allow normal svchost.exe communication , normal for Vista .

    In order to permanenly allow it and stop the pop-ups either turn to Automatic mode of the firewall or follow the instructions below to create a rule for svchost.exe


    Open the user interface (GUI) . Enter the Advanced Setup Tree (F5)

    Navigate to Personal Firewall. Choose Interactive Mode

    Then, open Personal firewall > Rules and zones > Zone and rule setup
    Choose "Toggle detailed view of all riles" (if already not set to this)

    Start creating new rule (use the button called "New")


    Name : your choice
    Direction : Out
    Action : Allow
    Protocol : TCP & UDP


    In Local tab - Application , enter carefully this C:\Windows\system32\svchost.exe (where "C" is the letter of the partition where this Windows Vista is installed)

    In Remote tab - "Remote port" section , please enter ports 80 , 443 , 5355 using the button "Add port".

    At the end , when you goto General tab , it shall look like this:
    thisway.png

    When you are ready , confirm with OK . Press Apply .
     
    Last edited by a moderator: Nov 23, 2008
  5. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    619
    Location:
    Sydney Australia
    NetRange: 68.142.64.0 - 68.142.127.255
    OrgName: Limelight Networks, Inc.

    Are you using limelight networks for anything or hosting anything that may need to connect to them? If not I'd block their complete IP range.
     
    Last edited: Nov 24, 2008
  6. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    Hi Stackz,
    No, I am not using Limelight Networks and as far as I know not using anything that connects to them.
    There are many other windows that popup with the label "Host process for windows service" that are not taken care of by the Rule HiTech_boy gave me.
    The Rule has been entered that HiTech_boy suggested and it has slowed the
    popups down some.
    Thanks for responding.
     
  7. ASpace

    ASpace Guest

    Please , provide more information and screenshots . I can't guess them .
    The rule I gave you should have cleared most of the things - allowing legitimate outgoing traffic of svchost.exe

    And , please , don't get it personally but Interactive mode is not for you . It seems that you cannot understand the information ESS provides you with . If you can't understand that information you expose yourself to risk because you might create wrong rule (allow something that should not be allowed , for example) . Is there a specific reason you have turned to Interactive mode ? If not I'd recommend you turn to Automatic mode and let ESS decide what to allow and what to block.
     
  8. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    Here are 5 popups that I get on a regular basis.
    Thanks for any help.
     

    Attached Files:

  9. ASpace

    ASpace Guest

    Hello!

    The first two are legitimate - port 123 is for the Windows Time - Windows would like to synchronise your time/the clock with Microsoft server time.windows.com

    The secons one shows communication in your trused zone , which I would allow .

    The third screenshot (re. Windows Explorer) is communication to a machine of CacheNetworks with IP in Chichago . Do you know this communication ? If the answer is NO , Deny it.

    The 4th one (Windows Media Player) is a legitimate , too . Allow it .
     
  10. Shankle

    Shankle Registered Member

    Joined:
    May 2, 2006
    Posts:
    510
    Thank you very much for replying HiTeck_boy.
    The information that you supplied is very difficult for a user to assess.
    That should stop most of my popups.
     
Thread Status:
Not open for further replies.