outgoing messages from Micrisift

I had to recently reinstall ESET SS.
Running Vista Business
I have my Firewall set to interactive.
Since the install I am constantly bombarded with outgoing messages
by Microsoft. Actual title is: "Host process for Windows services" and
there are others. Why is Microsoft doing this and what are they taking
from my Puter? At present I just move this window to the lower left hand
corner of my screen. I let it sit there otherwise I can't get anything done
because I am repeatedly asked to permit these outgoing messages.
VERY annoying.
I am having a difficult time deciding what to allow and what to deny.
Some insights would be appreciated.

 

Isn't is a pop-up from ESET Smart Security regarding svchost.exe (Host process for Windows services) requiring outgoing access ? If not , could you please make a screenshot and use the forum option to attach it so that it is better seen/understood .

 

To HiTech_boy,
Thanks for responding. I have attached a screen shot of one of the windows
that keep appearing because of the interactive mode setting of the Firewall.
Other screens also appear from Microsoft like the one attached.

If the screen shot is not to your liking please give a few details and I
will try to comply.

 

You are welcome . No worries , the screenshot is OK . It confirms my expectations

ESS informs you and asks permission to allow normal svchost.exe communication , normal for Vista .

In order to permanenly allow it and stop the pop-ups either turn to Automatic mode of the firewall or follow the instructions below to create a rule for svchost.exe


Open the user interface (GUI) . Enter the Advanced Setup Tree (F5)

Navigate to Personal Firewall. Choose Interactive Mode

Then, open Personal firewall > Rules and zones > Zone and rule setup
Choose "Toggle detailed view of all riles" (if already not set to this)

Start creating new rule (use the button called "New")


Name : your choice
Direction : Out
Action : Allow
Protocol : TCP & UDP


In Local tab - Application , enter carefully this C:\Windows\system32\svchost.exe (where "C" is the letter of the partition where this Windows Vista is installed)

In Remote tab - "Remote port" section , please enter ports 80 , 443 , 5355 using the button "Add port".

At the end , when you goto General tab , it shall look like this:


When you are ready , confirm with OK . Press Apply .

 

NetRange: 68.142.64.0 - 68.142.127.255
OrgName: Limelight Networks, Inc.

Are you using limelight networks for anything or hosting anything that may need to connect to them? If not I'd block their complete IP range.

 

Hi Stackz,
No, I am not using Limelight Networks and as far as I know not using anything that connects to them.
There are many other windows that popup with the label "Host process for windows service" that are not taken care of by the Rule HiTech_boy gave me.
The Rule has been entered that HiTech_boy suggested and it has slowed the
popups down some.
Thanks for responding.

 

Please , provide more information and screenshots . I can't guess them .
The rule I gave you should have cleared most of the things - allowing legitimate outgoing traffic of svchost.exe

And , please , don't get it personally but Interactive mode is not for you . It seems that you cannot understand the information ESS provides you with . If you can't understand that information you expose yourself to risk because you might create wrong rule (allow something that should not be allowed , for example) . Is there a specific reason you have turned to Interactive mode ? If not I'd recommend you turn to Automatic mode and let ESS decide what to allow and what to block.

 

Here are 5 popups that I get on a regular basis.
Thanks for any help.

 

Hello!

The first two are legitimate - port 123 is for the Windows Time - Windows would like to synchronise your time/the clock with Microsoft server time.windows.com

The secons one shows communication in your trused zone , which I would allow .

The third screenshot (re. Windows Explorer) is communication to a machine of CacheNetworks with IP in Chichago . Do you know this communication ? If the answer is NO , Deny it.

The 4th one (Windows Media Player) is a legitimate , too . Allow it .

 

Thank you very much for replying HiTeck_boy.
The information that you supplied is very difficult for a user to assess.
That should stop most of my popups.