For the past several days PrivateFirewall has blocked repeated attempts at internet connection by C:\Windows\System32\svchost.exe. Details are "PF has blocked incoming UDP (17) packet from 192.168.2.134:60607 to 224.0.0.252:5355". Up to now I have let PF block the connection, but only on an incident-by-incident basis -- NO permanent block yet. Okay, so tell me please... 1) What the heck is going on? 2) Should I tell PF to block permanently or to allow?
It is probably this protocol: https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution It probably is not malicious. I would ask myself whether I share something on local network via shared folders or printers or use similar features. If not, it is probably harmless to block this port.
@bellgamin Unless you're sharing resources on your network with other PC's and need local computer name resolution, then you could instead simply disable Local Link Multicast Name Resolution (LLMNR) and then there wouldn't be anything to block. This link explains the various methods of disabling LLMNR: https://computerstepbystep.com/turn-off-multicast-name-resolution.html
I used to block it as well when I used Private FW. BTW, I stumbled on this old, interesting, post you might like to see https://www.wilderssecurity.com/thr...h-privatefirewall-split-to-own-thread.326775/