svchost allow net access

this exe generic host do you allow it access in your firewall rules? if yes what ports in/out thanks.

 

when i had outpost pro, i set up svchost according to this post.

now im using looknstop and i just allow it access. i dont want to break anything or make any advanced changes.

 

There is more than one instance of svchost running, I many times have run into this and I simply block each one until I figure which one I have to have to browse because all of them do not have to have internet access. You allow only one each time and figure out which one it is as it is more secure in my opinion to not allow something access that isn't ablolutely mandatory for you to access internet. There are dll's that don't have to be loaded with svchost/Generic Host process also but will ask everytime and with some firewalls such as sygate pro you simply don't have the choice to check the box and it asks every time you boot up, it is worth it to me though to have the minimum access for maximum security.

 

emir how do you do that then since there is only one svchost.exe on my system and my firewall only asks me once, it doesnt ask once for each process.

 

Because I have read on microsoft's web site as well as others that svchost/generic host process represents more than one particular process and while you have to have all of these process' left running all of them I know from my own experience do not have to have internet access. Like I said sygate is one application I have learned this from but also AppDefend/RegDefend which I know from experience playing with trojans is a very good firewall because sygate was killed immediately while AppDefend/RegDefend kept ticking and kept a very dangerous trojan I was playing with from doing anything. Under the AppDefed's rules section I have seen two different svchost' listed and I allowed only one of them. I blocked the wrong one before and had to allow it and block the other one instead. But this is only if you are true believer in minimum access maximum security, I mean why let it connect if you don't need it to function on the net? All you have to do if you don't trust my judgement is open up task manager and look at all the different instances of svchost running.

 

svchost may have multiple instances but its only one file located in C:\WINDOWS\System32. each instance just uses different parameters.

a firewall will only go by the process name so creating rules can be tricky.

 

Once again let me say I have seen in more than one security application this process listed twice. I have had the chance to allow one and block the other. How many times do I have to say it.

 

I too have several instances of Svchost .exe running and occassionally they do ask for internet access, sometimes on port 443 and sometimes on port 80. [I dont have WGA on my PC], I do allow access to ntp to update the clock otherwise I block most if not all. Everything seems to work ok.
Gordon

 

what firewall are u using if i may ask?

 

This may help: http://support.microsoft.com/?kbid=314056

Steveo.

 

WSfuser

Kerio 4.2.3
regards Gordon