svchost allow net access

Discussion in 'other security issues & news' started by chrcol, Jul 1, 2006.

Thread Status:
Not open for further replies.
  1. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    this exe generic host do you allow it access in your firewall rules? if yes what ports in/out thanks.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    when i had outpost pro, i set up svchost according to this post.

    now im using looknstop and i just allow it access. i dont want to break anything or make any advanced changes.
     
  3. emir

    emir Registered Member

    Joined:
    Dec 21, 2005
    Posts:
    61
    There is more than one instance of svchost running, I many times have run into this and I simply block each one until I figure which one I have to have to browse because all of them do not have to have internet access. You allow only one each time and figure out which one it is as it is more secure in my opinion to not allow something access that isn't ablolutely mandatory for you to access internet. There are dll's that don't have to be loaded with svchost/Generic Host process also but will ask everytime and with some firewalls such as sygate pro you simply don't have the choice to check the box and it asks every time you boot up, it is worth it to me though to have the minimum access for maximum security.
     
  4. chrcol

    chrcol Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    783
    Location:
    UK
    emir how do you do that then since there is only one svchost.exe on my system and my firewall only asks me once, it doesnt ask once for each process.
     
  5. emir

    emir Registered Member

    Joined:
    Dec 21, 2005
    Posts:
    61
    Because I have read on microsoft's web site as well as others that svchost/generic host process represents more than one particular process and while you have to have all of these process' left running all of them I know from my own experience do not have to have internet access. Like I said sygate is one application I have learned this from but also AppDefend/RegDefend which I know from experience playing with trojans is a very good firewall because sygate was killed immediately while AppDefend/RegDefend kept ticking and kept a very dangerous trojan I was playing with from doing anything. Under the AppDefed's rules section I have seen two different svchost' listed and I allowed only one of them. I blocked the wrong one before and had to allow it and block the other one instead. But this is only if you are true believer in minimum access maximum security, I mean why let it connect if you don't need it to function on the net? All you have to do if you don't trust my judgement is open up task manager and look at all the different instances of svchost running.
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    svchost may have multiple instances but its only one file located in C:\WINDOWS\System32. each instance just uses different parameters.

    a firewall will only go by the process name so creating rules can be tricky.
     
  7. emir

    emir Registered Member

    Joined:
    Dec 21, 2005
    Posts:
    61
    Once again let me say I have seen in more than one security application this process listed twice. I have had the chance to allow one and block the other. How many times do I have to say it.
     
  8. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    I too have several instances of Svchost .exe running and occassionally they do ask for internet access, sometimes on port 443 and sometimes on port 80. [I dont have WGA on my PC], I do allow access to ntp to update the clock otherwise I block most if not all. Everything seems to work ok.
    Gordon
     
  9. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    what firewall are u using if i may ask?
     
  10. steveo

    steveo Registered Member

    Joined:
    Mar 3, 2006
    Posts:
    9
  11. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    WSfuser
    Kerio 4.2.3
    regards Gordon
     
Loading...
Thread Status:
Not open for further replies.