svchost.exe Outgoing connections??

Discussion in 'other firewalls' started by arran, May 23, 2008.

Thread Status:
Not open for further replies.
  1. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    For those of you who have properly configured your comodo 3 firewall you may have noticed its allways blocking svchost.exe from accessing the internet. like to IP 207.46.20.252 shown in the below screenie. I think these IPs belong to microsft?


    The only place svchost.exe needs to connect to is your DNS server via port 53. people using Online Armor will notice that this is set by default that OA only allows svchost.exe to connect to your DNS

    Anyway my question is this "with windows auto updates turned off"

    Why is svchost.exe allways trying to connect to microsoft ?

    What information is svchost.exe trying to send to microsoft ?
     

    Attached Files:

    • SV.JPG
      SV.JPG
      File size:
      72.5 KB
      Views:
      107
  2. Fuzzfas

    Fuzzfas Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    2,753
    LOL! MS has many mechanisms of phoning home. Try opening your search and explorer.exe will attempto to connect to MS for example. Or open WMP...

    Use XP AntiSpy and see if these connections remain. On my setup, svchost.exe only needs UDP out and nothing else. In PC Tools firewall i have it only with outgoung UDP allow rules for DNS and DHCP.
     
  3. wat0114

    wat0114 Guest

    Good question! I've pointed this out before here in post #12 and elsewhere, but no one ever seems concerned about it. Go figure?

    However, I use the "Custom" option for downloading updates and svchost needs access to ports 80 & 443 on various ip addresses to the Akamai servers.
     
  4. wrongway67

    wrongway67 Registered Member

    Joined:
    Apr 5, 2008
    Posts:
    45
    Have a look with CurrPorts which Services are registered in that svchost (the column "Process Services" displays the list of services of a process)
     
  5. Einsturzende

    Einsturzende Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    390
    Location:
    neubauten
    207.46.0.0 - 207.46.255.255
    65.52.0.0 - 65.55.255.255
    131.107.0.0 - 131.107.255.255
    64.4.0.0 - 64.4.63.255

    Above are all ranges I found which are connected with MS somehow (maybe there are more)
    Automatic update disabled is not enough im afraid.
    BITS (Background Intelligent Transfer Service) should be disabled as well
     
  6. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Yes I also have Background Intelligent Transfer Service disabled.

    The only services I have running are the ones below.
     

    Attached Files:

    • ser.JPG
      ser.JPG
      File size:
      111.3 KB
      Views:
      5,121
  7. wrongway67

    wrongway67 Registered Member

    Joined:
    Apr 5, 2008
    Posts:
    45
    but as said, if your run CurrPorts (http://www.nirsoft.net/utils/cports.html) you are able to see which are the services that are handled by the svchost that phones m$, so you can narrow the field
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.