svchost.exe replaced by Generic Host process

Discussion in 'other firewalls' started by vjeko, Jan 26, 2006.

Thread Status:
Not open for further replies.
  1. vjeko

    vjeko Registered Member

    Joined:
    Jan 26, 2006
    Posts:
    2
    Hi,
    I'm using Kerio 2.1.5 & have 2 PCs one with XP Home + SP2 & other with XP pro + SP1.

    On both PCs I have seen the message from Kerio:
    Personal Firewall has detected that application
    'C:\WINDOWS\SYSTEM32\SVCHOST.EXE' was replaced by
    another application with description 'Generic Host Process for Win32
    Services' Do you want to accept replacement of this application ?
    (on the XP Home, I initially thought the message came since I had
    just updated with SP2 and thought SP2 had made the change)

    I understand in general that svchost has to do with running DLLs, is
    a legit exe, is in the right folder and its size seems OK but haven't found
    anything on the net regarding this message.

    Could someone help re:
    (a)where does one find the "application description" in the installed
    XP that Kerio is talking about
    (b)What does the message mean/what should I do (how does one check
    what caused the replacement/what is doing this and why)
    I disallowed replacement and everything seems to keep working) ?

    BR,Vjeko
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi vjeko

    ... and welcome to Wilders :)

    "Generic Host Process for Win32 Services" is a descriptive name for "svchost.exe". The new prompt is pointing to the correct path "C:\WINDOWS\system32\svchost.exe", had you done any recent Windows updates prior to getting this?

    Regards,

    CrazyM
     
  3. leb

    leb Guest

    I get the same thing with Sygate. It asks me if I want to allow svchost.exe, ndisuio.sys, ntoskrnl.exe, lsass.exe and alg.exe.

    Should I let them through?
    (Sorry I dont know alot about these knid of stuff.)
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Depends on what kind of connection they are wanting to establish. Some of these services will need network access. If you can post particulars on the connection requests for the service (protocol, IP's, ports) then a recommendation could be made.

    Regards,

    CrazyM
     
Thread Status:
Not open for further replies.