svchost.exe rules for Kerio 2.15?

Discussion in 'other firewalls' started by MushfiQ, Feb 26, 2005.

Thread Status:
Not open for further replies.
  1. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Greetings! I am currently trying Kerio 2.15 using Blitz advanced default replacement rules. Everything working fine so far. Just a lil issue which is bother me that is svchost ( Generic Host Process for win 32 services). Reading the forums what i understood that is necessary for some reason to allow it in XP. What would be the exact rules for svchost for both Tcp/Udp & remote ports ? Would reallly appriciate that...Cheers :)

    MushfiQ
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    The most common prompts (and required network connections) you are likely to see from svchost.exe will be for DNS querries and DHCP. With your Kerio rules these are likely covered off with system rules (any application) near the top of your rule set.

    You can see multiple instances of svchost.exe running, each being responsible for a group of services. Some you will not want to permit connections from/to.

    A description of Svchost.exe in Windows XP

    Regards,

    CrazyM
     
  3. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Thx Ceazy for the quick repsonse.....i am bit on learning curve...so still understanding the ports. Usually it promts for an outboun connection from >>time.windows.com & from the protocol at time Tcp/Udp....do u think i should allow? The port was i guess 123..was thinking if there is any necessary ports for such? Thx again :cool:
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you want to make use of the Windows Time service then you can allow this (UDP, direction both, port 123, can be restricted to specified remote IP). If not, you could disable the service and you should no longer see these particular prompts.

    Regards,

    CrazyM
     
  5. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    So i guess there is absoloutely no harm to disable that? I guess the advanced rules pretty much covers the whole thing then. Thx Crazy for the quick responses.

    Regards,
    MushfiQ
     
  6. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Windows update requires that svchost.exe make outbound connection with TCP to microsoft, servers remote ports 80 and 443.

    Most of the time the remote network/mask addresses are:
    207.46.0.0/255.255.0.0 and 64.4.0.0/255.255.192.0

    Sometimes, MS buys bandwith from random server addresses. You can either skip these when the firwall awarns you, or just give svchost.exe access to all remote addresses. The later is probably necessary if automatic updates are enabled (however, the service must be on for updates to sp2 to work at all.)
     
  7. MushfiQ

    MushfiQ Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    131
    Thx Diver & Crazy....both of you have summed it up for me....was a lil confused...kept on denying first then now have permetted it finally :cool: All u being very kind.....appriciate that....Cheers.....have a great weekend :)
     
Thread Status:
Not open for further replies.