svchost

Discussion in 'other firewalls' started by set321go, Aug 13, 2007.

Thread Status:
Not open for further replies.
  1. set321go

    set321go Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    6
    hello

    i am using jetico firewall, i am running vista x64

    svchost is able to recieve datagram ports 67-68

    i currently have no inbound ports allowed for normal traffic

    it is allowed to connects outbound 67 68 443 53

    outbound traffic is blocked to 1900 and a few 49... ports

    i problably need some inbound connections?

    At the moment it is trying to connect on port 80 to all sorts of addresses, i take it this isnt normal? I think this is how traffic is sneaking out via svchost. unfortunaltey there r loads more instances of this proccess than in xp, or is that my problem,

    does microsoft update need to connect via svchost?

    alex
     
  2. wat0114

    wat0114 Guest

  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello fellow Jetico user. :D

    A lot of explanations needed here, so I'll concentrate on the most important part and try to be concise as possible.

    Connecting on remote port 80 on all sorts of addresses is normal. This is how Jetico works (it warns on port level, as well as IP). What you want to do whenever you're asked for remote port 80 is to select "Web Browser" policy from the drop-down menu on the popup. This will connect on all IPs on ports 80 and 443 (and some other used for http, take a look at "Web Browser" table under "Ask User"). This will allow browsing without further popups (except for "Access to network" and "Indirect access to network", you should allow that).

    svchost.exe is Windows' multithreading process. It is used for running Windows services (Start->Run->services.msc ), as several services can run as a thread inside of that process.

    port 1900 should not be blocked by a firewall rule. You should stop "Universal Plug'n'Play" service as well as "SSDP Discovery" service instead, this will stop outbound attempts on UDP port 1900. After that, you can delete that rule.

    I don't know what exact port is 49.. (you can post this, a port number is not a security concern), and I can't remember what service/process uses port like 49xx, but that rule should not be needed as well. But don't delete it yet, we would first have to know what exactly is this rule used for.

    This is not needed, unless you run a server application (file sharing, web server)

    Yes.

    The rest of your concerns are basically default Jetico network rules, so you would have to do some reading on the links below -

    DHCP

    DNS

    Cheers :)
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi set321go `)

    svchost.exe is used by windows update in TCP on ports 80 (HTTP) and 443 (HTTPS) inbound and outbound. It's also used to synchronised the clock in UDP on ports 123 (local and remote).

    This is the only Internet access needed for svchost.

    In local svchost is needed on port 67 and 68 for the DHCP used by routers and for LAN.

    The port 1900 in UDP is used in local for SSDP (Simple Service Discovery Protocol). Useless most of the time...

    An easy way to check what's going on in your PC is to used Process Explorer.
    Check each svchost launched in your PC to know about the services related to them and to check which ports are used by them...

    http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx

    :)
     
  5. set321go

    set321go Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    6
    cheers guys, the links r pretty helpful
     
  6. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    There as been no change made to "svchost", this still has the same sha256 checksum from initial XPsp2 installation up to current windows updates.

    .
     
  8. Lundholm

    Lundholm Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    108
    Location:
    Copenhagen, Old Zealand
    Hi Stem,

    This sounds great to me. I hate updates.

    I suggest that you post this information on the Comodo thread as well, so they can relax a bit. They seem to be very busy testing version 3.
     
Thread Status:
Not open for further replies.