hello i am using jetico firewall, i am running vista x64 svchost is able to recieve datagram ports 67-68 i currently have no inbound ports allowed for normal traffic it is allowed to connects outbound 67 68 443 53 outbound traffic is blocked to 1900 and a few 49... ports i problably need some inbound connections? At the moment it is trying to connect on port 80 to all sorts of addresses, i take it this isnt normal? I think this is how traffic is sneaking out via svchost. unfortunaltey there r loads more instances of this proccess than in xp, or is that my problem, does microsoft update need to connect via svchost? alex
Hello fellow Jetico user. A lot of explanations needed here, so I'll concentrate on the most important part and try to be concise as possible. Connecting on remote port 80 on all sorts of addresses is normal. This is how Jetico works (it warns on port level, as well as IP). What you want to do whenever you're asked for remote port 80 is to select "Web Browser" policy from the drop-down menu on the popup. This will connect on all IPs on ports 80 and 443 (and some other used for http, take a look at "Web Browser" table under "Ask User"). This will allow browsing without further popups (except for "Access to network" and "Indirect access to network", you should allow that). svchost.exe is Windows' multithreading process. It is used for running Windows services (Start->Run->services.msc ), as several services can run as a thread inside of that process. port 1900 should not be blocked by a firewall rule. You should stop "Universal Plug'n'Play" service as well as "SSDP Discovery" service instead, this will stop outbound attempts on UDP port 1900. After that, you can delete that rule. I don't know what exact port is 49.. (you can post this, a port number is not a security concern), and I can't remember what service/process uses port like 49xx, but that rule should not be needed as well. But don't delete it yet, we would first have to know what exactly is this rule used for. This is not needed, unless you run a server application (file sharing, web server) Yes. The rest of your concerns are basically default Jetico network rules, so you would have to do some reading on the links below - DHCP DNS Cheers
Hi set321go `) svchost.exe is used by windows update in TCP on ports 80 (HTTP) and 443 (HTTPS) inbound and outbound. It's also used to synchronised the clock in UDP on ports 123 (local and remote). This is the only Internet access needed for svchost. In local svchost is needed on port 67 and 68 for the DHCP used by routers and for LAN. The port 1900 in UDP is used in local for SSDP (Simple Service Discovery Protocol). Useless most of the time... An easy way to check what's going on in your PC is to used Process Explorer. Check each svchost launched in your PC to know about the services related to them and to check which ports are used by them... http://www.microsoft.com/technet/sysinternals/Utilities/ProcessExplorer.mspx
It seems that the recent windows update included a completely redesigned SVCHOST, which apparently obsoletes current firewall settings. Here's an interesting discussion in the Comodo forum: http://forums.comodo.com/help/sychostexe-t11762.0.html
There as been no change made to "svchost", this still has the same sha256 checksum from initial XPsp2 installation up to current windows updates. .
Hi Stem, This sounds great to me. I hate updates. I suggest that you post this information on the Comodo thread as well, so they can relax a bit. They seem to be very busy testing version 3.