Why does svchost.exe need access?

Discussion in 'LnS English Forum' started by TheQuest, Feb 15, 2006.

Thread Status:
Not open for further replies.
  1. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, all

    I am new to LnS, so please do no shout to much me if I seem to ask some strange questions.[I will have lots]

    My question is vert simler to this one:- looknstop.exe wants to connect, but is not LnS asking for access.


    I keep getting asked if svshost.exe can connect to the internet, is there any reason it needs access, I have the DNS service disabled so it not that.

    All help is thanked for in advance.

    Take Care,
    TheQuest :cool:
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    First was "svshost.exe" a typo and you meant svchost.exe?

    A number of different processes will run under svchost.exe and some may need access to the network/Internet.

    Permit it and enable logging in application control to see what type of connections it is making. With some sample logs posted we can take it from there.

    Regards,

    CrazyM
     
  3. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, CrazyM

    Thank you for your reply.

    Yes it was a typo. :oops:

    I removed it from the applicaton filtering [another :oops: ] , but the next time it ask I will set it allow and have logging on it.

    Thanks very much once again your reply and help in the mean time.

    Take Care,
    TheQuest :cool:
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, all

    Do I have Configure Look'n'Stop for my Router because I see an old Sticky telling how to do so, or do the new Versions of LnS do it for me [by me I mean the router].

    My router [Nat and firewalled] is not on a network as such, just a stand alone PC from the router to the PC on a Lan cable, used as first line of defence.

    Thanks for any help in advance.

    Take Care,
    TheQuest :cool:
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, CrazyM

    It is not connecting all the time so here are the only log entries so far, I hope it is of some kind of help:-

    Code:
    02-16-06,01:10:28  U+3    'APP: Allowed            ' Generic Host Process for Win32 Services EXE       C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    02-16-06,01:10:28  U+4    'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    02-16-06,01:10:29  U+5    'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    02-16-06,01:10:30  U+6    'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    02-16-06,01:10:32  U+7    'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    02-16-06,01:10:36  U+8    'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    02-16-06,01:10:44  U+9    'APP: Allowed            ' Generic Host Process for Win32 Services EXE       C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    02-16-06,01:10:44  U+10   'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    02-16-06,01:10:44  U+11   'APP: Allowed            ' Generic Host Process for Win32 Services EXE       C:\WINDOWS\SYSTEM32\SVCHOST.EXE
    02-16-06,01:10:44  U+12   'APP: Allow TCP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 80, IP: 207.46.253.219

    With Thanks for any your help with this.

    Take Care,
    TheQuest :cool:
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Just wanted to be sure it was that and not some malware.

    If everything is working fine right now it is not required.

    Code:
    02-16-06,01:10:28  U+4    'APP: Allow UDP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 53, IP: 192.168.1.1
    This is svchost.exe doing DNS lookups (being proxied/handled by your router 192.168.1.1) which is OK to allow. Even though you have the DNS Client Service disabled (used for caching) your system via svchost.exe will still do lookups.

    Code:
    02-16-06,01:10:44  U+12   'APP: Allow TCP          ' Generic Host Process for Win32 Services EXE      C:\WINDOWS\SYSTEM32\SVCHOST.EXE,Port: 80, IP: 207.46.253.219
    The IP belongs to Microsoft, do you have Windows Update enabled?

    Regards,

    CrazyM
     
  7. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, CrazyM

    Thanks once again for replying.

    Seem to be working fine, is there a test I should or can do to test LnS with the router, [other then a leak test, because trying to download the tests sets off my AV and AT, [and I d not think turning them off to downlod something to do a test is a good Idea.]

    I am usually [I have life time License] an OutPost user [but as it look to be going the same way as ZAP Big, Fat and wants to phone home about everything] so was not sure about the DNS caching in LnS.

    I do not as a rule have it enabled but had just done some Windows Updates and had not yet [unenabled] disabled it in services. [I try never use IE other then for Windows Updates]

    Thanks very nuch for your help again.

    Take Care,
    TheQuest :cool:
     
    Last edited: Feb 17, 2006
Thread Status:
Not open for further replies.