zonealarm Generic host process for win32

Discussion in 'other firewalls' started by Arctic, Feb 2, 2005.

Thread Status:
Not open for further replies.
  1. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    I just upgraded my zonealarm Pro from 4.5 to 5.5. Now I am constantly getting a green popup warning me that "Generic Host Process for Win32 services" has been blocked. I do not understand what this is or why it is blocked. And on the pop up box it does not give me an option to unblock it. Or should I really attempt to unblock it? On the program controls it is set for:

    YES on Access trusted & internet;
    YES on Server trusted
    No on Server Internet

    I have also noticed that sometimes I cannot connect to the internet or the connection is very slow. I was just wondering if this blocking win32 could have something to do with that. Can anyone give me some advice on this :( I have contacted Zonealarm but they have not replied yet and it has been 3 days.
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Arctic

    Can you provide more details on what specifically is being blocked? Is it a connection attempt? A log entry would be helpful.

    Regards,

    CrazyM
     
  3. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    That is the problem. It only says generic host process for win32 blocked. A green box pops up and it does not give me the option to allow or to view what it is blocking. I am just totally confused about it. Zonealarm sent me a reply and told me to allow it as a server but in all the forums it says do not all it as a server. So, as you can see I am at a loss as what to do. :(
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    You shouldn't have to allow it as a server in the internet zone. Just give it internet access outbound only, as you already have. The only reason I can think of that you might get inbound traffic to Svchost.Exe is possibly related to incoming DNS replies which may be late at random times. This might also affect your browsing if they're denied. Next time look and see if ZA says it's related to DNS in the pop-up. If so, then you can just add your DNS servers to the trusted zone and then give Svchost.Exe (Generic Host Process) server access in the trusted zone only. That would then allow the incoming DNS responses and everything should be ok.

    I'm not sure if the above is indeed your problem, but it's worth a try... :)
     
  5. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    It only says generic host process for win32 blocked. A green box pops up and it does not say anything about DNS. Absolutely nothing but a blank box. It seems to be just a notification that the process was denied with no other explanation as to what the process is. :( I have no idea what could be causing it. I use the following:

    Linksys BEFSX41 router
    Linkslogger
    McAfee Antivirus
    Zone Alarm
    Port Explorer
    Wormguard
    Process Guard
    TDS-3 antitrojan

    Yes, yes, I know it sounds like security over kill. lol,,, but I was hacked 3 times by the same person and he put a really nasty little trojan on my computer so I have been a bit paranoid ever since that happened about 4 years ago. lol. Better to be safe then sorry. ;)

    Any help would greatly be appreciated to resolve this problem. Thanks to all. :)
     
  6. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is it a connection attempt or does your ZA Pro have some kind of component control that could be alerting?

    Regards,

    CrazyM
     
  7. Arctic

    Arctic Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    46
    To be honest CrazyM I have no idea if it is a connection attempt or component control. The Alert box that pops up tells me nothing at all and it gives me no options to allow or deny. The Alert box is "Green" and all it says is "Generic host pressess for win32 blocked" I don't know if this has something to do with my router or just what is going on. I have had zonealarm for years and never had a problem like this. When I upgraded from version 4.5 to 5.5 is when this started happening. Thanks for your reply. :)
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    If everything is working ok, then it could be harmless. There's probably an option somewhere to turn off the alert pop-ups.. although I'd be curious like you what it was all about... I have no clue from what you've described and I'm not running ZA at the moment...
     
  9. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there, if you look in the ZoneAlarm alerts window, in "programs' you should be able to see what has been blocked and hunt for that file/program.

    Some time ago i had difficulties in accessing internet and in my network and saw the rundll32.exe blocked there. Found out various instances as a 0 bytes file in my system.
    There were alerts popups but i don't remember exactly which.
    Anyway, you might find various 0 bytes files in your system, in the TDS directory among others.
    You run Port Explorer, doesn't that indicate processes which can give a clue here? Each process rightclick and look at the properties, at least if there have been recent modifications.
    My router seemed involved too so a router reset seemed helpful, but my first guess is the 0 bytes files involved here.

    Hope this helps!
     
  10. TONYR8680

    TONYR8680 Registered Member

    Joined:
    Feb 18, 2005
    Posts:
    4
    Hello everyone I just joined, this is my first post and I think I may have found some info that can help. I too have always wondered what the svchost.exe was for and I read many things about it from users who think its a dirty attempt to spy on us by microsoft and others who think its a virus related issue, but as far as I can tell (and mind you that Im no genius or windows power user) GHP4win32 is a system microsoft designed and implemented in windows 2K for delegating or grouping *.dll functions and has now carried it over into windows XP. basically each instance of "svchost.exe" has its own qroup of processes and its not uncommon for you to see 4 svchost.exe strings in the task manager under the process tab. Im not too sure yet as to which one is doing exactly what but I do know one is for your DNS as I have see it connect to the DNS sever for my ISP, my firewall alows me to view connections in real time. I have also read from others that one is for UPnP and even one for TCP/IP connections over a home network for shared folders (i.e. through a broadband router) I cannot verify these to be ture unfortunaly as I have limited computer knowledge but perhaps for some of the more experienced users here this info may help point you in the right direction. In closing I have been running win XP for about 2yrs now and always had up to date antivirus/spyware, firewall as well as sbybot,ad-aware and sbywareBlaster I gave svchost.exe filtered access to the net (basically the default filtering rules mcafee firewall sets for all progs) from the 1st day and have had no problems of any kind on any of my 3 boxes at home.
    also here is a link to another thread that you guys might find interesting:
    http://www.computing.net/security/wwwboard/forum/272.html
    or you can go to start->help and support then type "Q250320" for win 2K or "Q314056" for win XP these lead to microsoft knowledge base articles pertaining directly to GHP4win32
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    This is getting a bit annoying, I get the same popup at least 4 times a day, what´s going on? At the moment I have given Generic host process for win32 full access (client and server) just to get rid of this message. Even setting SmartDefense Advisor (which advises to deny access) to "automatic" didn´t help to my surprise. Any ideas why ZA Pro is acting this strangely. o_O
     
  12. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Let's see...

    Generic host should be allowed for trusted and internet access and trusted server access

    Your trusted zone should be on medium, Internet zone on high if file sharing. If you have the trusted zone on high, you need to configure it to allow DHCP and DNS out by checking the boxes in the configuration for the trusted zone high setting.

    Your router LAN IP (192.168.x.x probably) should be included in the trusted zone.

    Go to a command prompt and type in ipconfig /all I would expect the router IP to be listed for Default Gateway, DHCP Server and DNS Servers. If not, place the IP for the DNS servers into the trusted zone of ZAP. You can also put the loopback IP (127.0.0.1) into the trusted zone.

    See if that resolves the problem. It also depends on what you are doing at the time - browsing, email client attempting to connect, etc. You may need to place your ISP email server into the trusted zone as well. If you only use plain text mail and don't click links within the emails you get, you could then have your email client only configured for trusted access and send mail in ZAP most likely. This will eliminate Internet access for additional security from within the email client, if you desire that.

    Also, I was a little surprised that you resurrected such an old thread. :)
     
    Last edited: Dec 23, 2005
  13. ohmy

    ohmy Guest

    I'm running ZA Pro 4.5.594. Have FOUR RED Xs under Generic Host Process for Win32 Services. NO problemo.

    The Original NOD32.9. Attention MOD: someone stole my NOD32.9 username.
     
  14. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    You probably are not using the same Windows XP services the other posters are using so you may not need generic host access.
     
  15. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ Mem

    Thanks that fixed it, I have enabled "Allow outgoing DNS", the DCHP setting was not necessary. I never knew about this option because on Win9x/2000, ZA didn´t act this way. :)

    @ unhappy_viewer

    Well, I was blocked from their silly ass forum 2 years ago, because I said it wouldn´t be a bad idea if they would use different forum-software, can you believe this? Freaking mourons that´s what I call such people. I mean IMO their forum is real unhandy, looks like they are still stuck in the middle ages or something. :blink:
     
  17. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    I don't think you'd get banned just for making a suggestion unless you were constantly arguing. Or you violated the rules on some other thread.

    I don't think ZL will be changing software anytime soon. For one reason its because the software was provided by Litihum so I think there is some sort of agreement between them. Secondly the forum software support two versions of viewing posts. The first version is the default view for the ZA forums. Its mainly the view I use and I think the gurus use too. It doesn't 'bump' post up the board when people reply to it so that people who don't check the boards often may still be given the proper attention and to prevent spammers from bumping up very old posts and prevent us from helping people that really require help.
    The second view which you can select in the options gives pretty much the same format as the Wilders forum. I think in that view too, it bumps up post whenever someone replies to it.

    You don't have to register on the forum if you want to browse through it. You can use the search button too to make it easier.
     
  18. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
    Are there really two versions? I can only find the default one.
     
  19. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Once login, click "My Profile" at the top right. Select "Preferences". How threads will appear can be configured on that page.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    @ unhappy_viewer

    I just made comments in two posts about it, and I didn´t even get a warning I think, very strange. I mean I´m a member of about 8 forums and I have never been banned before. If I misbehaved it was a different story of course, but blocking me over such a small thing is just plain silly. :doubt:
     
  21. chiawaikian

    chiawaikian Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    46
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Hi,

    I get to see:

    "You are not allowed to access this site."
    "We're sorry, but you have been banned from using this site."

    So it looks like they blocked my IP address. :thumbd:
     
  23. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    I recommend you contact the forum moderator and have a word with him. It could be possible that your IP was used by a spammer who kept coming back even though he was banned by user name.

    You can find his email in the help page of the forum (just below the contents list). We can't post it here because it will attract spam spiders(that page is protected from spiders). You should be searching for this line:
    "For Additional information or unresolved Forum Problems, please E-Mail the Forum Moderator"
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Strange, can someone else use my IP address? I have been using the same IP for the last 2,5 years. But anyway, it´s better if you PM me because I can´t access the site at all.

    @ Moderators
    Maybe the posts about me being blocked from the ZA forum can be put in a seperate thread, because I kind of hijacked this topic. :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.