Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Problem if I block svchost.exe?

Reply
Thread Tools

Problem if I block svchost.exe?

 
 
Grice Webster
Guest
Posts: n/a
 
      06-27-2003
When I dialup to the Net my Sygate Fireall gives me this message on
my WinXP system:

"Application Generic Host Process for Win32 Services has been
blocked, File name is svchost.exe."

Am I likely to miss out on any useful functions if I block this
application from accessing the Net? What does svchost.exe do?
 
Reply With Quote
 
 
 
 
James Grant
Guest
Posts: n/a
 
      06-27-2003
Grice Webster wrote:
>
> When I dialup to the Net my Sygate Fireall gives me this message on
> my WinXP system:
>
> "Application Generic Host Process for Win32 Services has been
> blocked, File name is svchost.exe."
>
> Am I likely to miss out on any useful functions if I block this
> application from accessing the Net? What does svchost.exe do?


Here's a link that describes it:

http://www.igknighttec.com/Windows/W...vchost_exe.php

Whether to allow or block is up to you. If you trust Windows, allow it.
If you want to be extra careful, block it and watch to see if anything
doesn't work right.

James Grant
 
Reply With Quote
 
 
 
 
Clive
Guest
Posts: n/a
 
      06-27-2003

"DougNews" <DougNews@Doesn'tWork.net> wrote in message
news:BK_Ka.13723$(E-Mail Removed) et...
> Yes, you need to allow this Internet access - check out his site to

minimize
> your services: http://www.blkviper.com/WinXP/servicecfg.htm
>
> "Grice Webster" <(E-Mail Removed)> wrote in message
> news:93A7995562BA123E1@130.133.1.4...
> > Am I likely to miss out on any useful functions if I block this
> > application from accessing the Net? What does svchost.exe do?

>

I've had scvhost blocked for months with Sygate Pro v5 and not a problem
accessing web, news, email, ICQ...


????

Clive


 
Reply With Quote
 
Kev
Guest
Posts: n/a
 
      06-27-2003
DougNews wrote:
> Yes, you need to allow this Internet access - check out his site to
> minimize your services: http://www.blkviper.com/WinXP/servicecfg.htm
>
> "Grice Webster" <(E-Mail Removed)> wrote in message
> news:93A7995562BA123E1@130.133.1.4...
>> Am I likely to miss out on any useful functions if I block this
>> application from accessing the Net? What does svchost.exe do?


Had it blocked for 6 months without a problem
--
Kev
Brighton UK


 
Reply With Quote
 
DougNews
Guest
Posts: n/a
 
      06-28-2003
That's good - scvhost is a virus/trojan component (as compared to svchost -
a Windows component).

OK, seriously, at some point we have to trust some programs - whether it is
the firewall or Windows or.... By allowing this and minimizing services in
XP, you have tightened up security of the OS. Maybe you have a rule set to
allow DNS, DHCP (if needed), etc. through separately from the svchost
(Generic host...) settings. While I agree that we should usually deny
access first and allow it later as needed, this is the one case I usually
let go and tighten the OS services themselves.


"Clive" <(E-Mail Removed)> wrote in message
news:AJ%Ka.8469$(E-Mail Removed)...
> I've had scvhost blocked for months with Sygate Pro v5 and not a problem
> accessing web, news, email, ICQ...
>
>
> ????
>
> Clive
>
>



 
Reply With Quote
 
Duane Arnold
Guest
Posts: n/a
 
      06-28-2003
> While I agree that we should usually deny
> access first and allow it later as needed, this is the one case I usually
> let go and tighten the OS services themselves.


And that is the problem. One stops svchost.exe for some reason. It's not
svchost.exe that wants access to the Internet. It's a sub-component program
like a dll (possible Trojan program) that is using svchost.exe on its behalf
to get out.

So one stops svchost.exe this time and one doesn't know what really wants
access to the Internet.

Then one lets svchost.exe have access to the Internet for some other
possible legit reason.

What happened to that other reason svchost.exe was stopped?

Duane

--
The protection of the machine is a process and not a given!


 
Reply With Quote
 
DougNews
Guest
Posts: n/a
 
      06-28-2003
And that is why proper firewalls include application DLL authentication or
component control, isn't it? Your point is correct for firewalls that don't
have controls over components but Sygate (and ZAP) does, which is the one of
concern to the original poster.

"Duane Arnold" <(E-Mail Removed)> wrote in message
news:cjhLa.41712$Fy6.12534@sccrnsc03...
> > While I agree that we should usually deny
> > access first and allow it later as needed, this is the one case I

usually
> > let go and tighten the OS services themselves.

>
> And that is the problem. One stops svchost.exe for some reason. It's not
> svchost.exe that wants access to the Internet. It's a sub-component

program
> like a dll (possible Trojan program) that is using svchost.exe on its

behalf
> to get out.
>
> So one stops svchost.exe this time and one doesn't know what really wants
> access to the Internet.
>
> Then one lets svchost.exe have access to the Internet for some other
> possible legit reason.
>
> What happened to that other reason svchost.exe was stopped?
>
> Duane
>
> --
> The protection of the machine is a process and not a given!
>
>



 
Reply With Quote
 
Duane Arnold
Guest
Posts: n/a
 
      07-04-2003
> what about Tiny Personal Firewall?

Nothing against Tiny but the answer is NO.

Duane

--
The protection of the machine is a process and is not a given!
"joe" <(E-Mail Removed)> wrote in message news:(E-Mail Removed)...
> what about Tiny Personal Firewall? I run that, and it seems to catch alot

of
> things....I agree, though, that the thing mightbe to do dll injection on a

known
> service that user would not suspect is a problem.....
>
> Duane Arnold wrote:
>
> > > And that is why proper firewalls include application DLL

authentication or
> > > component control, isn't it? Your point is correct for firewalls that

> > don't
> > > have controls over components but Sygate (and ZAP) does, which is the

one
> > of
> > > concern to the original poster.

> >
> > I did a test of Sygate vs. BlackIce for the IDS in Sygate. If Sygste

didn't
> > know about the Gator dll(s) using IE and Outlook and only knew about IE

or
> > Outlook exe wanting access, I don't see how Sygate would know about the
> > actual name of a dll wanting access using svchost.exe.and report the

name.
> >
> > I didn't see that, but I could have missed it . BI told me about

everything
> > that was happening with the exe(s), dell(s), etc that were wanting to

use
> > IE and OE on their behalf.
> >
> > Duane
> >
> > --
> > The protection of the machine is a process and is not a given!

>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fo:Block can you check to see if a block contains any text by using the block id? morrell XML 1 10-10-2006 07:18 PM
Problem with enterprise application block - data block Showjumper ASP .Net 1 03-19-2005 03:48 PM
Block DIV within a block DIV? Noozer HTML 3 01-06-2005 10:24 PM
XML schema validation of one xml block based on values from another xml block Andy XML 0 11-18-2004 11:04 PM



Advertisments