Problem if I block svchost.exe?

When I dialup to the Net my Sygate Fireall gives me this message on
my WinXP system:

"Application Generic Host Process for Win32 Services has been
blocked, File name is svchost.exe."

Am I likely to miss out on any useful functions if I block this
application from accessing the Net? What does svchost.exe do?

Grice Webster

Grice Webster wrote:
>
> When I dialup to the Net my Sygate Fireall gives me this message on
> my WinXP system:
>
> "Application Generic Host Process for Win32 Services has been
> blocked, File name is svchost.exe."
>
> Am I likely to miss out on any useful functions if I block this
> application from accessing the Net? What does svchost.exe do?

Here's a link that describes it:

http://www.igknighttec.com/Windows/W...vchost_exe.php

Whether to allow or block is up to you. If you trust Windows, allow it.
If you want to be extra careful, block it and watch to see if anything
doesn't work right.

James Grant

"DougNews" <DougNews@Doesn'tWork.net> wrote in message
news:BK_Ka.13723$ et...
> Yes, you need to allow this Internet access - check out his site to
minimize
> your services: http://www.blkviper.com/WinXP/servicecfg.htm
>
> "Grice Webster" <> wrote in message
> news:93A7995562BA123E1@130.133.1.4...
> > Am I likely to miss out on any useful functions if I block this
> > application from accessing the Net? What does svchost.exe do?
>
I've had scvhost blocked for months with Sygate Pro v5 and not a problem
accessing web, news, email, ICQ...


????

Clive

DougNews wrote:
> Yes, you need to allow this Internet access - check out his site to
> minimize your services: http://www.blkviper.com/WinXP/servicecfg.htm
>
> "Grice Webster" <> wrote in message
> news:93A7995562BA123E1@130.133.1.4...
>> Am I likely to miss out on any useful functions if I block this
>> application from accessing the Net? What does svchost.exe do?

Had it blocked for 6 months without a problem
--
Kev
Brighton UK

That's good - scvhost is a virus/trojan component (as compared to svchost -
a Windows component).

OK, seriously, at some point we have to trust some programs - whether it is
the firewall or Windows or.... By allowing this and minimizing services in
XP, you have tightened up security of the OS. Maybe you have a rule set to
allow DNS, DHCP (if needed), etc. through separately from the svchost
(Generic host...) settings. While I agree that we should usually deny
access first and allow it later as needed, this is the one case I usually
let go and tighten the OS services themselves.


"Clive" <> wrote in message
news:AJ%Ka.8469$...
> I've had scvhost blocked for months with Sygate Pro v5 and not a problem
> accessing web, news, email, ICQ...
>
>
> ????
>
> Clive
>
>

> While I agree that we should usually deny
> access first and allow it later as needed, this is the one case I usually
> let go and tighten the OS services themselves.

And that is the problem. One stops svchost.exe for some reason. It's not
svchost.exe that wants access to the Internet. It's a sub-component program
like a dll (possible Trojan program) that is using svchost.exe on its behalf
to get out.

So one stops svchost.exe this time and one doesn't know what really wants
access to the Internet.

Then one lets svchost.exe have access to the Internet for some other
possible legit reason.

What happened to that other reason svchost.exe was stopped?

Duane

--
The protection of the machine is a process and not a given!

And that is why proper firewalls include application DLL authentication or
component control, isn't it? Your point is correct for firewalls that don't
have controls over components but Sygate (and ZAP) does, which is the one of
concern to the original poster.

"Duane Arnold" <> wrote in message
news:cjhLa.41712$Fy6.12534@sccrnsc03...
> > While I agree that we should usually deny
> > access first and allow it later as needed, this is the one case I
usually
> > let go and tighten the OS services themselves.
>
> And that is the problem. One stops svchost.exe for some reason. It's not
> svchost.exe that wants access to the Internet. It's a sub-component
program
> like a dll (possible Trojan program) that is using svchost.exe on its
behalf
> to get out.
>
> So one stops svchost.exe this time and one doesn't know what really wants
> access to the Internet.
>
> Then one lets svchost.exe have access to the Internet for some other
> possible legit reason.
>
> What happened to that other reason svchost.exe was stopped?
>
> Duane
>
> --
> The protection of the machine is a process and not a given!
>
>

> what about Tiny Personal Firewall?

Nothing against Tiny but the answer is NO.

Duane

--
The protection of the machine is a process and is not a given!
"joe" <> wrote in message news:...
> what about Tiny Personal Firewall? I run that, and it seems to catch alot
of
> things....I agree, though, that the thing mightbe to do dll injection on a
known
> service that user would not suspect is a problem.....
>
> Duane Arnold wrote:
>
> > > And that is why proper firewalls include application DLL
authentication or
> > > component control, isn't it? Your point is correct for firewalls that
> > don't
> > > have controls over components but Sygate (and ZAP) does, which is the
one
> > of
> > > concern to the original poster.
> >
> > I did a test of Sygate vs. BlackIce for the IDS in Sygate. If Sygste
didn't
> > know about the Gator dll(s) using IE and Outlook and only knew about IE
or
> > Outlook exe wanting access, I don't see how Sygate would know about the
> > actual name of a dll wanting access using svchost.exe.and report the
name.
> >
> > I didn't see that, but I could have missed it . BI told me about
everything
> > that was happening with the exe(s), dell(s), etc that were wanting to
use
> > IE and OE on their behalf.
> >
> > Duane
> >
> > --
> > The protection of the machine is a process and is not a given!
>