Problem if I block svchost.exe?

Discussion in 'Computer Security' started by Grice Webster, Jun 27, 2003.

  1. When I dialup to the Net my Sygate Fireall gives me this message on
    my WinXP system:

    "Application Generic Host Process for Win32 Services has been
    blocked, File name is svchost.exe."

    Am I likely to miss out on any useful functions if I block this
    application from accessing the Net? What does svchost.exe do?
     
    Grice Webster, Jun 27, 2003
    #1
    1. Advertising

  2. Grice Webster

    James Grant Guest

    Grice Webster wrote:
    >
    > When I dialup to the Net my Sygate Fireall gives me this message on
    > my WinXP system:
    >
    > "Application Generic Host Process for Win32 Services has been
    > blocked, File name is svchost.exe."
    >
    > Am I likely to miss out on any useful functions if I block this
    > application from accessing the Net? What does svchost.exe do?


    Here's a link that describes it:

    http://www.igknighttec.com/Windows/WindowsXP/svchost_exe.php

    Whether to allow or block is up to you. If you trust Windows, allow it.
    If you want to be extra careful, block it and watch to see if anything
    doesn't work right.

    James Grant
     
    James Grant, Jun 27, 2003
    #2
    1. Advertising

  3. Grice Webster

    Clive Guest

    "DougNews" <DougNews@Doesn'tWork.net> wrote in message
    news:BK_Ka.13723$...
    > Yes, you need to allow this Internet access - check out his site to

    minimize
    > your services: http://www.blkviper.com/WinXP/servicecfg.htm
    >
    > "Grice Webster" <> wrote in message
    > news:93A7995562BA123E1@130.133.1.4...
    > > Am I likely to miss out on any useful functions if I block this
    > > application from accessing the Net? What does svchost.exe do?

    >

    I've had scvhost blocked for months with Sygate Pro v5 and not a problem
    accessing web, news, email, ICQ...


    ????

    Clive
     
    Clive, Jun 27, 2003
    #3
  4. Grice Webster

    Kev Guest

    DougNews wrote:
    > Yes, you need to allow this Internet access - check out his site to
    > minimize your services: http://www.blkviper.com/WinXP/servicecfg.htm
    >
    > "Grice Webster" <> wrote in message
    > news:93A7995562BA123E1@130.133.1.4...
    >> Am I likely to miss out on any useful functions if I block this
    >> application from accessing the Net? What does svchost.exe do?


    Had it blocked for 6 months without a problem
    --
    Kev
    Brighton UK
     
    Kev, Jun 27, 2003
    #4
  5. Grice Webster

    DougNews Guest

    That's good - scvhost is a virus/trojan component (as compared to svchost -
    a Windows component).

    OK, seriously, at some point we have to trust some programs - whether it is
    the firewall or Windows or.... By allowing this and minimizing services in
    XP, you have tightened up security of the OS. Maybe you have a rule set to
    allow DNS, DHCP (if needed), etc. through separately from the svchost
    (Generic host...) settings. While I agree that we should usually deny
    access first and allow it later as needed, this is the one case I usually
    let go and tighten the OS services themselves.


    "Clive" <> wrote in message
    news:AJ%Ka.8469$...
    > I've had scvhost blocked for months with Sygate Pro v5 and not a problem
    > accessing web, news, email, ICQ...
    >
    >
    > ????
    >
    > Clive
    >
    >
     
    DougNews, Jun 28, 2003
    #5
  6. Grice Webster

    Duane Arnold Guest

    > While I agree that we should usually deny
    > access first and allow it later as needed, this is the one case I usually
    > let go and tighten the OS services themselves.


    And that is the problem. One stops svchost.exe for some reason. It's not
    svchost.exe that wants access to the Internet. It's a sub-component program
    like a dll (possible Trojan program) that is using svchost.exe on its behalf
    to get out.

    So one stops svchost.exe this time and one doesn't know what really wants
    access to the Internet.

    Then one lets svchost.exe have access to the Internet for some other
    possible legit reason.

    What happened to that other reason svchost.exe was stopped?

    Duane :)

    --
    The protection of the machine is a process and not a given!
     
    Duane Arnold, Jun 28, 2003
    #6
  7. Grice Webster

    DougNews Guest

    And that is why proper firewalls include application DLL authentication or
    component control, isn't it? Your point is correct for firewalls that don't
    have controls over components but Sygate (and ZAP) does, which is the one of
    concern to the original poster.

    "Duane Arnold" <> wrote in message
    news:cjhLa.41712$Fy6.12534@sccrnsc03...
    > > While I agree that we should usually deny
    > > access first and allow it later as needed, this is the one case I

    usually
    > > let go and tighten the OS services themselves.

    >
    > And that is the problem. One stops svchost.exe for some reason. It's not
    > svchost.exe that wants access to the Internet. It's a sub-component

    program
    > like a dll (possible Trojan program) that is using svchost.exe on its

    behalf
    > to get out.
    >
    > So one stops svchost.exe this time and one doesn't know what really wants
    > access to the Internet.
    >
    > Then one lets svchost.exe have access to the Internet for some other
    > possible legit reason.
    >
    > What happened to that other reason svchost.exe was stopped?
    >
    > Duane :)
    >
    > --
    > The protection of the machine is a process and not a given!
    >
    >
     
    DougNews, Jun 28, 2003
    #7
  8. Grice Webster

    Duane Arnold Guest

    > what about Tiny Personal Firewall?

    Nothing against Tiny but the answer is NO.

    Duane :)

    --
    The protection of the machine is a process and is not a given!
    "joe" <> wrote in message news:...
    > what about Tiny Personal Firewall? I run that, and it seems to catch alot

    of
    > things....I agree, though, that the thing mightbe to do dll injection on a

    known
    > service that user would not suspect is a problem.....
    >
    > Duane Arnold wrote:
    >
    > > > And that is why proper firewalls include application DLL

    authentication or
    > > > component control, isn't it? Your point is correct for firewalls that

    > > don't
    > > > have controls over components but Sygate (and ZAP) does, which is the

    one
    > > of
    > > > concern to the original poster.

    > >
    > > I did a test of Sygate vs. BlackIce for the IDS in Sygate. If Sygste

    didn't
    > > know about the Gator dll(s) using IE and Outlook and only knew about IE

    or
    > > Outlook exe wanting access, I don't see how Sygate would know about the
    > > actual name of a dll wanting access using svchost.exe.and report the

    name.
    > >
    > > I didn't see that, but I could have missed it . BI told me about

    everything
    > > that was happening with the exe(s), dell(s), etc that were wanting to

    use
    > > IE and OE on their behalf.
    > >
    > > Duane :)
    > >
    > > --
    > > The protection of the machine is a process and is not a given!

    >
     
    Duane Arnold, Jul 4, 2003
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. \Oldschool\ Scotty Flamingo

    What are spoolsv.exe and svchost.exe?

    \Oldschool\ Scotty Flamingo, Oct 10, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    3,038
  2. Bun Mui
    Replies:
    3
    Views:
    8,176
    Duane Arnold
    Apr 30, 2004
  3. This is my real name, really.

    spoolsv.exe & svchost.exe & internet

    This is my real name, really., Jan 31, 2004, in forum: Computer Security
    Replies:
    1
    Views:
    650
    Mimic
    Jan 31, 2004
  4. Mister C

    Do I block access from svchost to DHCP?

    Mister C, Jun 14, 2005, in forum: Computer Security
    Replies:
    29
    Views:
    4,982
    Michael J. Pelletier
    Jun 17, 2005
  5. SVCHOST.EXE -- still same problem

    , Aug 30, 2007, in forum: Computer Support
    Replies:
    12
    Views:
    780
Loading...

Share This Page