Problem if I block svchost.exe?

Discussion in 'Computer Security' started by Grice Webster, Jun 27, 2003.

  1. When I dialup to the Net my Sygate Fireall gives me this message on
    my WinXP system:

    "Application Generic Host Process for Win32 Services has been
    blocked, File name is svchost.exe."

    Am I likely to miss out on any useful functions if I block this
    application from accessing the Net? What does svchost.exe do?
     
    Grice Webster, Jun 27, 2003
    #1
    1. Advertisements

  2. Grice Webster

    James Grant Guest

    Here's a link that describes it:

    http://www.igknighttec.com/Windows/WindowsXP/svchost_exe.php

    Whether to allow or block is up to you. If you trust Windows, allow it.
    If you want to be extra careful, block it and watch to see if anything
    doesn't work right.

    James Grant
     
    James Grant, Jun 27, 2003
    #2
    1. Advertisements

  3. Grice Webster

    Clive Guest

    I've had scvhost blocked for months with Sygate Pro v5 and not a problem
    accessing web, news, email, ICQ...


    ????

    Clive
     
    Clive, Jun 27, 2003
    #3
  4. Grice Webster

    Kev Guest

    Had it blocked for 6 months without a problem
     
    Kev, Jun 27, 2003
    #4
  5. Grice Webster

    DougNews Guest

    That's good - scvhost is a virus/trojan component (as compared to svchost -
    a Windows component).

    OK, seriously, at some point we have to trust some programs - whether it is
    the firewall or Windows or.... By allowing this and minimizing services in
    XP, you have tightened up security of the OS. Maybe you have a rule set to
    allow DNS, DHCP (if needed), etc. through separately from the svchost
    (Generic host...) settings. While I agree that we should usually deny
    access first and allow it later as needed, this is the one case I usually
    let go and tighten the OS services themselves.
     
    DougNews, Jun 28, 2003
    #5
  6. Grice Webster

    Duane Arnold Guest

    While I agree that we should usually deny
    And that is the problem. One stops svchost.exe for some reason. It's not
    svchost.exe that wants access to the Internet. It's a sub-component program
    like a dll (possible Trojan program) that is using svchost.exe on its behalf
    to get out.

    So one stops svchost.exe this time and one doesn't know what really wants
    access to the Internet.

    Then one lets svchost.exe have access to the Internet for some other
    possible legit reason.

    What happened to that other reason svchost.exe was stopped?

    Duane :)
     
    Duane Arnold, Jun 28, 2003
    #6
  7. Grice Webster

    DougNews Guest

    And that is why proper firewalls include application DLL authentication or
    component control, isn't it? Your point is correct for firewalls that don't
    have controls over components but Sygate (and ZAP) does, which is the one of
    concern to the original poster.
     
    DougNews, Jun 28, 2003
    #7
  8. Grice Webster

    Duane Arnold Guest

    what about Tiny Personal Firewall?

    Nothing against Tiny but the answer is NO.

    Duane :)
     
    Duane Arnold, Jul 4, 2003
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.