Firewall repeating block svchost.exe

Nimshie29 · #1 (**permalink**) 10-10-2007, 11:32 AM

Hi Guys just worked out how to post a new thread again - sorry for posting to old thread.
While Windows was updating my Zone Alarm blocked 14 of the following:
Description Generic Host Process for Win32 Services was blocked from accepting a connection from the Internet (10.0.0.138

ort 1388).
Rating Medium
Date / Time 2007/10/10 19:51:00+9:00 GMT
Type Program Access
Program svchost.exe
Source IP 10.0.0.138:1388
Destination IP
Direction Incoming (accept)
Action Taken Blocked
Count 1
Source DNS SpeedTouch.lan
Destination DNS

About every 10 minutes it does the same thing. I have read info on web - some articles refer to a virus and others to a memory leak during downloading of updates. The above information mentions my Modem (Speedtouch). I use Anti Vir free anti-virus which works in conjunction with Zone alarm. Can anyone tell me what the significance of this block is please? Should I just click 'do not display again' I cannot understand why it keeps repeating the same attempt to access my program as there are not updates every 10 minutes. Should I check out the port adress? Any advice greatly appreciated. Regards, Nimshie29

**Thaylok** · #2 (**permalink**) 10-10-2007, 06:49 PM

I've noted in the past that some Generic Host Processes (GHP) will need to get to the internet. I'm purely guessing but maybe the WGA uses GHP as it's route to phone home. I admit I'd have to research that avenue some more. In the past, I noticed that when I blocked GHP completely, very little of my OS worked at all, a lot of lock-ups would occur. Allowing it helped.

Being paranoid (err, I mean concerned), I like to see those messages, but depending on the frequency, you may very well want to "not show" that action. You may want to allow GHP for that good, but again, i don't like doing that.

Again, the Virus mentioned may very well be the WGA (Windows Genuine Advantage) software. I know that is how I see it. Don't know why Speedtouch will be trying to access the 'net, unless it has an updater for software you have installed there.

Not much help, but maybe anything is better than nothing. Some things are always easier seen/diagnosed hands-on, this is true with cars and computers.

Nimshie29 · #3 (**permalink**) 10-11-2007, 01:30 AM

Quote:

Originally Posted by Thaylok

I've noted in the past that some Generic Host Processes (GHP) will need to get to the internet. I'm purely guessing but maybe the WGA uses GHP as it's route to phone home. I admit I'd have to research that avenue some more. In the past, I noticed that when I blocked GHP completely, very little of my OS worked at all, a lot of lock-ups would occur. Allowing it helped.

Being paranoid (err, I mean concerned), I like to see those messages, but depending on the frequency, you may very well want to "not show" that action. You may want to allow GHP for that good, but again, i don't like doing that.

Again, the Virus mentioned may very well be the WGA (Windows Genuine Advantage) software. I know that is how I see it. Don't know why Speedtouch will be trying to access the 'net, unless it has an updater for software you have installed there.

Not much help, but maybe anything is better than nothing. Some things are always easier seen/diagnosed hands-on, this is true with cars and computers.

Thanks very much for that Thaylok. I will keep looking bearing in mind what you have said.
Peace,
John Smith
________________________
This user added the following:
________________________

Quote:

Originally Posted by Nimshie29

Thanks very much for that Thaylok. I will keep looking bearing in mind what you have said.
Peace,
John Smith

Hi Thaylok, I had a look under the Zone Alarm forum and came up with this but I am not able to do what it suggests?

"svchost.exe

The prooper setting for Generic Host Process For Win32 Services in Zone alarm access in both zones and 'server' rights only the Trusted Zone. In case you don't
know svchost.exe is Generic Host Process For Win32 Searvices in your Zone Programs list. If after you set those pernissions you still see svchost.exe getting in you logs that is OK . You have granted the permissions needed"
I have included this under the Firewall heading but itwill not add to Programs in Zone Alarm ?
Will this post be visible to users generally as it may be of use to some?
Enjoy,
Nim

Nimshie29 · #4 (**permalink**) 10-12-2007, 10:06 AM

Hi Guys, I entered MS Generic Host details in the Firewall Trusted Zone only and I have had no more block svchost.exe block pop ups. Looks like its fixed. hope someone else can use this and thanks for your interest Thaylok.
Enjoy,
Nim

**Thaylok** · #5 (**permalink**) 10-12-2007, 01:47 PM

Great, glad you got it worked out. SVChost.exe is a very broad process. It usually encompases 16-20 sub processes, including *drum roll* Automatic Updates.
Again, glad you were able to get the proper settings.

**Ultra_Man** · #6 (**permalink**) 10-12-2007, 11:06 PM

The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

Nimshie29 · #7 (**permalink**) 10-13-2007, 11:45 AM

Thanks for your input and help Guys. Its easier doing it with support than on your own.
Thanks,
Nim

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Register Now for FREE!
Username: Password: Confirm Password: E-Mail: Confirm E-Mail: Agree to forum rules