How to monitor what the svchost daemon is doing?

[Jack]

Are there any good ways to achieve this?
Such as reading a file, writing something etc
Thanks
Jack

 

[Bjarke Andersen]

Are there any good ways to achieve this?
Such as reading a file, writing something etc

Sysinternals which is a part of Microsoft now, have made several tools.
Process Explorer which is an advanced task manager, which can provide
details of the specific services behind svchost.exe

Also they have a file and disk monitor tools, which can give you details of
what is being writte and read on the disk.

 

[Jack]

Hi Bjarke,
Thanks for your prompt reply.
I have downloaded process explorer from Microsoft.
Now I have another question, how do I make XP show a messagebox or something
when there is a file deletion request from the outside world?
Thanks a lot
Jack

 

[Jack]

Ahh.. put it this way. Can you deny all deletion requests outside of your
computer?
Thanks
Jack

 

[Gerry]

Jack

I am not sure you're headed in the right direction!

What are you seeing the daemon doing? Is it excessive CPU usage?

Using Process Explorer it would be helpful if you could post the Command
Line of the svchost
process generating the excessive CPU usage. In Process Explorer place
cursor on Process and select Properties, Image.



--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Jack]

I want to disable remote deletion from outside of my computer, are there any
settings that can help me with this?

Thanks
Jack

 

[Gerry]

Jack

Start, Control Panel, System, Remote. Uncheck the x before Allow Remote
Assistance etc.


--



Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Bjarke Andersen]

Start, Control Panel, System, Remote. Uncheck the x before Allow Remote
Assistance etc.

That has nothing to do with file security.

 

[Bjarke Andersen]

I want to disable remote deletion from outside of my computer, are
there any settings that can help me with this?

You need to elaborate that question or think it through.

It depends on how the remote users gain access to your computer. FTP, Samba
or...?

One way or the other, you need to at least look at sharing settings. The
common field for deletion is write access. But in general this would also
block the option of editing files and creating files.

On the next level you have the file security settings. With NTFS you
actually have the ability to specify settings more detailed than read/write
access. You can specify whether a user is allowed to create, edit and read
a file, but not delete.

So yes, with NTFS and Windows file sharing, you can block outside users
from deletion.

However, this scenario is about you sharing files. If the question is
somehow linked with the svchost.exe question, then blocking programs from
deleting files is more tricky, since programs usually are authenticated by
the user logged on or by the system itself.

 

[jameshanley39]

Jack

Start, Control Panel, System, Remote. Uncheck the x before Allow Remote
Assistance etc.

--

Hope  this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

don't know why you top posted, but good answer!

I haven't really heard of any case of malicious remote file
deletions.. But one way would be malware exploiting browser and
running code that deletes files. But they tend not to do that.

Some protection would be not browsing with Internet Explorer...
especially not browsing dodgy sites with it.