Problem if I block svchost.exe?

[Grice Webster]

When I dialup to the Net my Sygate Fireall gives me this message on
my WinXP system:

"Application Generic Host Process for Win32 Services has been
blocked, File name is svchost.exe."

Am I likely to miss out on any useful functions if I block this
application from accessing the Net? What does svchost.exe do?

 

[James Grant]

When I dialup to the Net my Sygate Fireall gives me this message on
my WinXP system:

"Application Generic Host Process for Win32 Services has been
blocked, File name is svchost.exe."

Am I likely to miss out on any useful functions if I block this
application from accessing the Net? What does svchost.exe do?

Here's a link that describes it:

http://www.igknighttec.com/Windows/WindowsXP/svchost_exe.php

Whether to allow or block is up to you. If you trust Windows, allow it.
If you want to be extra careful, block it and watch to see if anything
doesn't work right.

James Grant

 

[Clive]

Yes, you need to allow this Internet access - check out his site to minimize
your services: http://www.blkviper.com/WinXP/servicecfg.htm

I've had scvhost blocked for months with Sygate Pro v5 and not a problem
accessing web, news, email, ICQ...


????

Clive

 

[Kev]

Yes, you need to allow this Internet access - check out his site to
minimize your services: http://www.blkviper.com/WinXP/servicecfg.htm

Had it blocked for 6 months without a problem

 

[DougNews]

That's good - scvhost is a virus/trojan component (as compared to svchost -
a Windows component).

OK, seriously, at some point we have to trust some programs - whether it is
the firewall or Windows or.... By allowing this and minimizing services in
XP, you have tightened up security of the OS. Maybe you have a rule set to
allow DNS, DHCP (if needed), etc. through separately from the svchost
(Generic host...) settings. While I agree that we should usually deny
access first and allow it later as needed, this is the one case I usually
let go and tighten the OS services themselves.

 

[Duane Arnold]

While I agree that we should usually deny

access first and allow it later as needed, this is the one case I usually
let go and tighten the OS services themselves.

And that is the problem. One stops svchost.exe for some reason. It's not
svchost.exe that wants access to the Internet. It's a sub-component program
like a dll (possible Trojan program) that is using svchost.exe on its behalf
to get out.

So one stops svchost.exe this time and one doesn't know what really wants
access to the Internet.

Then one lets svchost.exe have access to the Internet for some other
possible legit reason.

What happened to that other reason svchost.exe was stopped?

Duane

 

[DougNews]

And that is why proper firewalls include application DLL authentication or
component control, isn't it? Your point is correct for firewalls that don't
have controls over components but Sygate (and ZAP) does, which is the one of
concern to the original poster.

 

[DougNews]

And that is why proper firewalls include application DLL authentication or
component control, isn't it? Your point is correct for firewalls that don't
have controls over components but Sygate (and ZAP) does, which is the one of
concern to the original poster.

 

[Duane Arnold]

what about Tiny Personal Firewall?

Nothing against Tiny but the answer is NO.

Duane