What is "sychost.exe"?

[Guest]

My ZoneAlarm firewall asks me if should "Allow" or "Deny"
this application in regard to connections to the
internet, but how should I know? Also "Genetic Host
Process for Win 32 Services" wants to accept connections
from the internet, should I allow it?

Thank You.

 

[Carey Frisch [MVP]]

A Description of Svchost.exe in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;314056&Product=winxp

Yes, allow it internet access.

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

-----------------------------------------------------------------------------

Question:

| My ZoneAlarm firewall asks me if should "Allow" or "Deny"
| this application in regard to connections to the
| internet, but how should I know? Also "Genetic Host
| Process for Win 32 Services" wants to accept connections
| from the internet, should I allow it?
|
| Thank You.

 

[Colin Nash [MVP]]

svchost is a valid process (however many malicious ones may use the same
name so it's hard to give a 100% answer here)

sychost is not valid (I'm wondering if this was a typo or if you did mean to
put a 'y' instead of 'v'...?)

 

[Glazed]

My ZoneAlarm firewall asks me if should "Allow" or "Deny"
this application in regard to connections to the
internet, but how should I know? Also "Genetic Host
Process for Win 32 Services" wants to accept connections
from the internet, should I allow it?

Thank You.

http://www.justfuckinggoogleit.com/search?query=sychost.exe

 

[JW]

from my experience with ZoneAlarm, I would recommend you allow Generic Host
Process to access the internet, but do Not allow GHP to act as a server and
allow outsiders to make connections to your PC. The only exception to this
would be for your DNS server. Choose Allow for internet access, and choose
Ask for server rights (on the Programs tab of Program Control). If GHP asks
for server rights to allow an outside connection to your PC, then Deny it,
unless it is your DNS server.

To determine your DNS server, type
ipconfig /all
in a Command Prompt window.

A way to avoid the repeated questioning every day you start up your PC, is
to Add the IP address of your DNS server to your Trusted Zone in ZA, and
then check Allow under Trusted Server (but not Trusted Internet) for Generic
Host Process.

Generally speaking, Choose Ask under Server rights for all other programs.
If a ZA prompt box pops up asking for Server rights, then it should Only be
as a result of you taking action to invite outsiders to make connections.
For example, you should not allow Server rights, if out of the blue and for
no reason, Windows Explorer suddenly wants to act as a Server (to start
serving up your files to outsiders). This is behavior of a Trojan horse.
However, if I invited my brother to make a connection to my FTP server to
fetch a file, I would respond with Allow for Windows Explorer and IIS.

My ZoneAlarm firewall asks me if should "Allow" or "Deny"
this application in regard to connections to the
internet, but how should I know? Also "Genetic Host
Process for Win 32 Services" wants to accept connections
from the internet, should I allow it?

Thank You.

 

[JW]

see microsoft.public.windows.networking.firewall
for a post on Aug 10 at 9:55 p.m. that gives an example of why you do Not
want to allow
Server rights to Generic Host Process in ZoneAlarm (except to your DNS
server).

GHP is being targeted by hackers these days, hoping to find GHP acting as a
Server on port 1025.

from my experience with ZoneAlarm, I would recommend you allow Generic Host
Process to access the internet, but do Not allow GHP to act as a server and
allow outsiders to make connections to your PC. The only exception to this
would be for your DNS server. Choose Allow for internet access, and choose
Ask for server rights (on the Programs tab of Program Control). If GHP asks
for server rights to allow an outside connection to your PC, then Deny it,
unless it is your DNS server.

To determine your DNS server, type
ipconfig /all
in a Command Prompt window.

A way to avoid the repeated questioning every day you start up your PC, is
to Add the IP address of your DNS server to your Trusted Zone in ZA, and
then check Allow under Trusted Server (but not Trusted Internet) for Generic
Host Process.

Generally speaking, Choose Ask under Server rights for all other programs.
If a ZA prompt box pops up asking for Server rights, then it should Only be
as a result of you taking action to invite outsiders to make connections.
For example, you should not allow Server rights, if out of the blue and for
no reason, Windows Explorer suddenly wants to act as a Server (to start
serving up your files to outsiders). This is behavior of a Trojan horse.
However, if I invited my brother to make a connection to my FTP server to
fetch a file, I would respond with Allow for Windows Explorer and IIS.

My ZoneAlarm firewall asks me if should "Allow" or "Deny"
this application in regard to connections to the
internet, but how should I know? Also "Genetic Host
Process for Win 32 Services" wants to accept connections
from the internet, should I allow it?

Thank You.

 

[Guest]

I am using XP home and Norton as security. I keep getting norton popping up
and asking me to let a remote svchost32.exe connect and it says low risk as
microsoft is trusted. I use cox as my ISP and when I use norton to track the
address it comes back as cox is the remote. My question is why? are the
sending updates? are they tracking where I've been? How do you know what is
being taken or sent when this request pops up? Thanks

 

[Dave]

are you talking about sychost.exe as in the subject??? if so, that is
probably spyware or virus file.

svchost32.exe is also probably spyware or some other malware.

the proper windows file is svchost.exe... no Y in the name, and no 32 on it.
there may be several instances of this running on a normal xp machine
depending on what services you have enabled.