3x svchost in Firewall ???

cska133 · February 15, 2011, 10:07pm

From time to time I do have 3x svchost.exe in Firewall, and mostly 2x (see attachment).

Why? Is this normal?

[attachment deleted by admin]

Boris_3 · February 15, 2011, 11:06pm

I don’t think it’s something to worry about. svchost.exe is a generic process name for services that run from dll. At startup, it checks in the registry the services to be loaded. After, it runs the services by groups. So depending of the services that need to connect, you’ll have several svchost.exe making connections.

Abear · March 29, 2011, 7:32pm

I’m posting my recent personal findings on this svchost problem 'cause it might be related to the above.
First of all I new I was starting from a clean VIRUS FREE install…So it had to be something legit causing the problem…I set out on the premisse

As soon as I installed CF about three weeks ago, I noticed that it was blocking about 200 to 500 replies to svhost’s requests (from accepting answers to svchost from outside)but many were accepted and did take up bandwith in spurts. ( updates where ok and up to date and still , this is going on). This constant nvchost occupation kept a trickle in and out on my internet status bar of maybe aprox 20 to 50 mbs in 24 hrs. when I’m connected, online but not actively browsing or doing anything on the net.
so maybe 1 gb a month of unknow traffic…what is that? a new internet bytes tax?
lol
So I did some thinking , head scratching & some research (two days) Out of curiosity, at one point I came up with the silly idea to go and carefully re-read the"Malicious software removal tool" EULA
very quickly convinced myself I didn’t like what I was reading, that this is way more than a malwhare remover that never removes any… so I deleted MRT.exe from /system 32 /( yes!, Just like that!)

also unclicked the update clicked ok and checked never show this update again.

As a result, Comodo no longer has that load of blockings on my XP 32, win 7 64 , and win XP pro 64 instalations, and when I get off my browser, the line goes idle and 4 hours later not one number has changed on the status bar…way to go! COMODO. Now I know I’m secure!..
I had been chassing that ghost for two years , I kept thinking “What could it be”, then the techs tell you don’t worry about it , it’s probably just this or just that…and worst of all ": It’s NORMAL (I hate that one now!)
Security cannot be built on trust…but rather on definite knowledge. I want to know who comes through my firewall and why! it is my right… isn’t it?..only a thief never nocks & just walks in and takes.
Comodo has helped me figure out a way to fix MY problem …wonderfull tool! for sure!

I would like to hear from anyone who is helped by this and experiences the same results I did?
I hope it was OK to reply to this post, I’m not a frequent poster, don’t know my way around with that scene. I usually just read them.

Jackyjop193@hotmail.com
Abear

Radaghast · March 30, 2011, 2:24am

The number between the braces, next to svchost.exe is called the PID (Process ID) you can use this to find out which services are being loaded by svchost.

If you’re happy using the command prompt simply open one and type tasklist /svc Alternatively, download something like Process Hacker or Process Explorer and use their graphical interfaces to obtain the same and more information.

Why? Is this normal?

Yes, quite normal.