In 509 I had svchost.exe just blocked.
In this latest version, every time I connect the firewall asks me if svchost may connect to the internet. As I am fed up of this I allowed it as Outgoing Only, but the question is still popping up.
Is there a way to get the firewall either to block or allow as outgoing without asking me every time?
In 509 I had svchost.exe just blocked.
I’m surprised everything worked correctly. Svchost is pretty crucial to Network communication and provides many network related services, not least of which is servicing DHCP requests, performing DNS queries, allowing Windows Update and many others.
Normally allowing svchost outbound communication is enough, however, your Global Rules may also be playing a role in the alerts you are seeing. Please post a screen shot of your rules and the alert.
OK Toggie, thanks.
Here’re the Global Rules (oh, how do I copy an image in to here? - I’ll attach it), now to see if I can get the alert.
[attachment deleted by admin]
OK, here’s the alert:
[attachment deleted by admin]
you can take a look at a post I made here, as it’s not unrelated:
Re: 99 percent of blocked intrusion attempts from one source
Thanks, but I don’t understand most of it.
I had ports stealthed and svchost.exe blocked before and everything seemed to work; if svc needs to be outgoing only, OK - I just want it to stop asking me every time!
Svchost needs to be able to communicate with a DHCP server IN and OUT. Your first global rule allows IP OUT…
You don’t have a global rule to allow any service requests in, and if you have svchost blocked in application rules you will get these alerts.
atm svchost is allowed OUT only.
So, how should I modify svchost and/or Global Rules? I’ve had a look at the options, but I don’t want to change anything that will allow nasties in.