Application Monitor blocking svchost

CF 2.4.17.183

I’m new to CF and am playing with the settings. My platform is XP with a WiFi using DHCP. Please DO NOT comment on WiFi security as there are other related threads. DHCP uses UDP ports 67,68. The log shows that the Application Monitor denied svchost.exe access. However, svchost.exe does not exist in my AM rules. I tried adding it and received no errors (such as “already a rule”) but that didn’t change the outcome.

Thanks, Dan

Welcome Dan,

May I ask what the problem is? My CFP also blocks some svchost.exe attacks and I have no error.

aXes

Dan,

Your WiFi (oh, no wait, no WiFi to be discussed… ;D ) * sorry, I just had to interject some humor…*

If I understand your situation correctly, you’re unable to create an internet connection because the DHCP lease cannot be obtained/renewed.

You may try this:

  1. Temporarily set CFP’s Security Level to Allow All (from systray icon context menu, or CFP Summary page).
  2. Open CFP to Activity/Connections.
  3. Repair/Refresh your network connection. I think in the CFP Connections you’ll see a svchost.exe connection for UDP from 0.0.0.0(67) to 255.255.255.255(68). And you’ll probably see a “system” entry for IPs that are already allowed.

If this is the case, you can create a new Rule in Network Monitor to Allow UDP Out for that situation.

LM

Sorry I’m so late responding. I thought replies were sent to me via email but evidently not.

I solved the problem of not obtaining an IP address from DHCP by adding:

Allow UDP IN    from ANY to ANY where source port is 67,68
Allow UPD OUT from ANY to ANY where source port is 67,68

However, the bigger issue is that I’m not understanding the basic rule paradigm. For example, the only other UDP rule I have is:

Allow TCP or UDP IN or OUT from ANY to ANY for ANY port

So, why wasn’t it allowing it anyway?

Thanks,
Dan

Hi Dan,

I thought replies were sent to me via email but evidently not.

If you want to receive e-mails about your topic, you must click its notify button.

However, the bigger issue is that I'm not understanding the basic rule paradigm. For example, the only other UDP rule I have is:
Allow TCP or UDP IN or OUT from ANY to ANY for ANY port</blockquote>

This rule doesn’t resolve your problem because of next rules. Ordering of the rules is important in CFP.

I think, however, your problem has been resolved. Good surf!

aXes

Dan, I see that you opened another thread on the same question and I’ve replied there.