Blocking svchost.exe to all IP except update.microsoft.com and

reury · June 19, 2007, 8:59am

Hi was Looking Connection Stats and svchost.exe

connecting to some IP other than update.Microsoft.com

i want to block all IP except 255.255.255.255:67 and update.Microsoft.com and windows update websites

my question is;

how to i create a rule in comodo firewall to block everything except that IP address above?
In Component Control Rules there are some files that have spam like company names do i block it?

and sorry for my English as i am from Italy and not much know English (:KWL)

reury · June 19, 2007, 9:09am

Sorry and I Got 1 Moo Question :BNC

Comodo is in which country Based?

I meant where Comodo Inc Base???

Little_Mac · June 19, 2007, 8:37pm

Check out this site for more info about Comodo http://www.comodo.com/corporate/contact.html

If you choose to block svchost.exe in this way, you may end up blocking your internet connection as well, since svchost.exe is used to obtain and maintain your connectivity through DNS and DHCP.

What you want CAN be done, though. You will want to create two rules in Application Monitor for svchost.exe, parent of services.exe.

The first rule will be:

Application: svchost.exe (browse to location)
Parent: services.exe (browse to location)
Action: Allow
Protocol: TCP/UDP
Direction In/Out
Destination IP: the microsoft site, IP range, or hostname you want to allow
Destination Port: Any

The 2nd rule will be:

App: svchost.exe
Parent: services.exe
Action: Block
Protocol: TCP/UDP
Direction: In/Out
Destination IP: Exception(not the following): The same info as for the above rule
Destination Port: Any

You may also want to go to Security/Advanced/Miscellenous, and uncheck the box “Do not show alerts for applicatiosn certified by Comodo.” This will make sure that you receive popups for anything that svchost (or any other application on the Safelist). Be aware,though, that this will greatly increase the number of alerts you receive.

LM

PS: Welcome to the forums!

reury · June 20, 2007, 7:17am

2nd Rule

I got no Exception Option In the Destination IP

hilmi · June 20, 2007, 9:17am

You should have EXCLUDE option.

Little_Mac · June 20, 2007, 10:00pm

My apologies; I was working from memory at the time. The correct option, as hilmi notes, is “Exclude” rather than “Exception.”

LM