I have had some problems with Windows XP automatic updates so switched to doing it manually a while back. I go to the windows support page and click on updates. It scans my pc, notifies me if updates are available, and then I accept the updates.
Since I installed Comodo, I can not update Windows. I get an error message from Windows. I tried it again and this time watched the Comodo log box. During the attempted scan of the pc, I was getting Severe alerts one after the other. By clicking on one of the alerts, here is what it said:
Description: application access denied
application: C:/Windows/System 32/svchost.exe
parent: C:/Windows/System 32/services.exe
Protocol TCP Out
high severity/application monitor/application access denied
Does anyone have a solution? I turned off Comodo, turned on the Windows XP Firewall, and then I was able to check for Windows Update.
With Comodo Firewall you can deny svchost and you can connect to internet; but you can´t use windows updates. If you allow svchost you can use the windows update functions.
Be carefull! It exist trojans “rvrhost”, “svrhost”, …
In almost other firewalls you can´t block svchost.
I think it is fine, that CPF is able to block svchost.
Soya, is Andreas saying here removing all blocked svchost.exe application rules will allow Windows Updates but I may be left open to trojan infections??
Why didn’t Comodo give me a “allow” or “deny” option when microsoft tried to connect? This would have made things a lot easier. It immediately denied all svchost.exe attempts.
If you have a rule for svchost “deny”, then you have problems with windows update.
You can change the rule from “deny” to “allow”.
If you delete the rule for svchost, then comodo ask you allow or deny.
Only sometimes e.g. exist the trojan svrhost (with “r”).
svchost is the original Microsoft programm which you can allow with rule or click.
I have not created any rules in Comodo as I am a new user and let everything install on their default settings. Perhaps there is already a default rule to deny svchost?? I will have to check this.
No way. Default rules only allow svchost.exe access because it’s in CFP’s certified database (security > advanced > miscellaneous > configure > 2nd option). If you leave this option enabled you shouldn’t even need to worry about all that, depending your paranoid level, of course.
Would you please upload an edited (meaning mask out private IP’s) sample of your log?
OK, I checked my Applications Monitor page and there is no svchost.exe there at all.
I also checked security/advanced/misc.configure/
Under the second option of “do not show alerts for applications certifed by Comodo” there is a check mark there. Is that what I want?
I will try the Windows Update again, use the export to html function, edit the IP addresses, and upload. I hope this is what you are requesting.
This is odd. I cleared the log file and then immediately went to Windows Update site. This time, I got no error message from the Windows Update site. It successfully checked my pc apparently, and it informed me there were no current updates. No Severe alerts regarding svchost.exe showed up this time in Comodo log. I thought perhaps it was because there were no updates I needed, but this was the same case as last night when Comodo denied svchost.exe and after I shut off Comodo and tried manual Windows update again, it also showed no updates needed so I guess that blows that theory. ??
Anyway, throughout the scanning process, there were a bunch of Network Monitor Medium severity alerts. They were all the same as pasted below, except some said TCP incoming, UDP incoming, or UDP out. Even without going to Windows Update site, these Medium alerts are always logging …
Another question, during this internet session, a file called DSAgnt.exe apparently wanted to connect and I clicked “deny”. I think this is a Dell Support thing on my Dell pc. I have not added it in Rules as a “deny” but I noted in the log it apparently wanted to connect again but was automatically denied. Shouldn’t Comodo have asked me again if I didn’t originally click on “remember my answer”. ? Here is what was reported in the log when I didn’t even know if had asked again to connect…
If Windows Updates had none remaining, there wouldn’t be an error. The chances of svchost.exe being blocked by an Application Monitor alert is very high. If you don’t have any entries in Application Monitor showing it blocked, it means you didn’t enable the Remember option on the alert. In that case, all you need to do is restart your browser. Now why you would have an alert on svchost at all is strange because you have the ‘don’t show any alerts certified…’ option enabled.
I've seen IGMP many times in this forum. Don't quote me on this, but it looks to be related to your router.
Another question, during this internet session, a file called DSAgnt.exe apparently wanted to connect and I clicked "deny". I think this is a Dell Support thing on my Dell pc. I have not added it in Rules as a "deny" but I noted in the log it apparently wanted to connect again but was automatically denied. Shouldn't Comodo have asked me again if I didn't originally click on "remember my answer". ?
Googling revealed that it is indeed [url=http://www.processlibrary.com/directory/files/dsagnt]Dell Support AUAgent[/url], "which offers additional support and update features for your Dell computer or laptop.". It's a non-essential service. There are certain instances when CFP keeps your decision on the alert temporarily in memory. I've noticed that myself, but don't know why. It's best to open a new thread if you want to expand on this as it's not related to the Windows Updates problem. ;)
Hi,
I’m new and was looking around for a solution to a similar problem. Thought I’d ask here. I cannot keep svchost completely open becoz I’ve had viruses attack my computer. Happened more than once. Is there a way to let svchost connect only to Windows Update and nothing else? I tried entering update.microsoft.com as the destination host name. Didnt work. Any ideas?