I am using CPF 2.3.4.45 on WinXPSP2 Home, fully patched.
At system boot (typically daily, but sometimes more often ;D ), the CPF logs “Application access denied (svchost.exe: 255.255.255.255: bootp(67))”. How can I suppress this message?
bootp, of course, is a protocol used by diskless workstations (do such even exist any more?) to obtain their identities (IP address and such). I was not previously aware that Windows even supported this protocol! I would like to avoid this error message, if possible.
No, Kail, I have not checked “Block all outgoing connections while booting”. I have learned that apparently “bootp” is supported by the DHCP service; there is even a bootp.dll containing the necessary stuff.
Yes, it is also used by DHCP Relay. So, I guess if you have the DHCP service running… then that could be the reason. I also believe some routers (cable?) also use DHCP Relay. So, this could also be the reason.
Ah… NAT… yea, that could do it. But, you will need someone else to help you, I don’t currently use DHCP & I don’t currently have a router either. Working off my memory, without backups, is not recommended.
I have the same issue it is related to the DHCP client and router. If it is denied access you won’t be able to connect. tou should also be getting a second request for port 68. I am not at my machine at the moment, but one request is for outbound and the other for inbound. I have found both need to be allowed for the router and IP address to work correctly.
The parent should be “services.exe”
Once rules are set you should not be getting messages at startup.
However…
My IP address is dynamic and every hour the router negotiates with the server for another hours lease time. This will happen in the background and the only way you will see any evidence of it is through the log.
The problem I have is not at the initial boot up, I have set rules and don’t get messages anymore. However if I have an application open that is connected to the net I get a request for port 68 & 67. CPF is saying that an OLE Automation has requested access. It is this problem I am trying to solve.
Should I set a Network rule for these so that it doesn’t matter if an application is open the process will happen in the background? And if I can what should they be?
To disable parent checking for this would suppress the message, but leave a possible vulnerability and a chance for svchost to be hijacked.
Most often IE is open when this request comes. If I allow it would this stop CPF making OLE Automation requests for IE altogether or only for this process? I would not like to stop these requests they give me an added level of security.
