Default Setting for Explorer.exe and Svchost.exe in FW & D+

Alright I’m a little confused on the settings for these, this Win7 PC has Explorer.exe as Custom for FW and Installer or Updater for D+. Svchost.exe is not listed in FW and Grayed out under Windows System Application in D+.

My bro Win XP SP-3 laptop has Explorer.exe as Outgoing for FW and not Grayed out under Windows System Application in D+. Svchost.exe is listed as custom in FW and Grayed out under Windows System Application in D+.

I just want to know what the defaults for Explorer.exe & svchost.exe are under FW & D+ so I can have them configured correctly. The Win7 pc doesnt get pop-ups about apps running in sandbox but the Win XP SP-3 gets pop-ups about apps running even though they are from Trusted Vendors, such as when I updated Adobe Flash and Shockwave, it kept isolating them but all the settings are identical on Win7 PC & XP laptop except for those 2 .exes

hi,

for explore.exe in FW set as:

Allow(or Ask) TCP/UDP out from mac any to mac any.

2: for svchost in Fw:

  • you have two option :
    1(safe and very restrictive you will be prevented from contacting to microsoft updates , so you have to occasionaly disable it)
    –allow TCP/UDP out from mac any to mac any source port any to[ choose destination port as a set of ports and choose HTTP ports and tick exclude]

second option use predefined outgoing only

In D+ set both explorer and svchost as windows system application.

regards

Adi

In FW, svchost.exe needs outbounds connections to router, for DHCP, DNS and Windows updates.
I’ve XP SP3 and default settings for svchost.exe are : allow IP out from IP any to IP any where protocol is any.
There is no default rule in FW for explorer.exe and there is no reason why explorer.exe should connect.

In Def+, the default rule for explorer.exe is everything allowed, except run an exe; for svchost.exe it is the predefined rule for Windows System Application.