Hello,
i was wondering how Comodo Firewall handles Programs who connect to the internet through svchost?
If i block the program itself, lets say Windows Media Center is it then allowed to use svchost to connect? (when svchost is allowed to make connection)
Or does Comodo block the program fully from reaching the internet even trough svchost?
And what Program is “System”??? “System” wants to connect to the internet?
And Windows-System-Applications?
Regards
jemand
Welcome.
It’s not actually ‘applications’ that connect through svchost it’s services. Svchost.exe, otherwise known as Service Host or the Generic Host Process is basically a container or host process for various services to perform various tasks, including connecting to the Internet. If you want to get some idea of which services work through svchost you can download svchost viewer or a process viewer such as Process Hacker or Process Explorer
To specifically answer your question, CIS is not capable of blocking individual services that operate through svchost by service name. You could however block the ports that an individual service uses or you could disable the service, assuming it’s not needed. The only firewall I’m aware of that has the ability to block individual svchost services is Windows 7 firewall.
And what Program is "System"????? "System" wants to connect to the internet? And Windows-System-Applications?Regards
jemand
The System process, in CIS at least, plays quite a small role. Basically this process is responsible for handling things like Windows File and Printer sharing and other related services. If you don’t have a need for this you can disable the services and/or prevent System from making/receiving connections.
Windows System Applications is a firewall rule that controls access for a group of services found in Defence+ (image) basically, this rule and another similarly named rule - Windows Updater Applications - are there to make things easy for those who don’t wish to create their own rules.
[attachment deleted by admin]
This is ridiculus…
You can not allow svhost… And you cannot block it.
What do you do?
Look everytime svhost asks for internet in process hacker which programm it could be?
Additional Questions:
What does Game Modus? Blockin all / Allowing all / Allow only thustworth applications (what comodo thinks is thustworth)
And what does Comodo when you dont answer a message for 120 secs?
You do need to allow svchost for certain things, for example, it performs DNS queries on behalf of all applications wishing to connect to the Internet. It handles DHCP, so that your PC can acquire an IP address, It synchronises your system clock, interacts with UPnP devices on your LAN. performs Windows updates and many others.
Look everytime svhost asks for internet in process hacker which programm it could be?
If you look under the network tab it will show you the individual service in the ‘owner’ column; you can also find the PID - indicated as the number in brackets after the process name - and open the instance of svchost in the processes pane to see the services.
So, you do it?
PS: I added additional Questions above.
Any program can be made to run as a service iirc if the programmer makes it that way. If that cannot be blocked (without breaking all the other svchost-dependent functions) it sounds dangerous to me. Eg a malware prog could run as a service unhindered. It’s a surprise to me that Windows Firewall has got one-up on Comodo in this way. Please reassure me that I don’t need to worry about this.