As the title states - I need to make svchost.exe access only the dns server ip address and block the rest. I want to allow TCP/UDP OUT for dns server ip 8.26.56.26 and 8.20.247.20 and block the rest - both incoming and outgoing. Should I set them in order?
How do I do it manualy in network security policy?
If you’re using the default firewall configuration, the first thing you should do, if you want to restrict svchost, is remove the default rule for ‘Windows System Applications’, as this allow svchost and some other windows system processes unrestricted outbound connectivity.
Once done, the next job is to create a Network Zone that contains the IP Addresses of the DNS servers. The network zone may then be used in the rule.
Now you can create a new rule for svchost:
Application Name - C:\Windows\System32\svchost.exe
Action - Allow
Protocol - TCP or UDP
Direction - Out
Source Address - ANY
Destination Address - [Network Zone]
Source Port - ANY
Destination Port - 53
You could now add a block rule to disallow all other connections, however, if you do this, it’s likely certain things will fail, such as DHCP, time synchronisation, media sharing (if used) network discovery etc.
If you still want to add a block rule, it would look like:
Application Name - C:\Windows\System32\svchost.exe
Action - Block and Log
Protocol - IP
Direction - Out
Source Address - ANY
Destination Address - ANY
IP Details - ANY