incoming svchost connection.

comodo firewall asked me if i wanted to accept a incoming connection through svchost, but i blocked it. should i have allowed it? does it make some programs work better if i allow it? like utorrent, windows live messenger and trillian. the trillian aim connection was connected and disconnected all the time so i uninstalled comodo firewall. i have not tried to talk to somebody on trillian or live messenger yet so i dont know if it works but as i said it is disconnected some times. there were suddenly alot of unknown people in my contact list in the trillian aim connection so maybe i made a hole in the firewall in some way so people just could do what they want. where did these people come from? did i made a hole in my firewall so the firewall let the people come into my contact list? how do i keep trillian from disconnecting? trillian worked after uninstalling the comodo firewall and using only the windows firewall. should i also have accepted the incoming svchost connection? or is that also a security risk?

Since nobody else has posted a reply yes it right to block incoming connection for svchost very few apps need incoming all should be outgoing only.
Only P2P applications need outgoing and sometimes a few others if there are problems connecting.
There is a thread here for utorrent.
https://forums.comodo.com/frequently_asked_questions_faq_for_comodo_firewall/tutorial_for_utorrent_with_comodo_firewall_3-t15677.0.html
Could not find anything for trillian sorry maybe someone who uses the program might post, or put this in a seperate topic.
Dennis

after blocking the incoming svchost connection and looking at the log then it seems this comes from upnp in the router, when i turn off upnp in the router then nothing shows up as blocked in the comodo firewall log anymore.

i just accepted incoming through utorrent but not svchost. the tutorial for utorrent seems too difficult for me, i was able to download with utorrent but maybe it is a security risk to accept incoming through utorrent without following the tutorial. i did not get a message that trillian needs incoming connections from the firewall. it is strange that trillian was disconnected some times. trillian is not disconnected when using only the xp firewall.

Hi try to configure your svchost host rule like this for maximum protection and functionality

Rule1

Protocol = IP
direction In/out
source = any
Dest= loopback zone

Rule2

Protocol = TCP/UDP

Direction= out

sorceAdress = Any
Sorce port = Any
DestAdress= Any
DestPort = 53,1900, 67-689if you have home network)

Rule-3

Protocol =TCP/UDP

direction = ouy
srcadress= any
srcPort =445,123,500,1025,1033,4500,1900
Destadress= any
DestPort =any

Rule -4

Protocol =IP
Direction block In/out

src = any
dest= any

Hope this will help you secure your svchost .

Just be sure to manually check if any third party program is using svchost or not.

click>start>run>services.msc and maually check the entries folloing are the default groups

dcomlaunch
dot3svc
eapsvc
HTTPfilter
imgsvc
Localservice
netsvc
networkService
rpcss
termsvcs

if any group other than above is found please consult the program maual

One short and easy methode to svchost groups is

click>start>run>reedit
navigate to and note doen thse keys

HKLM\SOFTWARE\MICROSOFT\WINDOWSNT\cURRENTVERSION\SVCHOST

here you will find the groups which runs underSvchost

Regards

Adi

i could not see any other groups in the registry key other than the default ones you mentioned. but i know i have third party services in the admin controlpanel. i will try the rules you mentioned, thanks :slight_smile:

this means you can add following modification in Rule-2

your rule-2 will now read like this

Rule2

Protocol = TCP/UDP

Direction= out

sorceAdress = Any
Sorce port = Any
DestAdress= Any
DestPort = 53,1900, 67-68, 80,443

regards

adi