Some Comodo popups are about svchost.exe activities with services.exe as the parent; I’m curious about why these components attempted connections with Microsoft (NetName: MICROSOFT-GLOBAL-NET; NetRange: 207.46.0.0 - 207.46.255.255) and with Akamai (netname: AKAMAI-PA; inetnum: 84.53.138.0 - 84.53.139.255); I took these references by typing into www.dnsstuff.com the IPs reported by Comodo.
I have Windows 2000.
My question is, what are svchost.exe and services.exe supposed to connect to MS and Akamai for ?
I have always had an hard time in understanding what does these components actually do, so I can’t answer myself.
It shouldn’t be because of an attempt to do a Windows Update, because I had already allowed the WU components (which don’t appear to be these two BTW) and in fact WU normally takes place without Comodo popups.
Another question, maybe related: is it normal that Winlogon.exe attempts outbound connections ? Here too, I don’t know much about this component, but searching the forum and googling about it I couldn’t make clear why does it attempt to connect out.
Hi SantiBailors,
I have exactly the same problem… I’m not sure what to do with svchost.exe, especially because there’s a trojan under the same name…
Moreover I’m not sure what to do with unknown adresses trying to access the system with this svchost.exe… To block them, or not… May be svchost.exe is needed by email connectin for instance…
I’ve send my doubts but have never got any response…
Hi ChrisH007; I think I understood from the forum that basically svchost.exe shouldn’t be blocked, it’s safe, my only doubts are just why is it connecting to MS and Akamai ? You’re right that maybe svchost is needed for “system” activities like mail services, DNS or such, but this just makes way more strange that the target of the outbound connections are those two.
Akamai, totally ununderstandable to me.
Microsoft, the only possibilities I saw was Windows Update, but I had to rule it out, so I don’t know what a system component of mines is going to do on MS servers.
I realize that the answer is probably something very normal or that at most has to do with some little “innocent” marketing-aimed spying on me (:CLP) which I won’t lose sleep over, however why not trying to understand that ?
Thanks Ewen; but I’m wondering, in that case shouldn’t Comodo report the browser as the connecting app or as the parent, rather that svchost.exe + services.exe ?
