[Merged] Advance svchost Rules/Name


Many threads about svchost and what rules to apply to this process exist around firewall forums. The process can run almost anything and that’s why problems occur. One service need internet access to work properly whilst the other needs to be cut of from the internet to ensure a secure system.

I have been looking for a way to apply rules to individual services instead of the svchost file. I have only found one personal firewall that have functionality for this.

Maybe this would be something to add to a future version of Comodo Firewall / Internet Security. A special handling window where all services running on svchost.exe can be managed individually.

I would strongly recommend this.

Or vote for it if we get to vote!


Personally for svchost i allow only outgoing to port 53 (DNS requests) but when it comes to D+… well, that’s another story :slight_smile:

In “Active Connections”, whenever svchost.exe is shown as being used, Comodo Firewall should identify which actual process is using svchost.exe. As you know, svchost.exe can be used both by legitimate software and malicious software, it would be very useful if Comodo could identify which process is using svchost.exe to aid us in analysing any potential system compromises. It should also explain which IP addresses svchost.exe is calling to.


Yes, absolutely. svchost.exe needs more special treatment…

My earlier post suggests additional functionality around svchost: https://forums.comodo.com/firewall_wishlist/advanced_svchost_handling-t29948.0.html


I absolutely agree. Svchost.exe is so inscrutable!

If you can’t wait for Comodo to make your wish come true, you might want to try this handy tool. The downside is that it needs .NET to work, but runs great and the information is very revealing :wink:


+10! This would certainly help on revealing malware hidden in the process. :slight_smile:

I approve this message… I mean suggestion :slight_smile:

Here’s a different one which doesn’t need .NET


I use the First one. Great utility, Adric.

tueyhe et al.

I use Sysinternals Process Explorer for the same purpose. (In an attempt of minimizing the number of utilities I use and have on my system.)

Just point on svchost.exe in Sysinternals Process Explorer. You will get the same result as in these external programs. The only difference is displaying data in tool tip (in Process Explorer).

Sysinternals Process Explorer does not even require installation.

Sysinternals Process Explorer can be downloaded from here Process Explorer - Sysinternals | Microsoft Learn


It would be nice if CIS identifies which processes are using svchost.exe not only in the “Active Connections” window, but also in the “Active Processes” window.

Yes please. A lot of people do not understand how dangerous SVChost can be.

Drill down into SVCHOST is very important.

  • 1 :-TU :-TU :-TU

Yes Please.

I hope this gets added for all programs as well, since most malware can use broswers for transmiting.

+1 :-TU :-TU :-TU

+1 keep it simple for us simpltons.

  • 1 keep it simple for simpltons (i liked that term thanks gleach)