Many threads about svchost and what rules to apply to this process exist around firewall forums. The process can run almost anything and that’s why problems occur. One service need internet access to work properly whilst the other needs to be cut of from the internet to ensure a secure system.
I have been looking for a way to apply rules to individual services instead of the svchost file. I have only found one personal firewall that have functionality for this.
Maybe this would be something to add to a future version of Comodo Firewall / Internet Security. A special handling window where all services running on svchost.exe can be managed individually.
In “Active Connections”, whenever svchost.exe is shown as being used, Comodo Firewall should identify which actual process is using svchost.exe. As you know, svchost.exe can be used both by legitimate software and malicious software, it would be very useful if Comodo could identify which process is using svchost.exe to aid us in analysing any potential system compromises. It should also explain which IP addresses svchost.exe is calling to.