origin of the Ip transmission

Is there a way to see which application is the source of the outgoing request? Most of the time this is not a problem since the .exe is shown in the warning. However, in the case of svchost.exe, it is. I suppose I want to know which service is the source of the outgoing request…

I’ve been at it for all day now, can anyone point me towards a solution please?

Is determining which service is responsible for network request really that difficult? I have tried various freeware applications, which to their credit, make seeing which services are encapsulated in a particular instance of svchost.exe, however, that’s nothing which you cannot do with the command line either.

Is their not an app which can log not only the network request from svchost.exe, but also report which service actually made the request? Logging at the request level is needed, since the request is denied.

Looking forward to thoughtful replies.

Hello, and Welcome :slight_smile:

You can see all ‘traffic’
in Firewall > View Active Connections

To be alerted of a IP activity you can set your ‘Alert Settings’ to Very High
Firewall > Behavior Settings > Alert Settings
If You wish to do this process; you may want to also check the tick box in General settings ‘Create Rules for safe applications’

Or if you would like to be alerted of every action set the Firewall security level to Custom Policy

Did this help?


No this doesn’t help. It describes how I already run. Custom Policy Mode, with Highest Alert Settings. The problem is that the alerts themselves, are not informative enough.

I get alerted that svchost.exe is requesting outbound to an IP. I want to know, which services is making the request. I can reverse DNS the requested address, and see, IPv6 tunneling, brokers, etc…

Yet I have disabled IPV6, completely in my OS. Yet still, I watch as svchost.exe makes these requests, and others. Rather than spend my time doing nslookups for blocks of address, or writing mask rules for those blocks, I want to nail down which processes are making these requests…

Does that make it clear what I am trying to accomplish?

There is a program called Currports, which almost catches some of these requests, however, if I block the request I believe the Currports cannot identify who made the requests. It reports the request as UNKNOWN…also, it isnt’ fast enough to catch them all.

Can commodo firewall report to me more detailed information from a svchost.exe alert. Which service is making the request. This seems like good information to have. Perhaps I am going about it the wrong way.

Thank you for your thoughtful reply though.

Set the Defense+ to paranoid mode.
if any exe tried to piggyride svchost for network acess it is alerted,but I havn.t seen alert for any service piggybacking svchost.

However you can get an idea howmany services are running by examing hklm\software\microsoft\windowsnt\svchost.

Depending upon the use you can take the action.