Ruleset for svchost.exe!

RaiGal · January 2, 2011, 7:11pm

Hello there guys,happy new year!

Lately i have been getting a lot weird connections and activity from svchost.exe.More or less this is the executable which is targeted 99% of the time by trojans.I would really appreciate a ruleset until i find out a way to deal with this permanently.

1)As of lately I have been thinking about installing a program to protect svchost.exe and similar important windows files but i haven’t out anything.I am trying to find a shadowing/sandboxing combo program in which i can monitor programs which ask access from svchost.exe and afterwards accordingly permanently allow them or revert to the previous state.Thing is that most of the time the intruder stays permanently there.

2)I am using Comodo Firewall and HIPS and i can say that i am very satisfied.However i have been looking for a way to isolate a program and run it in a sandboxed environment which doesn’t allow interaction with any other program or net access.

3)Also i am looking for system hardening tools for windows 7!

Thank you for your time guys!Any help is appreciated!

deadman · January 2, 2011, 10:33pm

You can download CCE and use KillSwitch to determine whether is particular process safe or not. You have a Comodo firewall installed, so it will warn you if a svchost.exe is trying to do something weird and if it is infected. You can also use Sandboxie for browsing internet.
Here is the list of the system-hardening programs.

yahuah_savaoth · January 14, 2011, 5:44pm

hi

can I use this sandboxie software along with comodo firewall vr5…if so, could u plz guide me how to do that?

thanQ

deadman · January 14, 2011, 5:46pm

You can run Sandboxie alongside Comodo firewall without any problems.

yahuah_savaoth · January 15, 2011, 1:58pm

ThanQ 4 the quick reply man, I’l try it very soon…

RaiGal · January 15, 2011, 7:35pm

These are the ports used by svchost.exe.Is there something out of the ordinary?

http://img835.imageshack.us/i/123ph.jpg/