should svchost be set as outgoing?

I saw from some posts that this window/system32/svchost.exe should be set as outgoing in comodo firewall rule. What is the reason for it?

Also, what are some safe rules/modifications to comodo for a home-user?

thanx in advance

If anyone could help on this it’ll be appreciated.

hi, xp user here…
wouldn’t mind knowing what to set for my svchost.exe internet access too…(sorry to hijack the thread)

windows updater applications and system seem to take care of SMB and windows updates…so I now wouldn’t mind knowing what to set svchost.exe as so that contact with my router works, but I still don’t let everything contact it!

thanks

I would not recommend to set svchost as outgoing, cause Netbios traffic is than not blocked.
I have set svchost to: TCP Port 80 outgoing
TCP Port 443 outgoing
UDP Port 53 outgoing.
And if you want, you can allow IP in/out for ip range 192.168.0.0 -192.168.255.255 for LAN.

I like to know about this thing also, Should svchost is really set as Outgoing Only?

Hi Soyabeaner | Mr.Bean, thanks for your reply. Please look this topic: https://forums.comodo.com/firewall-help/firewall-blocks-several-times-about-600-t50247.0.html

I had a problem like this as you see I solved this. But right now there is another problem, I write the problem in the topic which I started. Could you look at this also?

Thanks.

I’d like to know what’s the advantage/safety reasons for you setting them like this. Thanks.

I think I need to keep this topic active.

you should do apps just the minimum they need to work properly/ your system to work properly.
So svchost.exe is used for update services and DNS resolve. Therefor are the rules. To have full access to your LAN you need at least the LAN rule. You also need a rule for UPnP(1900), Port 3702, Port 2869.

in my opinion the sense of a firewall is to ristrict your internet connections to these connections, that are needed for your work and for your system to be stable. So it should minimize traffic.

Can you explain a little more how to set the rules for this? I’m confused…

In the added picture you will find the needed ruleset.

https://forums.comodo.com/firewall-help/simple-home-network-issue-t49925.0.html;msg360533#msg360533

can you show how to edit the rules to fit the picture? I don’t know how to configure the firewall to do the rules. thanks

Go to: Firewall->Advanced->Network Security Policies and look for svchost.exe: then double click and use a custom policy and then add rules.

I’m really sorry, but I’m still lost. I don’t know how to add the rules. Once I double-clicked, the rest is a mystery to me. Can you guide me step by step? thanx a lot.

Go to: Firewall->Advanced->Network Security Policies
then look for the app you want to modify. If this app is not in the list you can add a new one with the button on the right side.
In the next window(double klick existing app or add new app, same window appears)
you have to check boxes: One is treat as and the other is custom policies.
At the buttom you have buttons: add remove, up, dwon.
Click the add button.
Now in the new window You can decide to allow/block, log or not, TCP/UDP, In/Out.
Then you havve the tabs. For outgoing traffic the destination tabs are important. So if a dest. IP is need, add it to dest. IP. Remote Port, add the needed Port.
For example: Allow TCP Out, Source IP/Port: any Dest.IP:Any Dest. Port:80
description: HTTP Out.

[/quote]
So if I were to modify the setting to what you have described here, do I only adjust the destination port? For example, I just set the destination port to 80 for TCP, 443 for TCP, 53 for UDP, and leave all the other options for the other ports, such as the source and IP address as is (i.e., “any”)?

Also, if you don’t mind, how do I set the ip range for what you have here? There are so many options for IP.

Thanx very much, adioz86

The mentioned ports are all dest. Ports. all other settings to any.

For the IP range, set it in Source and Dest. IP. Choose the IP range check box.

Okay, I’ll try again. So what I’ve done is left all other settings as is and only added the change to the destination ports. Hope that’s right.

And what does putting “Http Out” in the description do?

Also, for the IP range, do I set it in Source and Dest. address for all three ports (TCP Port 80 outgoing,
TCP Port 443 outgoing and UDP Port 53 outgoing)?

Finally, is it normal to see bytes going both in and out in “outbound connections” when I click on “Active Connections” under the firewall tab?

thanx

For LAN set the IP Range in Source and Dest IP and set Source and Dest Port to any.

I would recommend to make a short description of the rule in the field.
So if you open network security policies then you see this short description for the rule.
Comodo else add like “allow outgoing Traffi from source IP any…”

It’s right that you have incoming and outgoging bytes.
Everytime a outgoing connection is established, your computer send reqeusts to a server, and demands an answer. so the answer is incoming.

Sorry, just want to confirm for the IP range: I do that for all the three rules I’ve created for TCP Port 80 outgoing, TCP Port 443 outgoing and UDP Port 53 outgoing? Or do I have to create the rules you have listed above for UPnP? If I were to do this new UPnP rule, is it the same for the rules for the TCP ports except that I have to list the IP for the destination address while the rest of the options as “any”?

After creating these rules, do I have to remove comodo’s default rule for “Allow IP out from IP any to IP Anywhere”?

Also, is it alright to check the box “log the event when the rule is fired”?

Finally, I’d like to know why is it safer to have the UPnP rules.

thanks adioz, you’ve helped a lot