Could somebody please advise me here.
Ive just changed comodos configuration from proactive to internet security.
I immediately received an orange firewall alert informing me that svchost.exe was trying to receive a connection from another computer.
I blocked this request.
Is it normal activity for svchost.exe to be receiving information from a remote computer?
Im a newbie so i blocked this.
Any help would be very much appreciated.
thank you very much.
I think it has to do with windows update but I might be wrong.
yes thats whats i suspected but im not entirely sure.
at valentinchen: your answers are very short, but there is often wrong content in it. HOW can you say, that it might be windows updates, when no information about the “intrusion” ip-adress was given? why should microsoft scan the internet for pc`s that need an update when the operating system has an update function? billions of ip-adresses, all day, many are behind a firewall, many are not online in the moment when microsoft would scan them… sounds very unrealistic this scenario, no?
to make it short:
NO ONE in the internet is searching “blindly around” to find computers to help them! (would be a waste of resources… but the bad guys are scanning the internet to slip into your pc … maybe with svchost exe as target, BECAUSE they try to make profit out of it).
when you run windows or any program that needs updates, it is the program itself that makes an OUTgoing request into the internet! so you dont need to allow anything that tries to come in as long as you didnt request it.
you have a firewall to block the things from the internet.
you can use OUTgoing rules, and the requested answers come in though. usually you dont need any “allow INgoing rules”.
use the stealth port wizard setting 3 “hide me from everyone”, so in the future you dont have to answer about unrequested ingoing attempts anymore.
clockwork I am not a genius and I am only trying help (even if I am right or wrong). Do you have problem with that? PM me the answer and we will continue there.
and darren use urlvoid.org to see what the ip address is from.
Svchost.exe is the most mysterious process in Windows 7/XP/Vista. Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs). The authentic svchost.exe file is located in C:\Windows\System32, but numerous viruses and trojans use the same file and process name to hide their activities.
Hopefully these links helps somebody
of what I know of comodo will (hopefully) find the malware svchost
i have no problem with that you try to help.
but in this scenario you dont help with telling, it could be windows update (incoming). that doesnt help any, and it could be a risk.
when you dont know, theres no need to tell something.
i dont tell something when i dont know.
its allways better to give no answer, than to give a wrong answer.
the opener did everything right (block if unknown), and nearly he had changed this behaviour to “maybe its just microsoft”, and one day he had made with that a wrong decision.
i wanted to make that clear, and to help (both of you). i guess you had make the connection mistake too, because of your answer.
so all is good now.
Narren. What is the source address of the alert?
I think the point is not to berate someone for being wrong, that’s just so much chest beating. Rather give what you believe is the correct answer. We’re here to help, I would hope!
Seasons greetings to everyone!