SVCHOST.EXE Rules - Are these correct?

I was wondering if these rules are correct for the SVCHOST.exe settings in the CIS?

Allow UDP in or out from host to destination port 1900 for IANA

Allow UDP in or out from source port 68 to destination port 67 for DHCP

Allow UDP in or out from source ports 1024-65535 to destination port 53 for DNS

Allow UDP in or out from source port 123 to destination port 123 for Time Sync

Allow all outgoing requests (this should cover Windows update requests)

Block and log all unmatching requests.

Look at screenshots in archive Reply #30

What about the time sync that needs to be allowed to come in to communicate? I don’t see anything allowing that, only outbound. I also notice that there isn’t anything allowing incoming, all set to out… if there is no incoming allowed then my modem/router can’t communicate with my pc and that results in time outs for my modem and connection sometimes.

I was told to set it for both in and out for DCHP, IANA, DNS and TimeSync. Can I get someone from comodo tech support to respond to this please.

  • First rule should be expanded to include -
  • There should be no inbound traffic allowed to svchost, except from within your home network and the loopback zone. There is no legitimate system process that I know of that requires inbound UDP access through SvcHost. All of your UDP rules need to go, as you’re exposing massive vulnerabilities and if your network and device hasn’t already been compromised, I’d be surprised. You’re giving someone 64,511 doors to hack into your network… extremely unwise.
  • The only UDP rule you should have under SvcHost is UDP out from any to any on any
  • I wouldn’t personally allow all outgoing requests, as i believe that’s opening up more ports than is needed.

SvcHost rules I have for instance are:

[attachment deleted by admin]