svchost.exe safe to add to trusted ?

svchost.exe always asking to allow i scanned it and it came up clean on virus total so can i add this to trusted

Set svchost.exe to be outgoing only. If you want tighter rules try a forum search for suggestions.

Well, depends on situation, if forwarded connection in use it will need minimum of port 53 from machine forwarded, but on basic usage I’d restrict it to:

Any, <Your DNS Address 1>, Any, 53
Any, <Your DNS Address 2>, Any, 53 (if connection is shared to second machine you will need also the second machine DNS/Gateway IP.)
Any, 255.255.255.255, Any, 67 (If DHCP is in use direct connection, if connection is shared to second machine you will need also port ‘68’)
Allow Access to Loopback Zone
Block All the rest

and, if you got something like ADSL modem or Some sort of router with internal DHCP within 192.168.x.x mask. It would look like:

Any, Internal DNS IP, Any, 53
Allow Access to Loopback Zone
Block All the rest

In all sense you only need port 53 to be able to connect to internet.

Hope this helps…