SVCHOST.EXE

Hi There!
I’m new to this firewall stuff and just installed the Comodo Firewall software in my computer. When the PC starts up I get a bunch of screens asking about allowing svchost.exe. Is this something that I should put a checkmark in the box for so that it remembers my setting and allow this or is this something that I should be concerned about? ???

I am running Windows XP and just started with a cable/dsl connection to the interent. I did check off to remember my settings and allow the antivirus software as well as the software for my internet connection but have been removing the checkmark to remember my settings for anything else that pops up and then allowing it. Is this the correct thing to do? ???

Any assistance would be Greatly Appreciated. :slight_smile:

TIA
lnjr

Hi Injr

svchost.exe needs internet access for windows updates and to renew your IP adress, allow this.

Hope this helps you.
Novie

Welcome to the forums, Injr ~

Novie’s correct about svchost.exe; it’s pretty much vital to your internet connectivity, along with system time, updates, etc.

You may find this thread helpful as you explore the firewall; it has a lot of good stuff in it.

https://forums.comodo.com/index.php/topic,6167.0.html

LM

HI There!

Thanks for the information and the link for the tutorial. It is greatly appreciated.

I wasn’t sure since the pop up stated Suspicious Behavior — svchost.exe parent services.exe C:\Windows\Explorer.exe has tried to use svchost.ese through OLE Automation which can be used to Hijack other applications. Explorer.exe might be using svchost.exe to connect to the internet. So I just wanted to be sure.

Thanks Again!

lnjr (:WAV)

Thought I would post here to avoid lots of repeat topics

In the connections log its occasionaly saying that Svchost.exe (UDP out) with destination source 239.255.255.250:1900 is this a valid connection or should I be worried?

Outbound to 239.255.255.250 (1900 UDP) is what as known as a Multicast Broadcast… or SSDP Discovery or UPnP NAT… in this specific case. It’s related to Windows Messenger. If you don’t use Windows Messenger, then you should disable it.

This is WindowsNetworking.com’s solution. An effective registry tweak (present in many free tweak utilities). There are other ways, such as setting the relevant services to manual (some tweak utilities do this as well).

So is it dangerous to allow it (ie get attacked through it, virus etc) or will Comodo firewall block any attempt to use it for malicious purposes?

Yes, there are exploits that take advantage of Windows Messenger… but, CFP will still ask for authorisation for any new component wanting Net access (in either direction). If you instruct CFP to allow it, then it would fall to your AV to stop anything bad from happening. Another factor to consider is that the broadcast will ■■■■ away any sense of stealth. Your system will be visible for what it is… Windows running SSDP Discovery (I think it even gives away the Windows version by implication).

How would I block it now would I have to remove something from my firewall so that it would ask me again so I could block it?

ps does Messenger still work if I block this specific port thing?

thanks for your help mate

Hang on… when you say Messenger do you mean MSN Messenger or Windows Messenger?

Hi guys, I thought I would try to wake this thread back up because it’s the same issue I am having now, and it’s new. I’ve never had Comodo explain to me that explorer.exe was using svchost.exe through OLE to access the internet. It just started yesterday while I was running BF2 and ignoring or selecting “deny” breaks my internet conn. I reboot, and everything is fine, until I get that message again.

I did also run windows update 2 days ago. Any relation? Most unneeded background progs are disabled (event log, auto updates, background intelligent transfer svc, etc)

netscion, welcome to the forums! There’s more detail about the OLE alerts in the FAQ boards. The short skinny is that Win Updates frequently cause issues because of small system changes; OLE are nto something you have to be concerned about unless you don’t know the applications mentioned in the alert; and finally, yes, Deny will block the connection until you clear out the temporary memory/rules (which a reboot will certainly do).

Check the FAQ for more info…

LM

When I went to end svchost.exe it showed what was using it, and I noticed that Zune.exe was the only thing there. it is already set to manual, but the fact that my firewall is blocking it might be why I can no longer stream movies to my XBOX360. I prefer this method because I have found that less of my movies glitch out when I use the Zune streaming, as opposed to the normal Windows Streaming. what would yo suggest?

This topic is 6 years old so im going to lock it. If u need help please create your own topic