Svchost is always safe?

Escuse me for my probably trivial question (and for my bad english, too).

I don’t trust in every activity of svchost, so I wish to ask you when is better blocking it and when no.
Premise that I have already set the network rules, to blocking any activity on ports 135-139, 450 and 500, but I see the process trying to connect via TCP/UDP on outbound IP address, with “services.exe” parent.

Those IP address are often:

  • “my DNS server” on port 53 (UDP);
  • Windows Update web page on port 443 (TCP), and note that I’d disabled automatic updates;
  • sites like “” on port 80 (TCP)… “Directory Listing Denied” is reserch response of this web site.
  • others…

Could you explain me how is better to do?
Thaks so much and good 2007 to everyone.

No suggestion for me??

Hi watcher,

svchost is a core part of the operating system for both offline and online tasks. If you block it completely your not going to be able to connect to the internet.

The windows update is safe, although, having disabled automatic updates i can’t be sure why its still trying to connect. I have also disabled auto update, and i don’t have a problem. Perhaps someone else might be able to offer assistance here? I ran a WHOIS on - it is a Microsoft site

The default rules are very safe, but i would suggest reading this thread:,1125.0.html so you can understand more about how the rules work and how to set them up.

Just in case, the correct method is: (assuming you have XP SP2)
Start Menu > Control Panel > Windows Security Centre. Then click on Automatic Updates, choose the Disable Automatic Updates radio button. Then Click OK. Next click on the Change How Security Center alerts me. Then check the the Automatic Updates checkbox and click ok. Close the window, then restart your machine.

Thank you very much for your kindness and your suggestions.

My Automatic Updates are already disabled in the System Properties, but I still note svchost/service going to Microsoft address (and I don’t know why, since my copy of WinXP SP2 is regular).

So I’d blocked outbound svchost TCP connections in a hypothetical range of Microsoft IP address ( -, while I’d allowed its UDP connections to my OpenDNS servers (otherwise I’m not going to be able to connect to the internet).

Outbound TCP connections on port 443 (Microsoft Update) are now non-existent, unless I decide to try manually updates (perfect!!).

Now seems to me that it’s all OK, what do you know?

My best greetings to you.

Wrong you can disable DNS Cache service then you can safely block, this M$ spyware ■■■■ called svchost.exe and other craps.
Wow i must say this svchost.exe does not give up! After each restart it try to use new program to send send data to internet, it tryed alg.exe and cmdagent.exe (which is part of CFP) so far.

Just go to Control Panel, Administrative Tools, Services and disable service called “DNS Client” then when you block svchost.exe every application will work as intended, probably you lose build-in windows update and clock update, but its better than losing your privacy, also dont forget to block services.exe and System (whatever this is?) and keep in mind always block ■■■■ you dont know, nothing go wrong if you block it, happy internet sailing.

Thanks to you, Hren$Gori.
I’d try to disable the service, but I note that my internet connection run more slowly now.
It’s possible that stop researching DNS servers do this?