Svchost .What rules ?


Ok… svchost pops up a lot, i allow it, but after i sleep the pc, up it pops again. Cant i set a rule for svchost ? Im behind a router anyway so i dont need to worry. And why arent there any preset rules for svchost. ? That pops up always first after you install CPF3 .

Thanks :wink:

Windows XP Pro. 2.3ghz 1gig ram.

What does the popup say? I don’t have any explicit svchost rules either (except under D+ Windows Updaters) and never hear from it under Vista? What are your global rules? Does anything show up in the log?

[attachment deleted by admin]

Try to set svchost as blocked app and see how it goes.

The usual thing that happens when you wake up is that your router and NIC trade some ICMPs, maybe IGMPs, probably through svchost. But I get a log entry, not a popup, and don’t get it now because I use a fixed IP for my NIC. Try adding a rule for svchost to allow and log ICMP between your router and NIC, or your whole network if you have more than one computer.

Do you have a network or just a single computer talking to a router? Mine might look like (under svchost, if that’s what your log say is being blocked)
Allow/ICMP/ in&out/Home/Home/Any. I have defined a network zone called “Home”, which consists of IP,, I don’t want to trust the network, but sending ICMPs is OK within my house. Or you can restrict it a bit by starting out with “allow and log” or “block and log” and then restricting the IP addresses and ICMPs to what you actually see. You can also block and not log if you just want things to go away.

I have a single computer talking to my router, my log is clear nothing blocked.
my rules are

Allow TCP In

Allow UDP In

Then it says… Source Address Source Ip Mask and 255.255.255 .0

Thats on both TCP and UDP , all other settings are ANY.


Does your single computer have a fixed IP address on the LAN or do you get it from the router every time you come up? One easy thing to try is make your wireless adapter address a fixed address like Go to your adapter/properties/IP v4/properties and check “use a fixed address”. Use the entries,, For DNS servers use and This eliminates the ICMP messages for me.

Or you can make the explicit rule under svchost
Allow& log/ICMP/in&out/ip mask mask to allow and log all the ICMP messages

Thanks sded,
i’ll let you know in a day or so how it goes :wink:

Hi again.
Yes that works well, but i have to keep clearing logs ! Can i do the same and choose not to log firewall events for ICMP. (untick ) ?
I dont think i need the logs for this, im behind a router so not worried.

No, the logging was just to make sure you caught everything. Now you can uncheck it. Glad it works for you. :slight_smile:

All that was in the logs were green ticks no red ones ? Is that good. ?

jeez that sounds basic lmao. :smiley:
Thanks sded

Yes, you are allowing your network to send ICMPs among itself. If you want to see if the network works normally with them blocked, change the allow to block in the rule above and make sure everything is normal. ICMPs are your basic network status messages, and if there is only you and a router, not much to block.

Ok, will do. Then do i change it back to allow after im done testing ?