Ok… svchost pops up a lot, i allow it, but after i sleep the pc, up it pops again. Cant i set a rule for svchost ? Im behind a router anyway so i dont need to worry. And why arent there any preset rules for svchost. ? That pops up always first after you install CPF3 .
What does the popup say? I don’t have any explicit svchost rules either (except under D+ Windows Updaters) and never hear from it under Vista? What are your global rules? Does anything show up in the log?
The usual thing that happens when you wake up is that your router and NIC trade some ICMPs, maybe IGMPs, probably through svchost. But I get a log entry, not a popup, and don’t get it now because I use a fixed IP for my NIC. Try adding a rule for svchost to allow and log ICMP between your router and NIC, or your whole network if you have more than one computer.
Do you have a network or just a single computer talking to a router? Mine might look like (under svchost, if that’s what your log say is being blocked)
Allow/ICMP/ in&out/Home/Home/Any. I have defined a network zone called “Home”, which consists of IP 192.168.1.1-192.168.1.20, 0.0.0.0, 255.255.255.255. I don’t want to trust the network, but sending ICMPs is OK within my house. Or you can restrict it a bit by starting out with “allow and log” or “block and log” and then restricting the IP addresses and ICMPs to what you actually see. You can also block and not log if you just want things to go away.
Does your single computer have a fixed IP address on the LAN or do you get it from the router every time you come up? One easy thing to try is make your wireless adapter address a fixed address like 192.168.1.10. Go to your adapter/properties/IP v4/properties and check “use a fixed address”. Use the entries 192.168.1.10, 255.255.255.0, 192.168.1.1. For DNS servers use 188.8.131.52 and 184.108.40.206. This eliminates the ICMP messages for me.
Or you can make the explicit rule under svchost
Allow& log/ICMP/in&out/ip mask 192.168.1.1 255.255.255.0/ip mask 192.168.1.1 255.255.255.0/any to allow and log all the ICMP messages
Yes that works well, but i have to keep clearing logs ! Can i do the same and choose not to log firewall events for ICMP. (untick ) ?
I dont think i need the logs for this, im behind a router so not worried.
Yes, you are allowing your network to send ICMPs among itself. If you want to see if the network works normally with them blocked, change the allow to block in the rule above and make sure everything is normal. ICMPs are your basic network status messages, and if there is only you and a router, not much to block.