SVHOST Rules and Settings - Please assist

Hello Comodo Team and Comodo Community,

I’ve come to the forums looking for assistance about svchost.exe. My question is how should me and others deal with svchost when we get alerts for connection requests. Is there a rule setup to help CIS users in dealing with svchost? I’ve tried to get assistance before however it went no where fast. If I could get some support from someone here at comodo that would be great. Thank you.

  1. Allow UDP out and register IP source and IP the Destination Where Source Port is 68 and the Destination Port And 67 view (Dynamic Host Configuration Protocol - Wikipedia)

  2. Allow UDP Out From MAC Any To MAC Any

  3. Where Source Port Is Any and Destination Port is 53

  4. Block incoming UDP

  5. Block TCP input and output

  6. Block ICMP input and output

Or check out this topic:

I gotten 2, 4, 5 and 6…

Ok so how do I set these 2 up exactly?

  1. Allow UDP out and register IP source and IP the Destination

  2. Where Source Port Is Any and Destination Port is 53

I’m not that great with firewalls so I’m not exactly sure what I need to do to put those 2 rules into the firewall. If I put Allow UDP out(rule 2) wouldn’t that mean that rule 1 would be listed under that?

And as for rule 3, you kinda didn’t complete the rule unless I’m misunderstanding something. If you want post a picture of the SVCHOST rules competed in your CIS and I’ll make mine look like yours.

If you want the least hassle, just set svchost.exe to use the ‘Outgoing Only’ pre-set ruleset (which is allow IP out from any address to any address using any protocol). Which is probably what I’d do if I were you.

However, if you want to set it up manually so you know exactly what it’s connecting to, then the following screenshot is roughly what you can expect svchost to be making outgoing connections to. The certificate authorities it requests revocation lists from will likely differ.

As the ports are in ‘Portsets’, for reference these are the port numbers:
DNS Port - 53
BOOTP Port - 67
NTP Port - 123
SLP Port - 427
DHCPv6 Port - 547
LLMNR Port - 5355
Non Privileged Ports - 1024 - 65535

[attachment deleted by admin]

sorry was drunk sleep. ;D
here’s the print.

[attachment deleted by admin]

Ok I got everything but where you have the ICPM rules. I don’t have a choice of ICPMv4 and ICPMv6 just ICPM.

Thanks for the response. I appreciate the feedback :). I’m gonna go with liosant’s post and how he is set up since I’ve already started it. Maybe the outgoing only would of been the easiest option though lol. :slight_smile:

ICPMv4 and ICPMv6 you select ICMP details