Sychost.exe

Can anyone tell me why I keep getting this ‘pop-up’, it happends when I connect to the internet and sometimes when I go to a new web-site.

Greetings widgetwilk,

Svchost.exe is completely safe, it needs to access port 53, 67, 68 80 and 443, so if it doesn’t connect to any other ports, you shouldn’t worry. If you use Windows time server, then it’ll need to connect to some ports to synchronize your clock, don’t know which ones since I’ve disabled it.
Like I said, accept them unless they’re connecting to another port than 53, 67, 68, 80 or 443. Also accept it when you’re using time synchronize.
Port 53 is used to handle DNS requests, port 67 and 68 to obtain your IP-adress.

So create a rule like this:
Application: C:\Windows\system32\svchost.exe
Parent: C:\Windows\system32\services.exe
Protocol: UDP/TCP
Direction: In/out
Source Ports: 53,67,68,80,443

Ragwing

This has cropped up on loads of threads on here and other forums.

It’s all due to the major Microsoft Updates this last week, and affects virtually everyone using CFP.

Just keep ticking the boxes and ‘allowing’.
Mine eventually cleared this morning.

Mike.

I had the impression, that CPF has (internal) default rules for this type of traffic. Comodo web page on leak tests:

"Default Rules

When a personal firewall is installed, by default, it tries to allow some vital specific traffic such as DHCP, DNS, netbios etc. not to interrupt the useful network activity. Doing so blindly may cause malicious programs to exploit these rules to access the Internet."

But this is not the case or what?

That’s because as Mike stated above, due to the M$ updates that were released this week. I noticed that even iexplore.exe (Internet Explorer) has changed its cryptographic signature that Application Monitor alerted me it detected a “new” application. Don’t worry because CFP 3 will have a gigantic safelist when it comes.

Can someone please view my latest post on this topic, its to do with ports and Svchost.exe I dont know which to allow and deny I’m a bit rubbish at this

https://forums.comodo.com/help/suspicious_iexplore-t11422.30.html

ps I have allowed some that are on the attached screenshot and would like to know if I was right to allow them please put my mind at rest

Could someone not make a sticky topic detailing which ports to allow?

Thank you all for replying, think I understand it is nothing to worry about, hope it goes soon as it is annoying,
if I have the problem for much longer I will come back and ask again,
thanks again for help.

Comodo : You need to change that pop-up so it clearly states
that svchost.exe NEEDS net-access granted if the user has just launched a network app .
If I was a newbie I would be quite worried about the pop-up :
virus/trojan blablabla … better safe than sorry so lets say NO …

on a side-note : Why do presumably security-conscious people allow
micr0$0ft to ■■■■■ their setup with all those ridiculous “updates” ?
Even when they DO fix a legitimate security-issue you can be pretty sure
they do it in some half- a**ed way a la " Trojans ? Let’s cripple the TCP/IP stack "
or " Lets kill raw packets ".
The last one killed several of the best auditing-tools, nmap to name just one.

In order to protect peoples computers Comodo should block windows-updates
by default; the fact that WinUpDate uses BITS should be reason enough .

hi gordon, so how do I “change that pop-up so it clearly states that sychost.exe NEEDS net-access”???

This happened to me as well… I uninstalled comodo and reinstalled it and it hasn’t bothered me ever since… It started after the latest microsoft updates as well!

thanks will try that later

I got rid of it by uninstalling all the automatic updates to Windos that loaded on the weekend.

Right let’s bump this up and try and get a definitive answer.

I can understand the problem last week with the MS updates causing us to have to do 20 or more SVC host ‘Allows’ on the CFP pop up boxes, but why does it ask for all these when no other updates have been done.

Last night 23.00 hours computer shut down.
Rebooted at 7.30am this morning, went to connect to internet via the USB modem and up popped all these boxes AGAIN before it was even properly connected.

Yes there was a MS Defender update to do but this appeared later.

Even launching PingPlotter brought up more boxes; I lost count as to how many.

While I enjoy using CFP (and actively promote it on other forums) and enjoy the protection this brings, I fear that others may not be so patient, and give up on it.
I believe some already have, which is a shame.

Is there anything that can be done with version 2 or do we have to wait till version 3 comes out as a full release which I understand does not suffer from this problem?

Mike.

Based on what I have witnessed and experienced, the recent updates did more than just change the signature on svchost; it seems to have completely changed this process, and several others as well. Thus, everything that utilizes these system processes, or touches them in any way, is going to cause a bajillion popups, including hijack alerts.

The simplest and least frustrating may be to uninstall and reinstall, without saving any application rules. Choose Automatic install mode, then after you’re done, run the Scan for Known Applications.

You may export and reimport your Network Monitor rules prior to uninstall by using Regedit. Go to the registry key HKLM/System/Software/Comodo/Firewall Pro/… I’m not on 2.4 atm, so I’m not sure the specific one to export, but I’m sure you can find it once you get there, as it will refer to the Network Monitor. After reinstalling, disable CFP’s “protect own registry settings,” set Security Level to Allow All, and then double-click that exported registry key to place it back in the registry. Then change security level back to Custom, and turn CFP’s registry protection back on.

LM

You may be right about the MS update changes but I don’t have this problem every time I reboot.

However I did have it again this evening; second time today.
Getting to be a bit of a PITA now!

I will experiment tomorrow and let you know.

How safe is CFPv3 to use on your main machine now, and does that suffer from the same problem after the MS updates?

Thanks for your comments,

Mike.

Just rebooted and no pop ups so it appears to be totally random, if that is possible. ???

Mike.

It is a pain, I know. It’d be nice if MS would publish a “What these updates will really do to your computer” for review before such a thing occurs. Not gonna happen though. :frowning:

As for v3, well there are some issues, of course, but I have yet to see anything that completely thrashes the system. Gibran has started a “workarounds” thread in the CFP Beta Corner for known issues with the current release.

Worst thing I’ve had is the BSOD after 2nd reboot; once I figured out the way around that, I haven’t had any serious issues - just annoying ones, LOL.

I don’t know how v3 has responded to the updates, as I did not do them on this machine. I have not used AutoUpdates for some time, nor have I intentions of ever doing so. I will occasionally manually update the items of my choice, and that’s all. I do not recall seeing anything posted in the Beta Boards about the recent updates, but I could have missed it. Sorry that’s not much help!

LM

PS: Totally random is entirely possible; we’re dealing with computers here. I think the only thing that is concrete is that there is nothing concrete, LOL.

OK on boot up this morning. :slight_smile:

Can live in hope that it doesn’t happen too often.

Will wait till CFPv3 comes out as final release.

Mike.

Update…

No problems for 3 days, then this evening I had a batch of SVC host allows to do.

I think it may have been due to trying to connect to the internet before every start-up program had loaded completely, and possibly BOClean had done it’s start-up scan of these individual programs as they load (I believe BOClean does this - correct me if I’m wrong).

The only clue I have at the moment.

Mike.

You are correct in your understanding of BOC’s behavior.