Why do most programs request windows service host access for the saving window?

Hi,

most (if not all) programs ask for access to COM-interface svchost.exe (windows service host) when the window to save files/documents is open (screenshot_005.png) and the folder tree drop down element shall be opened (screenshot_006.png).
Allowing this request meant to allow all programs that save files to access the windows service host. If I did that the Defense+ alarm wouldn’t make any sense. I understand the alarm that not all programs should have that access.

Why does that frequent request happen? When I block this request, the files are saved without any problem.

Is that access for any program a security risk? As far as I understood the unlimited access to windows service host enables the program to access the internet, too. What else?

Are there other problems in functionality, if I block this request for these programs?

Regards

System: Windows XP SP3

[attachment deleted by admin]

No. You would only allow it for Word.

If I did that the Defense+ alarm wouldn’t make any sense. I understand the alarm that not all programs should have that access.

Why does that frequent request happen? When I block this request, the files are saved without any problem.

May be the software has two or three strategies to save? When one gets blocked it will try another strategy.

Is that access for any program a security risk? As far as I understood the unlimited access to windows service host enables the program to access the internet, too. What else?

Are there other problems in functionality, if I block this request for these programs?

Regards

System: Windows XP SP3

Giving any program access would be a security risk. But when you trust the program and know the installer of the program comes from a trusted source you can allow it. A program using a certain technique does not make it malicious per definition.

Thank you for your answer.

I was not clear enough: Since (almost?) all programs show that behavior, allowing this access to all these programs means to allow most programs to access the windows service host.
Am I correct, that a program having access to the windows service host can use all not deactivated services?
I don’t feel comfortable with this.

That’s the problem: Since any program that saves files requests this access, I can’t tell whether all tools on my system do ONLY what I want, and not sending statistic or whatever data to the software vendor/distributer.
Maybe I am somewhat paranoid, but I’d like to know and control what the installed software does.

Which service is needed for saving files/documents? (… and is obviously not necessarily needed, when blocking the request has not effect.

Is there a way to find out which services a program wants to use when requesting access to windows service host?
Is there a way to give access only to certain services?

I see what you mean now; I understood you differently.

Am I correct, that a program having access to the windows service host can use all not deactivated services?
I don't know what you mean with this. What deactivated services are you referring to?
I don't feel comfortable with this.That's the problem: Since any program that saves files requests this access, I can't tell whether all tools on my system do ONLY what I want, and not sending statistic or whatever data to the software vendor/distributer. Maybe I am somewhat paranoid, but I'd like to know and control what the installed software does.
If a program seeks contact to the web you would get a D+ alert about the program accessing the DNS/RPC client.
Which service is needed for saving files/documents? (... and is obviously not necessarily needed, when blocking the request has not effect.
Technically speaking I don't know.
Is there a way to find out which services a program wants to use when requesting access to windows service host? Is there a way to give access only to certain services?
I have no clue here.

I just meant, that a program which has access to the windows service host, can access all services on the system. But I have deactivated those windows services, that are not necessary for my system. And I assume that deactivated services cannot be started by any software. So there was not stress on the word “deactivated” in my post.

I didn’t find the help file of CIS informative with respect to this issue. Is there a more elaborate explanation on security risks and protecting COM-interfaces - esp. svchost.com - anywhere else?