SillyDog701

[sundance]

I keep getting an alert telling me "Svchost.exe" is trying to send or Rx something. Should I let this have access with out asking first? Also there is a run.dll doing the same thing. should it have access as well?


Thanks,

Sundance

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01

[Mr. Tinkles]

Don't worry about svchost.exe being blocked. I use Norton Internet Security, and unless I block it, NIS constantly reports that it is trying to access the internet. This occured recently when I redid my system and the only things loaded were Windows and NIS..and yet for some reason this file was already trying to access the internet on a regular basis.

Just an FWIW, it's description is "Generic Host Process for Win32 Services". I block it, and everything works fine. As a matter of fact, EVERYTHING on my system is blocked from accessing the internet unless I give it explicit permission...MOST of the Microsoft apps are denied access and it works fine (HTML help, explorer, application layer gateway, error reporting, etc).

Can't help you with RUN.DLL since I don't have that file anywhere on my system. Do a file search and see where that file resides, check its properties and see if you can figure out what company is responsible for it. If, for example's sake, it were from the people who run stardownloader, I would let it since that is my download manager. However, if it turned out to be loaded as part of my HP printer drivers, I would deny it access .

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 (CK-SillyDog)

[profman]

Mr. Tinkles is basically right. If you forbid contact to the internet by any of these processes AND it does not bother your system, then you are probably OK. OTOH, perhaps these contacts might not hurt you either. A very quick search on Google got several hits, two of which are shown below.

A Description of Svchost.exe in Windows XP

Run dll as an App in Zone alarm list

It might be a good idea to scan your system for adware and spyware. You might want to run the latest version of ad-aware to check out your system, although I have not yet used version 6. I hate it when programs try to dial home without asking me first. So far I have used ZoneAlarm under Windows 2000 and Windows 98, but not Windows XP.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 (CK-profman)

[Mr. Tinkles]

Care for another reason to block svchost.exe? This just happened minutes ago when the only thing I was doing online was downloading the latest updates to, oddly enough, Norton Internet Security. A remote address tried to access svchost.exe. Straight from the NIS system log:

Date: 2/16/2003 Time: 9:35:55
This one time, the user has chosen to "block" communications. Details:
Inbound UDP packet
Local address,service is (0.0.0.0,epmap(135))
Remote address,service is (203.45.172.193,3954)
Process name is "C:\WINNT\system32\svchost.exe"

That IP resolved to CPE-203-45-172-193.qld.bigpond.net.au which I seriously doubt had anything to do with NIS liveupdate. Now, you may be asking, why does he need to do a one time block if he has svchost.exe permanently blocked? Because I reformated and reloaded my system..haven't completely configured NIS yet

Btw, 100% spyware free. I religiously scan with ad-aware and all it picked up with its first scan after all my MS updates were done was "Alexa"..that reg key MS throws in. (makes sense, I -had- just formatted).

On the flip side, blocking svchost.exe may be why I have so much trouble getting my auto-dial to function reliably. Considering that description from the link Profman gave, it may be interfering with the services I have to set to automatic for auto-dial.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 (CK-SillyDog)