A more specific question. In the Norton AntiVirus 2008 product, under the program rules and specific to
Microsoft Generic Host Process for Win32 Services
is the default set to allow for all computers, all Ip addresses?
Doesn't that create a potential problem? When I look at the options I have Block, Auto, or Allow. Its set to auto but that just moves it to allow. I know some ports need to be open for many programs, but I'm concerned that it creates a problem for malicious activity to take place
Maybe my settings are wrong?
Perhaps a Norton staffer could tell me what the setting shouls be
Oh and please don't give me the answer I should update. that is not my question right now.
svchost.exe is a process belonging to Microsoft Service Host Process in the Microsoft Windows Operating System, which handles processes executed from DLLs. This needs to be allowed for making your Internet work. When you first install the program, most of the files listed in firewall rules will be set to Auto only. This means that Firewall should automatically decide whether to allow/block the access. When the firewall learns that a particular set of program executables that can be trusted, it will then change the access to Allow. Here, firewall(Internet Worm Protection) in NAV 2008 had trusted the file so that there is no need for automatic access, and that is why it changes to Allow even though you change the access to Auto.
Actually, I think for that particular item the options are only allow or block, not auto ( Not sure, perhaps a Norton staffer can confirm?)
But the part that concerns me is that an IP that I did not request contact with, connected to my machine and the firewall rules from My Norton program allowed this IP address to access my program
I know the IP address had nothing to do with program updates etc, because it belonged to Houston Community College in Houston Texas USA
so when the the firewall allows this communication, then doesn't that make me vulnerable to virus, spyware, etc?
Doesn't that create a potential problem?
Or by "permitting access", does that only means it allowed my program to acknowledge the request, didn't mean that something more happened?
I noticed that there were no exchange of bytes noted in the firewall log or the connection log
It is pretty hard to judge the effect of a firewall response without actually seeing it. Can you copy it here so that we can have a look. Just block out your personal IP address.