Does NIS2010 Scan Inside Svchost.exe?

On the Application Ratings tab NIS 2010 shows Svchost.exe as a single process that is Norton Trusted.  Does NIS 2010 scan each application running inside every occurrence of Svchost.exe?

Hi car825:

 

I believe that since svchost.exe is a Trusted File, it would not be scanned again unless modified.

 

Here is a good explanation of how svchost.exe works - it's a bit different that what you posted:

 

http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/

 

The NIS 2010 Real Time engine will protect you against any threats when executing an application.

 

Hope this helps.

 

Hi Plankton

Was interested in this post, but when I clicked on the Link it would not open.

Is it working for you ?

 

Edit:-

Have googled the Link and found the site, which is given a green tick by norton, and the address is exactly as your link.

So don't know why I couldn't open your link.

Thanks.

 

 

Message Edited by boneidle on 11-23-2009 07:47 AM

Hi boneidle,

 

The link works fine for me -- maybe it was just a fluke that you couldn't open it.

 

Plankton,

 

Thanks for the link. It's one of the best explanations of svchost that I've seen, and it's well worth passing on. :smileywink:

Hi:

 

Always glad to be of assistance. :smileyhappy:

car825 -

 

svchost.exe as a Trusted process would not be scanned in itself (the file is Trusted so it will be allowed to load in memory and not be scanned in memory as long as it has a Trusted rating) however all the loaded processes it "launches" inside the svchost.exe shell will be scanned and monitored by Auto Protect's Real Time scanning features (File and memory scanning and SONAR for process abnormalities) if they do not have a Trusted rating.

 

If you have NIS2010 and look in the Application Rating (Norton Insight) display, you can change the display to see "All Loaded Modules".  Here you will see the dlls that are loaded in memory and their respective ratings.  Any module that does not have a Trusted rating will be scanned even if this is loaded into the svchost.exe "shell" (a Trusted executable file).  Norton Insight will rate each process, not just an executable file, to help keep your system safe and have less impact on the system resources (Norton will only scan the processes that are not Trusted).

 

Does this help in further clearing up your question?