Will Firewall event history list the ip address or domain name that background running software is attempting to access?
Background running software or "services" often independently access the internet to "look for" updates, even when these automatic update options are turned-off ! Want to know which background software is initiating the request, and to what ip address or domain name the request is being sent ... then attempt to program Norton Internet Firewall to block this access, on a case by case basis -- any ideas?
Hi wdgoodwin, and welcome.. The only entry in my Firewall logs that show Ip addresses are in Firewall-Networks and Connections. If you want more control on activities you can turn off Automatic Program Control and turn on Advanced Events Monitoring.
This will however give you far more alerts than you may wish for, as indicated in the Help File.
You can turn on Advanced Events Monitoring only if you turn off the Automatic Program Control feature.
When you turn on Advanced Events Monitoring feature, you are prompted with numerous firewall alerts. If you do not want to receive firewall alerts, you can set Automatic Program Control to Automatic.*** If you want to manually specify Internet access settings for programs with Unproven or Poor trust level receiving inbound traffic, you can set Automatic Program Control to Aggressive. ***
Symantec recommends that you perform Advanced Events Monitoring carefully. You might make any incorrect decision that can allow malicious programs or block critical Internet programs and functions.
When you turn off Automatic Program Control, you can configure the various features in Advanced Events Monitoring. You can use the Advanced Events Monitoring features to allow or deny any of the events that may harm your computer. When the event occurs for the first time, a firewall alert appears and you can allow or block the event.
When you allow the event, the event details appear under the relevant category that is available in Advanced Events. The application that triggers the allowed event is added to the Trusted list of its corresponding category in Advanced Events Monitoring. You can remove the application from the list. In this case, firewall alert appears when the application triggers the event next time.
Thanks for the procedure -- for the purpose I described, would you recommend some other software that does the job of reveling the IP or domain addresses in a less complicated, less risky basis ... say like Komoto or (any ideas?) -- wdg
Have experimented with Automatic Program Control and Advanced Events monitoring, and determined the new log entries will not divulge the IP addresses, like I had hoped.
Windows svchost.exe, when listed to monior, will become an alert focus and be listed, but does not divulge the source which is spawning the svchost.exe handler; therefore, I am not in a position to inhibit the program that is making the access.
To review, the intention is to inhibit undireable background program internet access, by allowing the user to identify the culprit and take appropriate action ... Any thoughts out there?
To review, the intention is to inhibit undireable background program internet access, by allowing the user to identify the culprit and take appropriate action ... Any thoughts out there?
Automatic Program Control will block any malicious outbound traffic while allowing legitimate programs to call out. It is actually better able to monitor traffic and to determine what is safe and what is not than most users, since it actually sees the type of communication taking place and has the advantage of access to Symantec's sizable store of program information - it can tell a real program from a fake.
So the questions are: What programs are you seeking to block? And what do you consider to be undesirable background internet access? Are you saying that svchost.exe, which is Windows, should never have access? Or should only have access for specific tasks? And how would you know what task is being performed each time access is requested? Sure, there are applications that can show you what programs are accessing what IP address - but without knowing the purpose of the connection, what good does it do you? My advice would be to uninstall any program that you do not trust, and let Norton monitor the rest in Automatic Program Control mode. You have better things to do with your time. You asked - those are my thoughts.
Will Firewall event history list the ip address or domain name that background running software is attempting to access?
Background running software or "services" often independently access the internet to "look for" updates, even when these automatic update options are turned-off ! Want to know which background software is initiating the request, and to what ip address or domain name the request is being sent ... then attempt to program Norton Internet Firewall to block this access, on a case by case basis -- any ideas?
Hai wdgoodwin,
The direct answer for your question is to use the Resource and performance monitor (in win 7&8.x). Under the network tab, all details such as ipaddress, program or process accessing / initiating connection, amount of data being transfered, etc will be displayed.
Another effective tool is process monitor of MS/ Sysinternals.
(Use procmon.exe from sysinternals suite ->Select 'tools' -> Select 'Network Summary')
'svchost.exe' is a windows process which is is used to host other processes.
Svchost.exe is a process on your computer that hosts, or contains, other individual services that Windows uses to perform various functions. For example, Windows Defender uses a service that is hosted by a svchost.exe process.
There can be multiple instances of svchost.exe running on your computer, with each instance containing different services. One instance of svchost.exe might host a single service for a program, and another instance might host several services related to Windows. You can use Task Manager to view which services are running under each instance of svchost.exe.
To view which services are currently running under svchost.exe
Open Task Manager by right-clicking the taskbar, and then clicking Start Task Manager.
Click the Processes tab.
Click Show processes from all users. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
Right-click an instance of svchost.exe, and then click Go to Service(s). The services associated with the process are highlighted on the Services tab.
If you're prompted for an administrator password or confirmation, type the password or provide confirmation.