Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.
The svchost process (Generic Host Processes for Win32 Services) pretty much does exactly how its named. Microsoft says "Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs)." Basically this means that it acts as a means to allow DLLs network access. You can open cmd.exe and run "tasklist /svc" and you'll see all the windows services that are running using svchost.exe.
To answer your question, svchost.exe handles the services you see listed when you run the above command line. You'll see that svchost.exe can have several instances running. One of them you'll see is "TermService" (ie Terminal Services... Remote Desktop). Having a blanket rule for Allow ALL for svchost.exe is probably not as secure as having rules for each specific piece (or DLL) using svchost.exe. I would suggest removing the rule. Then you can wait for the next prompt and see what local port (for inbound) or remote port (for out bound) traffic its trying to do.
Example: If you have Remote Desktop turned on, you should expect to have a rule created to allow inbound local port 3389 for Remote Desktop.
Hope that helps answer your question. And yes we all have this setting.I use NAV2008 on Vista Home Premium with Vista Service pack 1. I have DSL on 24/7
When I looked at my program rules in my Norton settings I found this
Rule for The Generic Host for win32
It was set as follows
allow all in and outbound connections, from any computer, any port, and any type of protocol.
I don't understand this all very much. Not sure if the rule was there by default or If using remote access from Microsoft months ago created this rule.
If I delete that Rule won't it stop the Generic Host for win32 for all the services that need that program?
when I do that I see MANY things using svchost.exe. So if I delete that program rule, won't it close these things down?
svchost is part of Windows. If you delete the rule then certain Windows program will not run problem. Why do you want to delete the rule for? Are you behind a hardware firewall? Use Anvir Task Manager and you will get a description about each processes.
Its a rather long complicated mess. My port 3389 (ms-wbt-server) was open and there are sometimes connections to it. So trying to discover what is what, I found that under my program rules there is a rule for
Microsoft Genneric Host process for win32 services to allow in/outbound communication with all computers all types of connections and all protocols. So the feedback I'm getting is that I should delete this program rule. But then I worry how that will impact the other services that use svchost.exe. I don't use remote access and it must have been used once before by my wife, so I guess it created this rule and remains open
I can see two options here:
01. You Block Traffic - In-bound, Out-bound or Both - via your Norton Product.
02. You set-up a Monitor Rule via Norton.
you mean a rule to block inbound on portt 3389?
NY1986 wrote:
you mean a rule to block inbound on portt 3389?
Yes, In-bound, Out-bound or In-bound and Out-bound - un-less you are talking about another Port.
My Rule for The Generic Host for win32 is now set to auto to allow Norton to make the decision. That a safe bet? It said some programs if they are not a trusted program, can’t be set at auto. But If I was able to, I guess it is allowed, eh?
Now I set this to auto and then went to yahoo to check email. When I went to the yahoo sign in page, it looked all funky, like a little more bare bones than usually. So now I'm wondering was this effected by the chnage I made to generic host for win32 services?
Or maybe just a coincidence. I'm not at that computer now, so I can't test it
Anyone else have this program rule with this setting?