Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Zone Alarm blocking access to svchost.exe

Posted on 2004-08-13
7
Medium Priority
?
586 Views
Last Modified: 2006-11-17
Hello,

I get my internet from my university's network and I have just noticed that Zone Alarm keeps blocking continuous attempts to access svchost.exe from other users within my part of the network, and occasionally from network admin ips.

I'm thinking it's probably some normal function of the network, but I'm not sure. Does anyone know what it is?

Thank you :)
0
Comment
Question by:NorVegan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:mkgmkg
ID: 11791811
Hi,

The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging.

You should not allow svchost to listen for incoming connection requests. You really don't know who or what is trying to connect.  unless you know what is coming in, I'd block it.
All the programs that need internet access to function properly can initiate the contact from your computer so there is really no need to allow incoming connections to be accepted.
0
 
LVL 8

Expert Comment

by:cooljai1
ID: 11791974
Mkgmkg is right, check the name properly. Is it svchost or SCVHOST?
If its scvhost, then thats a worm
http://www.kephyr.com/spywarescanner/library/scvhost.worm/index.phtml
Svchost could cause this issue if your system has been affected with the blaster worm.
So update your virus definitions and run a thorough virus scan on the system.
this link gives you some information about the worm
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
0
 

Author Comment

by:NorVegan
ID: 11792171
I tried blocking it, but that blocked all traffic, so I opened it again. It still blocks those attempts, though. The two central servers are probably the ones I go through to get online, but I still don't see why it get so many hits from the other students' computers. Could it be poor network design, or is it normal that firwalls pick up traffic from other users on the same subnet?

Here's an example: "Medium rating, 2004/08/13 14:14:32+2:00 GMT, Program Access, svchost.exe, 129.240.***.***:3005 , Incoming (accept), Blocked, 1 count, bjs2-dhcp***.studby.***.no

It's not scvhost.exe. I doubt it is a virus.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 1

Expert Comment

by:mkgmkg
ID: 11795585
I am using zonealarm and have confirmed from the programs list that
only three programs are configured to listen on Internet side ie MSn , Yahoo and generic host process.exe. Rest all programs including Svchost.exe are blocked from listening to Internet side and this configuration is working finr for me.

Hence , i will suggest you that you can try re-installing the zonealarm once again and not allow svchost.exe to laccept conccetion from internet.

This should solve the problem.


0
 

Author Comment

by:NorVegan
ID: 11798215
But svchost.exe IS the generic host process executable.. I contacted the network admins, and although I couldn't get any clear and consise answers, one of them was thinking it might be machines infected with the DCOM/RPC exploit probing other machines on the network, and I think he might be right. One of them even stated he didn't have much knowledge of windows systems. I think this must be a podunk university when it comes to computer science. =D

Thanks for the reply, though.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12591464
PAQed with points refunded (50)

modulo
Community Support Moderator
0

Featured Post

Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question