What is Generic Host Process for Win32 Services with the file name/path C:\WINDOWS\system32\svchost.exe and does it need server permission to work properly?

Hello

I have just started getting ridiculous amounts alerts from my firewall program (ZoneAlarm by ZoneLabs), which say that it had blocked 'Generic Host Process for Win32' from accepting a connection from the internet. When I look in the program list in ZoneAlarm I see that this program 'Generic Host Process for Win32 Services' with file name/path C:\\WINDOWS\\system32\\svchost.exe is set not to allow it to have server permission for the Internet Zone. It is however set to have access permission.

I don't know what this program is, but does it require server permission for the Internet zone to work properly?

Also when ZoneAlarm says 'blocked...from accepting a connection from the internet' does this mean the program in question was trying to act as a server? (I assume that if it were to accept a connection from the internet this would imply that it had not made the connection request itself and so would be trying to act as a server but not sure).

I don't know what has caused ZoneAlarm to suddenly act like this. Before this happened I had installed xampp (so that I can use my computer as a server to test php pages) but I don't see how this could have affected ZoneAlarm. Also I had decided to have a closer look at ZoneAlarm just before this happened but didn't notice making any changes to it whatsoever.

Is it safe to change 'Generic Host Process for Win32 Services' so it has server permission for the Internet Zone? And if it is why didn't it need to do this before?

Any help most welcome!

AM

Reply to
admyc
Loading thread data ...

Why do you wonder? That's what this software is supposed to do.

Why do you wonder? This software is supposed to create random errors.

Ouch! And you'd like to run a host-based packet filter as security solution. Oh my...

Depending on your configuration: possibly.

Who knows? The manual states so.

Now would you please read the fu^H^H"fine" online manual about the service host process, about identifying the services it hosts and their network communication functionalities?

Shouldn't YOU know?

Reply to
Sebastian Gottschalk

It seems your personal FW or better yet a machine level packet filter, it's not a FW, has it's Application Control complaining about nothing and has you paranoid.

I suggest you get a book on the XP O/S and find out what the Svchost.exe that's running out of C:\\Windows\\system32, the legit folder for svchost.exe to be running from, is about, along with finding out other things about the XP O/S. You can also search Google for "Generic Host Process for Win32 Services" or "Svchost.exe", as Google is your friend.

Svchost.exe never acts on its own. It acts on the behalf of other programs that want to communicate with each other, whether that be a legit or non-legit reason.

Well, there you go and it's the worthless App Control in ZA that's doing it. Is it giving you any indication as to what remote IP that it's trying to connect to or is it a generic message and ZA doesn't know if the communications is between two programs running on the machine?

Now, you have something that's running on the computer that's acting as a server software, which may be using Svchost.exe, the messenger for O/S and other such programs that must communicate and allows them to communicate with each other, to switch and act as a possible client and a server.

See above and put the machine behind the protection of a cheap NAT router, as you don't have to worry about what Svchost.exe is doing and ZA is whining about, if the machine is acting as a server.

formatting link

You can use Process Explorer (free) use Google and it will tell you all the hidden/processes a program such as svchost.exe or other programs/processes has piggy backing off of it. You can use PE to make a determination everything running with an hosting program is legit or not legit as malware can use svchost.exe too.

If svchost.exe is not running out of C:\\WINDOWS\\system32, then it's a Trojan.

formatting link
You should stop depending upon ZA to tell you what's happening as it can be easily fooled and beaten. You should look around for yourself and understand what's happening.

Duane :)

Reply to
Duane Arnold

Hello, AM

I doubt that you'll get any serious help in this newsgroup. It seems to have been hi-jacked by firewall haters.

Your best bet for answers would be ZoneLabs User Forums. The link is inside the Help pages in ZoneAlarm interface. Another good resource is the Windows XP forums at Microsoft.com. Check them out. Meanwhile, don't give any programs server permission unless you know what it is and why it needs it. Good luck.

charlie R

Reply to
charlie R

formatting link
This person has installed a Web server using services that communicate with SVChost.exe. If one is going to do something like that, then one should know what he or she is doing not only with the software, but with the O/S as well.

If the person has a choice, then he or she should go behind the protection of a NAT router, at the very least, in trying to protect those services. If the person wants to use ZA, then use it on the machine behind a NAT router and get it off of a direct connection to the Internet, no appliance between the modem and the computer, as it's nothing but hack bait. The pserson should disable ZA's App Control too as it's worthless.

Duane :)

Reply to
Duane Arnold

Urging people to understand their system without using nonsense apps like ZA is serious help IMHO.

Maybe the term "firewall" was hi-jacked long before by those who invented "personal firewalls".

I agree. In the ZoneLabs forums you will probably find the answers that you like. In here you wil probably find answers you don't like.

Reply to
B. Nice

I wonder why the group trolls don't build a response that clearly tells people how to secure their entire computer system without the use of third-party tools...... Oh, wait, I already know, it's because you can't secure a computer against all that people are exposed too, and nothing they rant about really helps the nontechnical user because they don't ever tell the user how to do anything - they just rant about how third- party solutions are bad, windows firewall good, grunt.

If they put half as much energy into building a FAQ that could be posted every month, they might actually be helping people, but they appear to be to stuck on how important they think they are than to spend real time helping real people.

Reply to
Leythos

Finally, the voice of reason ;-)

Reply to
prophet

formatting link
HTH, HAND, VB.

Reply to
Volker Birk

Yea, but they've KF me along ago, since it's sooo very easy to punch holes in their methods/ideals, to prove they are not helping anyone with their lack of useful information, etc....

They won't put the effort into building a Faq that would help users, as they've proven time and time again that they are not here to help users, they are only here to puff-up each others egos.

Reply to
Leythos

So why don't you post this when people as for help.

You are not doing most people any good by telling them that ZA or others are bad when Windows XP firewall has so many holes and also allows changes without user permissions.

What you need to do is suggest a SOLUTION, not a rant about products, and in that solution you need to give users a means to take corrective actions....

Oh, and you should change this statement under (5) Activate the XP- Firewall "The advantage of this firewall is a very simple configuration and a low risk of unauthorized changing the configuration (i.e. parameters, rules)."

It should read - "The DISADVANTAGE of this firewall is that it has been shown that many applications will insert exceptions in the Windows XP firewall without your permission and without warning, you should check the Exceptions list frequently. The Windows XP firewall is a minimal level of protection and should not be considered reliable."

Reply to
Leythos

What Leythos keeps ignoring is that a) this can only happen when the user has admin privileges, and that b) malware running with admin privileges can inject ANYTHING in ANY software running on the host. Including the oh-so-reliable personal firewalls he promotes so vigorously.

Instead of using useless software one should (unlike Leythos) rather NOT ignore point (1) of that list of measures: "For daily use only work with user-rights and no time as an administrator. Also use NTFS as file system to set proper rights and protect your PC against 'malware' like dialer."

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

You serioulsy need a reality-check.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

And you should adjust your scoring. :-)

Reply to
Sebastian Gottschalk

I don't ignore it at all - I accept the FACT that Windows XP ships with the default user setup as an Administrator and that every residential user I've run across that is nontechnical is still running as an Administrator level user.

Actually, I would love for people to learn, for people to use limited accounts like we setup for our clients and friends/family, and how we never ignore security.

What I would like to see is that people understand that Windows XP firewall is less secure that the zealots suggest it is, that the Windows XP firewall allows software to make exceptions WITHOUT ALERTING THE USER, and that it's not any better than anything else in unaware hands.

Understand - I DO NOT PROMOTE ANY FIREWALL APPLICATION, none, nada, not at all. I do not believe they provide the level of protection that people believe they do. I do firmly believe that people suggesting that the Windows XP firewall provides all the firewall protection a user could need is just BS and that there are better products on the market than the Windows XP firewall. With that said, I do not PROMOTE "Any" firewall, only state that the Windows XP firewall is not as good as others, provides limited protection, and is easily changed by applications without warning to the user.

Reply to
Leythos

In all of their threads they provide little help that can actually be put in place by a typical nontechnical user.

They provide so much crap that the message gets lost.

They are adamant that nothing is better than Windows XP firewall as a personal firewall soft solution.

Instead of complaining or hammering posters they should try and help.

Reply to
Leythos

Do you agree that malware running with admin priviliges can inject ANYTHING in ANY software running on a host? YES or NO.

/B. Nice

Reply to
B. Nice

AMEN to that. Nothing worse then smart ass trolls except possibly p*rn spammers.

Reply to
Gary

And what about top posters ;-)

Gary wrote:

Reply to
Wilf

Hey, Shutup!!

How else are we poor people supposed to get our free p*rn? :0)

Reply to
Anonyma

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.