1. Home
  2. Networking Firewalls
  3. Repeated inbound to access svchost.exe

Repeated inbound to access svchost.exe

Hi,

Norton Internet Security (firewall) keeps displaying the following info. dialog:

---------------------------------- Threat Level Low Risk At [datetime stamp] the following communication was detected:

Application: c:\\winnt\\system32\\svchost.exe Protocol: TCP (inbound) Remote Address: 82.35.78.249:1627 Local Address: STAN (XX.MY.IP.XX): epmap(135) This file is not infected with a virus. Autoconfiguration data exists for this application using this type of communication. This application is in the windows folder and is from a known company (Microsoft Corporation). This application does not have a digital signature or the digital signature is invalid.

The same info. but from a different IP address, among many others:

82.140.27.81:1835 82.35.75.99:3480

----------------------------------

The 'recommended' action is to allow the connection?!

I have no idea whether, or indeed why, I should allow these connections. I just installed Norton Internet Security yesterday before that I was using a different firewall.

The same info dialog pops up regularly (with varying IP addresses) and I am unsure what to do -- up to now I've been blocking them all.

Thanks,

MS

Reply to
MS
Loading thread data ...

That's because it wants to look useful so you'll buy the upgrades.

The headers of your post show your IP address as 82.35.73.70 This is not an issue it just means that replacing it with xx doesn't hide it.

Reassuring but potentially untrue if the virus was written yesterday.

I'd remove it if I were you and get yourself an external piece of hardware to block this kind of thing. For example

formatting link
are many others. A virus scanner is also essential, such as
formatting link

See above. Since you don't understand what your firewall is doing it's likely that a tool such as this

formatting link
with an analysis done by this site
formatting link
be far more beneficial than any software firewall.

Jason

Reply to
Jason Edwards

Hi,

Thanks, I didn't realize this.

Exactly.

I already have AVG and use Norton Anti Virus (also installed yesterday). I'll consider buying something like the hardware you recommended.

I run 2 different bits of anti adware / spyware / etc software regulary. I've also often used web sites that 'check your security', though not hijackthis.de -- it that a particulary good one?

I do understand what my firewall is doing in general terms, but not specifically about whether I should allow access to svchost.exe. I know that svchost.exe somehow manages internet connections but don't know whether it needs to receive data initiated in this way. My instinct is that it doesn't, but I'd like confirmation from the pros here.

Thanks,

MS

Reply to
MS

Incoming connection requests from the Internet have no business in your computer unless you know why they are needed and can configure an external box for port forwarding. Otherwise they should all be rejected. It does not matter whether the destination is svchost or anything else.

Jason

Reply to
Jason Edwards

Many thanks Jason. This clarifys things.

Cheers,

MS

Reply to
MS

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.