Strange seceurity warning from firewall - should I be worried?

Strange seceurity warning from firewall - should I be worried? (Full Version)

All Forums >> [Community] >> Computer Software and Hardware issues

Message

womble -> Strange seceurity warning from firewall - should I be worried? (1/23/2007 17:04:03)
I'm getting some strange error messages from my newly installed firewall, ZoneAlarm (BidDefender got ditched for hogging system resources and generally slowing things down). It's only been installed about a week so it's still asking me constantly what's allowed to access the internet etc., but it's generally very well behaved. I keep getting Security Alert messages (about 20 this evening) from it though that read: quote: The firewall has blocked Internet access to your computer (ICMP Unreachable) from xxx.xxx.x.x Program: Generic Host Process for Win32 Services (xxx.xxx.x.x is the IP address of my router) This is what the ZoneAlarm site has to say about it when I click the "more info" button. Anyone any ideas what this means in plain English and is it something I should be worried about? I've scanned with AVG Anti-Spyware, Spybot S&D, NoAdware and done an In-Depth scan with NOD32, and they're all coming back clear. The router btw is a Netgear, and I've got the wireless network set up with WEP-PSK. Any ideas?

ou812 -> RE: Strange seceurity warning from firewall - should I be worried? (1/23/2007 19:38:33)
I believe if you go into ZA you should find that "Generic Host Process for Win32 Services" points to a program called svchost.exe This is used by other programs on your system, and if it can't access the Internet then they won't be able either. An older article here, but I believe it still pertains: http://www.pcworld.com/article/id,103781-page,1/article.html?tk=wb110402x Oh, and I let svchost.exe have access too.

womble -> RE: Strange seceurity warning from firewall - should I be worried? (1/23/2007 19:54:11)
Thanks Brian - I'll check that out tomorrow when my eyes are open - just realised it's 0.50am here and I've got to be up for work at 7am in the morning...[&o]

bobby -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 0:14:06)
If it's blocked access then you don't have anything to worry about... ZA is doing its job. I typically check the box not to notify me about what it blocks on the incoming side. As long as it's not getting in I don't care how often generic software apps try to latch onto my system. [;)]

ou812 -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 0:25:40)
Good point, bobby. I didn't notice it said inbound from the router to the computer. If so, then yes I would at the very least make it ask me for permission!

BobbyDouglas -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 2:57:11)
ZA does this kind of stuff all the time. You can pretty much ignore the popups.

womble -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 11:15:15)
Thanks all. Normally I just trust my firewall to pretty much get on and do whatever it's got to do, but I was just a little concerned with the warning coming up with the IP address of my router. Next time it asks me if I want it to see the warning again I'll just tell it I don't.

Larry M. -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 13:24:05)
Womble, After repeated svchost.exe errors, I disabled it at start-up by: (1) Control Panel, (2) Admistrative Services, (3) Windows Image Acquisition (WIA) then: (4) Startup type = Disabled and (5) Service Status = Stopped. I associated this error as a conflict between my Belkin Wireless Router and previously installed HP 7410 printer drivers, so this may not be either the fix for your situation or even a recommend fix for anything or anybody else. I will say this approach, however, worked for me. Proceed with caution [X(]

BobbyDouglas -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 13:52:06)
I thought svchost.exe was required for startup...

Larry M. -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 18:10:43)
quote: I thought svchost.exe was required for startup... Bobby, Apparently not [8D] In addition to my desktop, I've disabled two companion laptops in the same fashion for the wireless printserv function. The fix was sourced from the MS KB, not from Belkin, not from HP.

rdouglass -> RE: Strange seceurity warning from firewall - should I be worried? (1/24/2007 21:01:56)
quote: svchost.exe My $.02 on the matter paraphrasing a lot: Svchost.exe is a 'generic' application on Win32 OS's that many .DLL's require to operate. Many systems will run more than 1 instance of svchost.exe; in fact, my PC has 4 instances running right at this moment and I'm 99.999% confident my system is 'clean' from malware and virii. Just because svchost.exe is running doesn't mean you have a problem. The reason that you see ZA report it is that outside processes are trying to talk to svchost.exe. That is a common place that many malware and virii can be accessed by others to 'advertize' themselves and their capabilities. And because of that, some people think that if svchost.exe is running, you have a virus. Not true. Frequently the case due to the nature of virii and malware but not 'prima facie' evidence to that fact. I am by no means an expert on it but I do know that just because it's running, really is no proof that there is foul play. And as others have indicated, ZA is doing exactly what it's supposed to do.

womble -> RE: Strange seceurity warning from firewall - should I be worried? (1/25/2007 5:58:54)
That makes sense Roger. I checked in the ZA control panel, and it's allowing access for svchost.exe in the trusted and internet zones, and under 'server' for the 'trusted' zone, but not the 'internet' zone. Reading what it said about what the "server" part meant it says, quote: Access: Allows a program to actively retrieve information on the Internet or network Server: Allows a program to passively listen for unsolicited contact from the Internet or network. Very few programs require server rights. I did try to change it the other night but it said (me paraphrasing) "Whoa! Are you sure you want to do that?", so I left it as it was on the grounds that ZA probably knows best. [:D] I guess that makes sense though that it's allowing "listening" from my trusted sites and services, but not from any old server out there. [image]local://upfiles/14943/AE650C4F8C9A474295B9202E3F2D04ED.jpg[/image]

TJolly -> RE: Strange seceurity warning from firewall - should I be worried? (1/25/2007 7:00:36)
Svchost.exe is part of the windows operating system and should be found in C:\WINDOWS\System32 folder. However, it has also been identified as a backdoor vulnerability if running elsewhere on a system. Svchost.exe

Page: [1]

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.09375