I Need Help With Firewall
Hello,
I'm having some strange activity on my home network. I can look at my firewall activity and see that there is constant activity going on under some processes when there shouldn't be any activity.
The one in particular that bothers me is under the "svchost.exe -k localserviceandnoimpersonation" process. I'm attaching a screen shot so you can see all the connections under this process.
I had Bit Defender 2010 all last year and I monitored my firewall activity rather closely. I never remember seeing anything like this. Now I have a new laptop with windows 7 and I upgraded to Bit Defender 2011.
Also, I have put the firewall into report mode and I am continually getting pop-ups from Bit Defender that a new IP add. has connected to my wireless network. The wireless connection requires a code to access it so I don't know how someone outside the house could get on it. The IP add. are the same as the ones under this svchost process referred to above.
I would like to stop this process from transmitting and receiving any data period. However, I can't figure out how I can do that in the Bit Defender gui.
If anyone can give me some insight, I would be greatly appreciative. I would really like to be able to manually block access of the internet to this process.
Thanks for your help...
Comments
-
Hello,
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services allows for better control and easier debugging.
To view the list of services that are running in Svchost: Click Start on the Windows taskbar, and then click Run.
In the Open box, type CMD, and then press ENTER.
Type Tasklist /SVC, and then press ENTER.
For more info on the SVCHOST process / service please click HERE
I have also enclosed a screenshot of how my svchost looks like on a Windows 7 machine. I do believe that you have nothing to worry about. Last but not least, the notification about the Wireless are not because someone connected at your private wireless network but because a connection was made under that adapter. You can disable those notification under:
BitDefender Security Center -> Firewall -> Settings -> Advanced Settings and uncheck the box next to 'Show Wi-Fi Notification'.
To increase the Firewall security you can always switch the option OFF for 'Don't detect changes in digitally signed applications' so you will be notified about each application trying to connect regardless if that application is digitally signed and recognized.
Regards,0 -
Hey Dan,
Thanks a mil for taking the time to make that post. I found it very educational. Thanks for the links as well. I think my ISP was slacking sometimes and that was why I was experiencing some networking difficulties. After I made my original post, I found that other computers in the house could be struggling as well.
Your comments on how svc.host works are great. I've always wondered about that I would really like to learn more about how my system works for troubleshooting and optimizing purposes.
Thanks again for your time and effort!
Have a great day! " />0 -
Glad to see my posts are so appreciated Feel free to rate all the topics you find useful so all the users reading our forums can find them easier.
To learn how to rate a topic read the link below:
http://forum.bitdefender.com/index.php?showtopic=21270
You can also comment and rate any user / Admin / Moderator by visiting their profile.
If you have any future queries feel free to create a new topic, explain the situation and me or one of my colleagues will answer you ASAP.
Have a nice Sunday!
Yours,0