Welcome to Smokey's Security Forums.
Guests have only limited access to the board and it's features, please consider registering to gain full access!
Registration is free and it only takes a few moments to complete.

Smokey's Security Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Sony recalls VAIO F11 and CW2 Series : Burn hazard

Sony has issued a recall for its F11 and CW2 series notebook PCs and is offering a firmware update to fix an overheating problem.

Burn hazard: Sony recalls VAIO F11 and CW2 Series

Multilingual OTL (OldTimer ListIt) Log Analysis * Multilingual OTL Tutorials * OTL Downloads * Malware Removal * Microsoft Security Info & Alert Center * Official Jetico Inc. Support Forums

Share this topic on FacebookShare this topic on MySpaceShare this topic on Del.icio.usShare this topic on DiggShare this topic on RedditShare this topic on StumbleUponShare this topic on TwitterAuthorTopic: Suggestions for Jetico2 - post Feature Requests here!  (Read 14879 times)

0 Members and 1 Guest are viewing this topic.

pcaca

  • Full Member
  • **
  • Offline Offline
  • Posts: 12
Re: svchost.exe
« Reply #20 on: January 28, 2007, 03:22:59 AM »
Quote from: "egressor"
Recently I've made some rules for svchost after noticing that my computer clock was slow by more than 2 hours  :o

So I created a new table for w32time.  I specified an ip and a port (123).

However creating rules for svchost is a real pain since it runs so many services.

What i'd like to see is someting like the output from tasklist /svc, where the services run by svchost are clearly diferentiated.

I'd seen this in a firewall but I forget which, since i ran most of them at one time or another.


Good point. That would be very useful!

Creating rules for services instead of executable files would be much better, especially for svchost. So, if I create rule for Windows Update Service (HTTP/HTTPS), Jetico will allow HTTP/HTTPS connections only for svchost.exe instance which is runing Windows Update sevice and other istances like DNS Client should be denied from accessing HTTP/HTTPS. This way we will have better security and better organization of rules.
 

* Permissions
You can't post new topics.
You can't post replies.
You can't post attachments.
You can't modify your posts.
 BBCode Enabled
Smilies Enabled
[img] Enabled
HTML Disabled


Except where otherwise stated, all content © 2006 - 2010 Smokey Services™ -- All rights reserved
Design of all board graphics, banners and images by Emma aka Tinker - © 2006 - 2010 Smokey Services™ -- All rights reserved

Security Knowledge-, Alert- & News Center and Comprehensive Microsoft Windows Information & Download Center
Board- and databases search functions and the download of post attachments are only available to registered board members

    

  

Smokey's Security Forums provide full qualified OTL Log Analysis & Cleaning Services in English, German and Spanish language
OTL (OldTimer ListIt) is a flexible, multipurpose, diagnostic, and malware removal tool, it also has some curative ability

Microsoft Security Info & Alert Center: all released Microsoft Security Bulletins, Alerts, Advisories and Vulnerabilities, in real-time