What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svchost.

Hello

I have just started getting ridiculous amounts alerts from my firewall
program (ZoneAlarm by ZoneLabs), which say that it had blocked
'Generic Host Process for Win32' from accepting a connection from
the internet. When I look in the program list in ZoneAlarm I see that
this program 'Generic Host Process for Win32 Services' with file
name/path C:\WINDOWS\system32\svchost.exe is set not to allow it to
have server permission for the Internet Zone. It is however set to have
access permission.

I don't know what this program is, but does it require server
permission for the Internet zone to work properly?

Also when ZoneAlarm says 'blocked...from accepting a connection from
the internet' does this mean the program in question was trying to
act as a server? (I assume that if it were to accept a connection from
the internet this would imply that it had not made the connection
request itself and so would be trying to act as a server but not sure).

I don't know what has caused ZoneAlarm to suddenly act like this.
Before this happened I had installed xampp (so that I can use my
computer as a server to test php pages) but I don't see how this
could have affected ZoneAlarm. Also I had decided to have a closer look
at ZoneAlarm just before this happened but didn't notice making any
changes to it whatsoever.

Is it safe to change 'Generic Host Process for Win32 Services' so it
has server permission for the Internet Zone? And if it is why didn't
it need to do this before?

Any help most welcome!

AM

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

wrote in message
news:1161641233.385104.225140@h48g2000cwc.googlegroups.com.. .
> Hello
>
> I have just started getting ridiculous amounts alerts from my firewall
> program (ZoneAlarm by ZoneLabs), which say that it had blocked
> 'Generic Host Process for Win32' from accepting a connection from
> the internet. When I look in the program list in ZoneAlarm I see that
> this program 'Generic Host Process for Win32 Services' with file
> name/path C:\WINDOWS\system32\svchost.exe is set not to allow it to
> have server permission for the Internet Zone. It is however set to have
> access permission.

It seems your personal FW or better yet a machine level packet filter, it's
not a FW, has it's Application Control complaining about nothing and has you
paranoid.
>
> I don't know what this program is, but does it require server
> permission for the Internet zone to work properly?

I suggest you get a book on the XP O/S and find out what the Svchost.exe
that's running out of C:\Windows\system32, the legit folder for svchost.exe
to be running from, is about, along with finding out other things about the
XP O/S. You can also search Google for "Generic Host Process for Win32
Services" or "Svchost.exe", as Google is your friend.

>
> Also when ZoneAlarm says 'blocked...from accepting a connection from
> the internet' does this mean the program in question was trying to
> act as a server? (I assume that if it were to accept a connection from
> the internet this would imply that it had not made the connection
> request itself and so would be trying to act as a server but not sure).

Svchost.exe never acts on its own. It acts on the behalf of other programs
that want to communicate with each other, whether that be a legit or
non-legit reason.
>
> I don't know what has caused ZoneAlarm to suddenly act like this.
> Before this happened I had installed xampp (so that I can use my
> computer as a server to test php pages) but I don't see how this
> could have affected ZoneAlarm. Also I had decided to have a closer look
> at ZoneAlarm just before this happened but didn't notice making any
> changes to it whatsoever.

Well, there you go and it's the worthless App Control in ZA that's doing
it. Is it giving you any indication as to what remote IP that it's trying to
connect to or is it a generic message and ZA doesn't know if the
communications is between two programs running on the machine?

Now, you have something that's running on the computer that's acting as a
server software, which may be using Svchost.exe, the messenger for O/S and
other such programs that must communicate and allows them to communicate
with each other, to switch and act as a possible client and a server.

>
> Is it safe to change 'Generic Host Process for Win32 Services' so it
> has server permission for the Internet Zone? And if it is why didn't
> it need to do this before?

See above and put the machine behind the protection of a cheap NAT router,
as you don't have to worry about what Svchost.exe is doing and ZA is whining
about, if the machine is acting as a server.

http://www.homenethelp.com/web/explain/about-NAT.asp
>
> Any help most welcome!

You can use Process Explorer (free) use Google and it will tell you all the
hidden/processes a program such as svchost.exe or other programs/processes
has piggy backing off of it. You can use PE to make a determination
everything running with an hosting program is legit or not legit as malware
can use svchost.exe too.

If svchost.exe is not running out of C:\WINDOWS\system32, then it's a
Trojan.

http://labmice.techtarget.com/articles/winxpsecuritychecklis t.htm

You should stop depending upon ZA to tell you what's happening as it can be
easily fooled and beaten. You should look around for yourself and understand
what's happening.

Duane :)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

wrote in message
news:1161641233.385104.225140@h48g2000cwc.googlegroups.com.. .
: Hello
:
: I have just started getting ridiculous amounts alerts from my firewall
: program (ZoneAlarm by ZoneLabs), which say that it had blocked
: 'Generic Host Process for Win32' from accepting a connection from
: the internet. When I look in the program list in ZoneAlarm I see that
: this program 'Generic Host Process for Win32 Services' with file
: name/path C:\WINDOWS\system32\svchost.exe is set not to allow it to
: have server permission for the Internet Zone. It is however set to
have
: access permission.
:
: I don't know what this program is, but does it require server
: permission for the Internet zone to work properly?
:
: Also when ZoneAlarm says 'blocked...from accepting a connection from
: the internet' does this mean the program in question was trying to
: act as a server? (I assume that if it were to accept a connection from
: the internet this would imply that it had not made the connection
: request itself and so would be trying to act as a server but not
sure).
:
: I don't know what has caused ZoneAlarm to suddenly act like this.
: Before this happened I had installed xampp (so that I can use my
: computer as a server to test php pages) but I don't see how this
: could have affected ZoneAlarm. Also I had decided to have a closer
look
: at ZoneAlarm just before this happened but didn't notice making any
: changes to it whatsoever.
:
: Is it safe to change 'Generic Host Process for Win32 Services' so it
: has server permission for the Internet Zone? And if it is why didn't
: it need to do this before?
:
: Any help most welcome!
:
: AM
:

Hello, AM

I doubt that you'll get any serious help in this newsgroup. It seems to
have been hi-jacked by firewall haters.

Your best bet for answers would be ZoneLabs User Forums. The link is
inside the Help pages in ZoneAlarm interface. Another good resource is
the Windows XP forums at Microsoft.com. Check them out. Meanwhile,
don't give any programs server permission unless you know what it is and
why it needs it. Good luck.

charlie R

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

"charlie R" wrote in message
news:ehk17m$gc1$1@pscinews.psci.net...
>
> wrote in message
> news:1161641233.385104.225140@h48g2000cwc.googlegroups.com.. .
> : Hello
> :
> : I have just started getting ridiculous amounts alerts from my firewall
> : program (ZoneAlarm by ZoneLabs), which say that it had blocked
> : 'Generic Host Process for Win32' from accepting a connection from
> : the internet. When I look in the program list in ZoneAlarm I see that
> : this program 'Generic Host Process for Win32 Services' with file
> : name/path C:\WINDOWS\system32\svchost.exe is set not to allow it to
> : have server permission for the Internet Zone. It is however set to
> have
> : access permission.
> :
> : I don't know what this program is, but does it require server
> : permission for the Internet zone to work properly?
> :
> : Also when ZoneAlarm says 'blocked...from accepting a connection from
> : the internet' does this mean the program in question was trying to
> : act as a server? (I assume that if it were to accept a connection from
> : the internet this would imply that it had not made the connection
> : request itself and so would be trying to act as a server but not
> sure).
> :
> : I don't know what has caused ZoneAlarm to suddenly act like this.
> : Before this happened I had installed xampp (so that I can use my
> : computer as a server to test php pages) but I don't see how this
> : could have affected ZoneAlarm. Also I had decided to have a closer
> look
> : at ZoneAlarm just before this happened but didn't notice making any
> : changes to it whatsoever.
> :
> : Is it safe to change 'Generic Host Process for Win32 Services' so it
> : has server permission for the Internet Zone? And if it is why didn't
> : it need to do this before?
> :
> : Any help most welcome!
> :
> : AM
> :
>
> Hello, AM
>
> I doubt that you'll get any serious help in this newsgroup. It seems to
> have been hi-jacked by firewall haters.
>
> Your best bet for answers would be ZoneLabs User Forums. The link is
> inside the Help pages in ZoneAlarm interface. Another good resource is
> the Windows XP forums at Microsoft.com. Check them out. Meanwhile,
> don't give any programs server permission unless you know what it is and
> why it needs it. Good luck.
>

http://www.apachefriends.org/en/xampp-windows.html

This person has installed a Web server using services that communicate with
SVChost.exe. If one is going to do something like that, then one should know
what he or she is doing not only with the software, but with the O/S as
well.

If the person has a choice, then he or she should go behind the protection
of a NAT router, at the very least, in trying to protect those services. If
the person wants to use ZA, then use it on the machine behind a NAT router
and get it off of a direct connection to the Internet, no appliance between
the modem and the computer, as it's nothing but hack bait. The pserson
should disable ZA's App Control too as it's worthless.

Duane :)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the filename/path C:/WINDOWS/system32/svcho

Leythos wrote:

> I wonder why the group trolls don't build a response that clearly tells
> people how to secure their entire computer system without the use of
> third-party tools...... Oh, wait, I already know, it's because you can't
> secure a computer against all that people are exposed too, and nothing
> they rant about really helps the nontechnical user because they don't
> ever tell the user how to do anything - they just rant about how third-
> party solutions are bad, windows firewall good, grunt.
>
> If they put half as much energy into building a FAQ that could be posted
> every month, they might actually be helping people, but they appear to
> be to stuck on how important they think they are than to spend real time
> helping real people.

Finally, the voice of reason ;-)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

prophet wrote:
> Leythos wrote:
> > I wonder why the group trolls don't build a response that clearly tells
> > people how to secure their entire computer system without the use of
> > third-party tools......
> Finally, the voice of reason ;-)

http://ntsvcfg.de/ntsvcfg_eng.html

HTH, HAND,
VB.
--
"Ich lache nie."
Besim Karadeniz in d.c.s.m.

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Leythos wrote:
> In article <453e00c0@news.uni-ulm.de>, bumens@dingens.org says...
>> http://ntsvcfg.de/ntsvcfg_eng.html
[...]
> Oh, and you should change this statement under (5) Activate the XP-
> Firewall "The advantage of this firewall is a very simple configuration
> and a low risk of unauthorized changing the configuration (i.e.
> parameters, rules)."
>
> It should read - "The DISADVANTAGE of this firewall is that it has been
> shown that many applications will insert exceptions in the Windows XP
> firewall without your permission and without warning, you should check
> the Exceptions list frequently. The Windows XP firewall is a minimal
> level of protection and should not be considered reliable."

What Leythos keeps ignoring is that a) this can only happen when the
user has admin privileges, and that b) malware running with admin
privileges can inject ANYTHING in ANY software running on the host.
Including the oh-so-reliable personal firewalls he promotes so
vigorously.

Instead of using useless software one should (unlike Leythos) rather NOT
ignore point (1) of that list of measures: "For daily use only work with
user-rights and no time as an administrator. Also use NTFS as file
system to set proper rights and protect your PC against 'malware' like
dialer."

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Leythos wrote:
> Yea, but they've KF me along ago, since it's sooo very easy to punch
> holes in their methods/ideals, to prove they are not helping anyone
> with their lack of useful information, etc....

You serioulsy need a reality-check.

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the filename/path C:/WINDOWS/system32/svcho

prophet wrote:
> Leythos wrote:
>
>> I wonder why the group trolls don't build a response that clearly
>> tells people how to secure their entire computer system without the
>> use of third-party tools...... Oh, wait, I already know, it's because
>> you can't secure a computer against all that people are exposed too,
>> and nothing they rant about really helps the nontechnical user because
>> they don't ever tell the user how to do anything - they just rant
>> about how third-
>> party solutions are bad, windows firewall good, grunt.
>>
>> If they put half as much energy into building a FAQ that could be
>> posted every month, they might actually be helping people, but they
>> appear to be to stuck on how important they think they are than to
>> spend real time helping real people.
>
> Finally, the voice of reason ;-)

AMEN to that. Nothing worse then smart ass trolls except possibly porn
spammers.

Re: What is Generic Host Process for Win32 Services with the filename/path C:/WINDOWS/system32/svcho

And what about top posters ;-)


Gary wrote:
>
> prophet wrote:
>> Finally, the voice of reason ;-)
>
> AMEN to that. Nothing worse then smart ass trolls except possibly porn
> spammers.

Re: What is Generic Host Process for Win32 Services with the file name/path C:/WINDOWS/system32/svch

Post removed (X-No-Archive: yes)

Re: What is Generic Host Process for Win32 Services with the filename/path C:/WINDOWS/system32/svcho

Wilf wrote:
> And what about top posters ;-)
>
>
> Gary wrote:
>>
>> prophet wrote:
>>> Finally, the voice of reason ;-)
>>
>> AMEN to that. Nothing worse then smart ass trolls except possibly porn
>> spammers.

Actually - top posting has never bothered me. I hate having to scroll
down to the bottom of a gigantic page to see a 2 word post.

gar

Re: What is Generic Host Process for Win32 Services with the filename/path C:/WINDOWS/system32/svcho

Gary wrote:

> Actually - top posting has never bothered me. I hate having to scroll
> down to the bottom of a gigantic page to see a 2 word post.

That's just poor quoting etiquette ;)