Re: svchost configuration
Coincidental with the latest ZA free update, my wife's laptop (XP Home SP3) could not longer connect to the internet. She connects, as I do on a home wireless network that links through a router to Cox cable broadband modem. She connects fine to the network, but not to the internet.
After much gnashing of teeth, I finally thought to look at her ZA free settings and found that generic host svchost had red "X" in a'' 4 columns. When I changed this to green arrows, she could connect again. This is a laptop she has used for years and I have no idea why it suddenly changed the svchost settings.
BUT, I do not know what the correct setting for svchost in ZA free should be. Should I allow full access to svchost in all 4 columns - or - is the correct setting something else. As I think I vaguely recall, svchost is generic and could be used by many different processes. How does one set ZA correctly to allow the good processes but not the bad ones?
Thanks for any advice
Windows XP Home Edition
Really am surprised that nobody has yet answered this simple question.
The svchost.exe or the Generic Host Process is needed to access the trusted servers and allow incoming connections from the trusted servers.
Your trusted servers should be the the DNS and DHCP servers.
Both the DHCP and the DNS servers should be entered as Trusted in the Zones of the Firewall of the ZA.
These can be determined by using the ipconfig /all command.
1. Go to Run and type in command and hit 'ok', and in the command then type in ipconfig /all then press the enter key. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side. Make sure there is a space between the ipconfig and the /all, and the font is the same (no capitals).
2. In ZA on your machine on the Firewall, open the Zones tab, click Add and then select IP Address. Make sure the Zone is set to Trusted. Add the DNS IP(s) .
3. Click OK and Apply. Then do the same for the DHCP server.
4. The localhost (127.0.0.1) must be listed as Trusted.
5. The Generic Host Process (svchost.exe) as seen in the Zone Alarm's Program's list must have server rights for the Trusted Zone.
Plus it must have both Trusted and Internet Access.
Extra help is found at Guru Hoov site for the DNS/DHCP.
Next the svchost.exe will need to have internet access for the various usual connections.
But the svchost.exe does not need to have server for the internet.
The svchost.exe does need to allow incoming connections from the time server for the time updater of windows, but most often the ZA will alert for this incoming connection attempt and simply allowing it and use the always will fix this incoming connection events.
Other then that, the svchost.exe does not need to allow incoming connections from the internet.
You could add the entire IP range for the Time servers to the Zones of the Firewall as Trusted and this would eliminate the need for the popup or just for finer user control of the applications and specifically the svchost.exe.
Typically the time-a.nist.gov goes from 220.127.116.11-18.104.22.168. This is the one I use and may not be the same as the same internet time updater that you use.