Results 1 to 3 of 3

Thread: Using the aegis of Svchost.exe's security settings?

  1. #1
    jjames Guest

    Default Using the aegis of Svchost.exe's security settings?

    How can I install applications without fear that they will piggyback onto the svchost's settings to carry out covert communications. Is there a one-to-one correspondence between applications running under svchost.exe and those that appear in the list of services seen w/ the services list in the administrative tools? Is there any special functionality within Zone Alarm to help distribute privileges in a more granular fashion?

    Thanks,
    JJ

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Antivirus

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Using the aegis of Svchost.exe's security settings?


    <blockquote><hr>jjames wrote:
    How can I install applications without fear that they will piggyback onto the svchost's settings to carry out covert communications. Is there a one-to-one correspondence between applications running under svchost.exe and those that appear in the list of services seen w/ the services list in the administrative tools? Is there any special functionality within Zone Alarm to help distribute privileges in a more granular fashion?

    Thanks,
    JJ

    Operating System:
    Windows XP Pro
    Product Name:
    ZoneAlarm Antivirus

    <hr></blockquote>


    See http://support.microsoft.com/kb/314056 and use in the command prompt tasklist /svc /fi imagename eq svchost.exe for a breakdown of the svchost used.

    For the most part the RPC will be needed for networking to work (and a few others too). But for the most part the svchost.exe does the domian name host lookups for everything both the window applications and supported application. This plus the time updater is the most common and continuous internet connections made by the svchost.exe.

    The time updater can be set to manual and then it will not run in the background or the update attempts will occur only when you do it manually.
    The DNS lookups can be changed, in windows, to make the individually supported software to perform their own DNS lookups instead of making windows (svchost.exe) do it for them.
    To do this, basically lock in the gateway, dns servers and the assigned IP in the Properties of the Internet Protocol (TCP/IP) and disable both the DNS and DHCP Client services. This should be followed up with locking in the PC's IP in the router (along with the MAC of the network card).

    Disabling the UPnP and the SSDP services with quiet it down further (although these are just for the local network).

    Svchost.exe will on every windows startup do a broadcast (255.255.255.0) to the DHCP server (your router or gateway) by default and connect out to the local network. Plus it will do multicast (UPnP and SSDP).
    But if the router has the PC locked in by IP and it is MAC'd in, then the PC's assigned IP is now static not dynamic. And once the IP and the gateway and dns IPs are locked in the Properties of the Internet Protocol (TCP/IP), then there is no further need for either the broadcast or multicast. The multicast and the broadcast then can be both unchecked in the Custom of the Firewall. The need for discovering the gateway (DHCP) on every startup is no longer needed as windows know what it is beforehand. Or the multicast (if not needed or the firewall is configured properly for the other netwok devices/PCs)

    Unless you do some file sharing or have networked devices on the LAN that experience constant changes.
    OR IF this is a laptop that changes local network frequently - then the need of the DNS and DHCP Client services is always present and the above does not apply and should be just left alone untouched.

    Cheers.
    Oldsod.
    Best regards.
    oldsod

  3. #3
    jjames Guest

    Default Re: Using the aegis of Svchost.exe's security settings?

    I'm awfully sorry for reviving a dead thread, but after reading your absolutely awesome reply, I absolutely had to thank you.

    Thank you.

    -JJ

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •