Jump to content


Photo

Generic Host Process for Win32 Services


  • Please log in to reply
2 replies to this topic

#1 MacDaddy

MacDaddy

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 06 March 2006 - 10:35 AM

Can anyone provide me with some details about what exactly "Generic Host Process for Win32 Services" is, and whether it is something that is required to have access to the Internet through Zone Alarm firewall. Many of the details I hae found through Google do not provide a concrete answer to this question or whether it is something that should be granted access with Zone Alarm.

Incidently, the associated file name through Zone Alarm is svchost.exe, which is a critcal Windows OS component. I suppose the main question is: should this "Generic Host Process for Win32 Services" be granted access in the first place, if so, what type of access should be granted through Zone Alarm Access/Server Trusted/Internet.

Any input would be greatly appreciated.

Mac

#2 GTGT

GTGT

    Member

  • Full Member
  • Pip
  • 20 posts

Posted 06 March 2006 - 01:07 PM

Can anyone provide me with some details about what exactly "Generic Host Process for Win32 Services" is, and whether it is something that is required to have access to the Internet through Zone Alarm firewall. Many of the details I hae found through Google do not provide a concrete answer to this question or whether it is something that should be granted access with Zone Alarm.

Incidently, the associated file name through Zone Alarm is svchost.exe, which is a critcal Windows OS component. I suppose the main question is: should this "Generic Host Process for Win32 Services" be granted access in the first place, if so, what type of access should be granted through Zone Alarm Access/Server Trusted/Internet.

Any input would be greatly appreciated.

Mac


Hi MacDaddy,

Generic Host Processes are a generic laundry list of services Microsoft uses for XP. Many of them are associated with Network applications (communicating locally or through the Internet) so the short answer is yes. You should allow access. In some very rare cases a virus can replace one of these host services with a fake file but any good antivirus program would catch this easily.

Here is a longer version (a sort of primer) of what I summarized above:

Terminology:

Host: This is another name for the computer itself.
Process: This is a program running on your computer.
Service: This is a program that runs invisibly in the background. The main difference between a service and an ordinary application is that a service will load and start running whether or not you log into Windows.


A generic host process is a name that Windows gives to many different services running on the computer that don't have any other name. An example of a generic host process is svchost.exe. Should you block a generic host process?

Typically svchost or any of the other generic host processes should be permited, at least temporarily.

Please be aware that some viruses and/or Trojans can infect or replace svchost.exe, so svchost.exe then becomes a virus. However, any modern antivirus software can detect when svchost.exe (or any other generic host process) becomes a virus, and stop it from doing any harm. We recommend scanning your computer for viruses at least once a week.

Is there a way to see a list of the services being associated with svchost?

If your operating system is Windows XP then you can view a list of the services using the following instructions.

Click on the Start button and go to the Run line. Type "cmd" without the quotation marks and click the "OK" button. Type "tasklist /svc" (without the quotation marks). Hit the "Enter" button on your keyboard to run the above command


MacDaddy, Microsoft lists the names of some of these services in the link below. You'll be able to see that it includes things like Broswer, Net, Messenger, and DNS caching services, all which need to communication through your firewall.


http://support.micro...b;en-us;Q314056


Good Luck,
GT

#3 MacDaddy

MacDaddy

    Member

  • Full Member
  • Pip
  • 66 posts

Posted 06 March 2006 - 02:11 PM

Hi GTGT,

Thanks for your reply and your explaination is exactly what I was looking for. I am highly security consicious with my PC and am aware of some of the problems with svchost (although I was not aware that viruses where capable of replacing svchost in the Windows system folder). After posting my original message I decided to play around with the firewall settings for Generic Host Process for Win32 Services and noticed that denying it access to the Internet through the firewall renders, amoungst other things, my wireles router in capable of connecting to the Internet. It also seems "Generic Host Process for Win32 Services" only needs be granted Access and not server rights in the Zone Alarm firewall.

Thanks once again.

Mac




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button