Norton Firewall says "permit" but I think it may be wrong

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mandy123

Thread Starter
Joined
Aug 15, 2003
Messages
204
Norton Firewall is suggesting I "permit" the following:

"A remote system is attempting to access Microsoft Generic Host Process for Win32 services. The program is "c:\windows\system32svchost.com."

Is it ok to permit this? It is trying to access the pc every twenty minutes, eventhough I have permitted it a few times.
 
Joined
Oct 26, 2001
Messages
57,793
I would say no.
Do a scan for a virus and post your startup log.
 
Joined
Oct 9, 2001
Messages
9,396
are you sure thats the exact message?
c:\windows\system32svchost.com

svchost is a legit process.
usual rule of thumb.....if you dont know,deny access but dont check the "dont ask me again" box just incase its a needed process.then if things are ok and windows dosent implode,after a week or so check the box and forget.
 
Joined
May 28, 2003
Messages
2,366
I'm confused about the .com instead of .exe after 'system32svchost.' I get confused about a lot of things but what am I missing here? :confused:
 

mandy123

Thread Starter
Joined
Aug 15, 2003
Messages
204
To correct: it is c:\windows\system32\svchost.exe. Not .com. Sorry for the confusion.

I think you are all saying deny, which I will do, but as I said I have permitted it previously b/c Norton suggested I permit it. Is there anything else I should do?

To hewee: there is nothing in the startup log that I don't recognize. In the task manager/processes menu there are four different svchost.exe items. Maybe this means something.
 

mandy123

Thread Starter
Joined
Aug 15, 2003
Messages
204
I forgot to mention I ran Norton AntiVirus and it turned up nothing. Spybot also turned up nothing.
 
Joined
Oct 9, 2001
Messages
9,396
multiple instances of svchost can run at the same time.
it is a legitimate windows process.
just make sure your A/v is up to date and your firewall is running and if you have any doubts come back here and post your H/T logfile.

;)
 
Joined
May 28, 2003
Messages
2,366
I can tell you what I've done in my ZAP firewall. I have granted svchost.exe internet access but I recommend that you not give it server rights. Generic Host Process needs internet access for many services to function as they should. Hope this helps. :)
 
Joined
Oct 26, 2001
Messages
57,793
Why do you need svchost.exe?

I have ZA pro and use Netscape most of the time and IE when I have to but svchost.exe is not even listed in the "program control" because it has never asked to.

I have windows 98se so after doing a search I see that I don't even have the svchost.exe on my PC so that is why it never asked to get online. :rolleyes:
 

mandy123

Thread Starter
Joined
Aug 15, 2003
Messages
204
Every instinct I have screams that there is something on the PC that should not be there. Here is my Hijack This log. It was recently reviewed, but perhaps something has recently been added. Thank you.

Logfile of HijackThis v1.96.2
Scan saved at 9:55:07 PM, on 9/18/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Webshots\WebshotsTray.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://loginnet.passport.com/login....tw=0&fs=1&fsa=1&fsat=1296000&lc=1033&_lang=EN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~1\POPUPS~1.EXE"
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: IMI (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{845D62A6-A15D-4D68-9674-1CA1B3566D8A}: NameServer = 209.244.0.3 209.244.0.4
 
Joined
May 6, 2002
Messages
829
Wow! I'm REALLY disappointed this wasn't ever resolved, because I have the EXACT same problem right now!! (One month after this thread was started.) We just got a new Dell computer with XP Home. It's being constantly pestered by the same thing:
"A remote system is attempting to access Microsoft Generic Host Process for Win32 services. The program is "c:\windows\system32svchost.exe"

Non-stop! I was clicking BLOCK each time, but it was so constant that I finally put these two things on permanent BLOCK on the firewall:
MS Generic Host Process for Win32 Services
AND
svchost.exe

They've been locked up there for a few days. Then...I realized I didn't even know what they are, and I couldn't find out for sure what they even are, and maybe I needed them...so I took them off a little while ago. Probably stupid - and EVEN WORSE, it just popped up & I said PERMIT - - thinking it might be Windows, or MS, or Updates or I don't even know what!! I'm really confused! Google isn't helping me at all.

Since we're in an old thread, I know this might not get any replies, so if you don't mind, I'll repost my question in a separate post AFTER I give it a chance here first. I so wish that mandy123's post had been resolved!

THANKS IF YOU CAN HELP!!
 
Joined
May 28, 2003
Messages
2,366
I see this still is question and unfortunately, I've not got an answer. I too did some searches with poor results. I would like to suggest that you do a 'WhoIs' search on the IP that has been asking access as noted in your firewall.

This could be very benign but I'm surprised I could not find anything about this. This system32svchost.exe is strange. All I could find is:
%SystemRoot%System32Svchost.exe is a generic process name for services that run from dynamic-link libraries (DLLs). When you start Windows XP, Svchost,exe constructs multiple lists of service groupings that need to be loaded. Each instance can run at the same time. Svchost,exe groups are delineated at: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersion
Svchost.
Maybe you should follow your thought about a new thread with the header like: "What is system32svchost.exe?" :confused:
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
As a basic rule

Any svchost outgoing should be allowed
any svchost incoming should be denied

your firewall should automatically let back in what it has let out
 
Joined
Jun 14, 2002
Messages
3,520
Like hewee said NO........Forgive me but I'm in a pissy mood, so many people have norton problems since 3.11 I really can't understand why anyone uses there crappy products.....again JMHO
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top