ESET Blocked svchost.exe?

[Viegaard]

Hello!

It says Blocked: Microsoft Windows : C:\Windows\System32\svchost.exe

Remote Adress: (not typing it here) - Dest Port 1900 ' UDP - Direction IN - Count: 4

Communication denied by rule Block incomming SSDP (UPNP) requests for svchost.exe

---------------

So I assume since it's from Windows I should allow it? I just installed ESET Smart Security and that is one of the things the Firewall blocked - The others I know should'nt be allowed - But this one I am unsure of.

/ V.

 

[aford10]

That looks a little suspicious. That port can be used to do remote installs, though it is the correct location for that process. Try running malwarebytes and combofix to see if they pick up any threats.

 

[Viegaard]

That looks a little suspicious. That port can be used to do remote installs, though it is the correct location for that process. Try running malwarebytes and combofix to see if they pick up any threats.

But isnt SVChost.exe a Microsoft file?

Malwarebytes find nothing. Did a scan.

 

[aford10]

Yes, that is normally a legit piece of the OS, but is often faked in malware. Though, not saying it is for sure just yet.

Try combofix.

I'm not concerned by the process so much, since it's the correct install directory. It's more so the port it's trying to access.

 

[Viegaard]

Yes, that is normally a legit piece of the OS, but is often faked in malware. Though, not saying it is for sure just yet.

Try combofix.

I'm not concerned by the process so much, since it's the correct install directory. It's more so the port it's trying to access.

Well. At first I made a rule saying it was allowed. But I have no removed the rule. It havent tried to gain access since though.

Whats the legit link to Combofix? I see alot of options when I google it.

 

[aford10]

http://www.bleepingcomputer.com/download/combofix/

 

[Viegaard]

http://www.bleepingcomputer.com/download/combofix/

Should Windows Firewall be enabled with ESET Smart Security? (It has a Firewall)

 

[aford10]

It's not normally recommended to run more than one software firewall at the same time. One or the other would be fine.

 

[Viegaard]

It's not normally recommended to run more than one software firewall at the same time. One or the other would be fine.

Its just when I go into Control Panel and then Windows Firewall.

The button Turn ON/OFF is not clickable and there is a "Run as Admin mode" logo next to it, cant click that either. How do I turn it off?

UPDATE: It says this service is being Managed by ESET Antivirus. So I assume ESET has disabled it.

 

[aford10]

Correct. Because it's not recommended that more than 1 software firewall run at the same time, most will disable the built in firewall when installed.

 

[Viegaard]

Correct. Because it's not recommended that more than 1 software firewall run at the same time, most will disable the built in firewall when installed.

Combofix gives me a few problems. 1. It wants me to close ALL my antivirus - Is this really safe?

And 2. People all-over the internet say I can do damage with it if not used correctly, and I am not an advanced user.

 

[aford10]

Yes, it will ask you to temporarily close your AV. It will still run if you don't, but yes, that is safe to exit out temporarily.

People that say it's dangerous if you're not an expert don't know what they are talking about. Once you run the program, there is no user interaction. It runs and automatically removes any found threats, and then reboots your computer. Once it reboots, it will display the summary of what it did. The only danger would be if you had pirated software.