ZA Free and Generic Host Processor

[WILF]

Archived from groups: comp.security.firewalls (More info?)

A couple of times lately, ZA Free has popped up to tell me that Generic
host Processor "wants to act as a server". I have disallowed this -
should I have accepted? Why would svchost want to act as a server? I
presume this means someone or something out there is trying to connect
to my PC?
--
Wilf

 

[Craig]

Archived from groups: comp.security.firewalls (More info?)

"Wilf" <wilf.wilf@wilf21.com> wrote...

>A couple of times lately, ZA Free has popped up to tell me that Generic
> host Processor "wants to act as a server". I have disallowed this -
> should I have accepted? Why would svchost want to act as a server? I
> presume this means someone or something out there is trying to connect
> to my PC?
> --
> Wilf

Hi,

I use ZA Pro which has Smart Defense Advisor that auto configures known
good programs. I see that for Generic Host Process for Win32 Services
(svchost.exe), it grants it access to both the trusted and internet zones
and grants server status for trusted zone while it blocks server status for
internet zone and blocks sending of emails. I hope this helps. I'm not sure
if the free version also has "Trust Level" but if it does, it should be
three green bars, the Super Trust level.

Craig

 

[WILF]

Archived from groups: comp.security.firewalls (More info?)

Craig said ...
>
> "Wilf" <wilf.wilf@wilf21.com> wrote...
>
> >A couple of times lately, ZA Free has popped up to tell me that Generic
> > host Processor "wants to act as a server". I have disallowed this -
> > should I have accepted? Why would svchost want to act as a server? I
> > presume this means someone or something out there is trying to connect
> > to my PC?
> > --
> > Wilf
>
> Hi,
>
> I use ZA Pro which has Smart Defense Advisor that auto configures known
> good programs. I see that for Generic Host Process for Win32 Services
> (svchost.exe), it grants it access to both the trusted and internet zones
> and grants server status for trusted zone while it blocks server status for
> internet zone and blocks sending of emails. I hope this helps. I'm not sure
> if the free version also has "Trust Level" but if it does, it should be
> three green bars, the Super Trust level.
>
> Craig
>
>
>
Thanks, Craig. ZA Free doesn't have this level of sophistication but it
can allow or block internet access for the trusted zone and/or internet
zone and can do the same for server status.
--
Wilf

 

[Craig]

Archived from groups: comp.security.firewalls (More info?)

"Wilf" <wilf.wilf@wilf21.com> wrote in message
news:dhh3i0$7ig$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
> Craig said ...
>>
>> "Wilf" <wilf.wilf@wilf21.com> wrote...
>>
>> >A couple of times lately, ZA Free has popped up to tell me that Generic
>> > host Processor "wants to act as a server". I have disallowed this -
>> > should I have accepted? Why would svchost want to act as a server? I
>> > presume this means someone or something out there is trying to connect
>> > to my PC?
>> > --
>> > Wilf
>>
>> Hi,
>>
>> I use ZA Pro which has Smart Defense Advisor that auto configures known
>> good programs. I see that for Generic Host Process for Win32 Services
>> (svchost.exe), it grants it access to both the trusted and internet zones
>> and grants server status for trusted zone while it blocks server status
>> for
>> internet zone and blocks sending of emails. I hope this helps. I'm not
>> sure
>> if the free version also has "Trust Level" but if it does, it should be
>> three green bars, the Super Trust level.
>>
>> Craig
>>
>>
>>
> Thanks, Craig. ZA Free doesn't have this level of sophistication but it
> can allow or block internet access for the trusted zone and/or internet
> zone and can do the same for server status.
> --
> Wilf

One other thing that ZA Pro does in the Program Control Settings under
SmartDefense is indicate whether the settings were made by ZoneAlarm itself
("System" for Windows Operating system files or "Auto" if its a known good
program) or made by the user by accepting or denying access in which case
it'd be called "Custom". The programs in Program Control listed as Custom
are no better than the guesses of the user while the System and Auto ones
are preconfigured by Zonealarm and hopefully correct. Your Generic Host
issue was a System one so I feel confident to have given you the correct
info.

Craig

PS--I've recently decided that when installing an updated version of
Zonealarm, it's best to do a Clean Installation and start from scratch
rather than to keep the settings from previous versions of ZA. For the
newest version, now v6, even Zonealarm suggests not to keep the old settings
but to do a Clean Installation.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Wilf <wilf.wilf@wilf21.com> wrote in news:dhgvj3$p3d$1
@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com:

> A couple of times lately, ZA Free has popped up to tell me that Generic
> host Processor "wants to act as a server". I have disallowed this -
> should I have accepted? Why would svchost want to act as a server? I
> presume this means someone or something out there is trying to connect
> to my PC?

Svchost.exe Generic Host Process is just the messenger for the O/S and
other non O/S programs that need to communicate on a network such a LAN
or WAN/(the Internet). SVChost acts on the behalf of other programs for
communications and it is not the one who wants communications but only
provides the means for the communication. If you understand the concept
of solicited and unsolicited traffic and how a FW or PFW works with this
concept, then you will know that a program (not svchost.exe) on the
machine has made a solicitation behind the PFW and svchost.exe is
providing the means for the connection.

You should find out what is trying to use the messenger (svchost.exe) and
determine if it is legit or not instead of killing the messenger. Most
likely, it is just another case of Application Control in a PFW solution
whining about nothing.

Duane

 

[WILF]

Archived from groups: comp.security.firewalls (More info?)

Craig said ...
> Your Generic Host
> issue was a System one so I feel confident to have given you the correct
> info.
>
>
Thanks - have set as per this and will see what happens.
--
Wilf