Re: Tiny Personal Firewall and XP SVCHOST.EXE

From: Harri Pesonen (fuerte@pp.inet.fi)
Date: 12/15/01 

From: "Harri Pesonen" <fuerte@pp.inet.fi>
Date: Sat, 15 Dec 2001 18:33:28 GMT

Also there is a TASKINFO.EXE in XP that shows:

> tasklist /svc

svchost.exe 888 RpcSs
svchost.exe 952 AudioSrv, Browser, CryptSvc, Dhcp,
dmserver,
                                 ERSvc, EventSystem,
                                 FastUserSwitchingCompatibility, helpsvc,
                                 lanmanserver, lanmanworkstation, Messenger,
                                 Netman, Nla, Schedule, seclogon, SENS,
                                 ShellHWDetection, srservice, TermService,
                                 Themes, TrkWks, uploadmgr, W32Time,
winmgmt,
                                 WmdmPmSp, wuauserv, WZCSVC
svchost.exe 1096 Dnscache
svchost.exe 1108 LmHosts, RemoteRegistry, SSDPSRV, WebClient 

--
Harri Pesonen
http://www.sci.fi/~fuerte/
You should not underestimate the power of thickness - Kaoru Iwamoto

"Harri Pesonen" <fuerte@pp.inet.fi> wrote in message
news:9LJS7.108$Tg.31287@read2.inet.fi...
> SVCHOST.EXE is a program that is used to run several applications (Generic
> Host Process for Win32 Services). Usually there are several SVCHOST
> processes running at the same time in an XP system. Currently I have:
>
> C:\WINXP\system32\svchost -k rpcss
> C:\WINXP\system32\svchost -k netsvcs
> C:\WINXP\system32\svchost -k NetworkService
> C:\WINXP\system32\svchost -k LocalService
>
> Unfortunately TPFW does not distinguish between these processes, it only
> says that SVCHOST is accessing the network. I am wondering if there is a
fix
> coming or if some other program handles this case better? Now this is a
> security risk, because a trojan can run its own DLL using SVCHOST.
>
> --
> Harri Pesonen
> http://www.sci.fi/~fuerte/
> You should not underestimate the power of thickness - Kaoru Iwamoto

Relevant Pages
Quantcast