Svchost.exe - program security - inbound/outbound

From: Patricia (anonymous_at_discussions.microsoft.com)
Date: 03/28/04 

Date: Sat, 27 Mar 2004 19:28:12 -0800

Hope this is the right section of this newsgroup. I have
an ADSL connection and my firewall (Norton Internet
Security 2003) is always running. I frequently get a
window titled "Program Security" asking me what I want to
do. Here are the contents of a typical window:
"A remote system is attemtping to access Microsoft
Generic Host Process for Win32 Services on your computer.
Program: C?'WINDOWS/System32/svchost.exe
Protocol: UDP (Inbound)
Remote Address: 219.150.118.38 : 2997
Local Address: All local network adapters : 1026
What do you want to do?
Permit (recommended) [other choices are "block"
and "manually configure Internet access"]"

This happens so often that I'm beginning to wonder, given
all the recent security scares, whether I should be
clicking on "Permit". I checked out this particular the
remote address and it is in China, which makes me wonder.

I'm simply not technically savvy enough to figure this
out. I've read Microsoft Knowledge Base Article 314056
and I've followed the instructions to run "CMD.EXE" but
when I type "Tasklist /SVC" I get the message "'Tasklist'
is not recognized as an internal or external command,
operable program or batch file."

Can anyone tell me how I can determine whether it's safe
to click on "Permit" just because NIC says
it's "Recommended"? I really don't know what I'm
permitting.

Thanks
Patricia

Relevant Pages

  • Remote DCOM call something to worry about?
    ... Security 2002, which I update weekly through Symantec's subscription service. ... the popup says that a ... The default option is to PERMIT the access -- probably because NIS ... which I know to be the Windows remote procedure call program. ...
    (microsoft.public.security)
  • change the default of remote
    ... from the internet, when I want to sign in it's ... how can I change the name of remote, for a little-- security through ...
    (microsoft.public.windows.server.sbs)
  • [NT] Vulnerability in Microsoft Data Access Components Allows Code Execution (MS07-009)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... this vulnerability by preventing Active Scripting and ActiveX controls ... mode sets the security level for the Internet zone to High. ...
    (Securiteam)
  • Testimony of Jeff Schmidt, CEO, Authis
    ... Examining the Security Implications of Proposed Online Gambling Regulation ... recognized expert on issues related to online identification and authentication, ... authentication, and age verification. ... individual using The Internet. ...
    (rec.gambling.poker)
  • << SBS news of the week 12/6/2004>>
    ... Simply connecting to the Internet — and doing ... You would NEVER set up a server with file and printing sharing ports ... McAfee says 'Skulls' mobile security threat still low ... ISPs raise the stakes on DDoS attacks ...
    (microsoft.public.backoffice.smallbiz2000)
Loading