Re: Zone Alarm and "svrhost.exe"

From: jstarr (starrja@hotmail.com)
Date: 10/31/02 

From: "jstarr" <starrja@hotmail.com>
Date: Wed, 30 Oct 2002 17:34:10 -0800

Thanks- this is what I am figuring, too, as I do more
research. Now all I gotta do is figure out what all those
damned little abbreviated names *mean*... Does anyone
have a cheat ***?!?

>-----Original Message-----
>SVCHOST.EXE means you should check the services that are
running in the
>Services applet. One of them may well be the cause.
Knowing the port number
>it's trying to use would be helpful as well.
>
>Windows XP, Office XP, etc. have some known licensing
features where I
>believe the computer tries to contact Microsoft from time
to time. [It's
>been a while, so I'm getting fuzzy on the specifics.]
Windows Media Player
>and other apps may do similar things, I don't know.
>
>I don't care much for Zone Alarm because if a firewall
gives you the user a
>chance to permit a program to access the internet, your
firewall has just
>been compromised.
>
>
>"jstarr" <starrja@hotmail.com> wrote in message
>news:71ff01c28076$2cd99b30$35ef2ecf@TKMSFTNGXA11...
>> Okay- so here's what happened- follow this through:
>>
>> I installed ZoneAlarmPro this morning. It immediately
gave
>> me alerts for Internet Explorer and the ftp client I was
>> using at the time. I said yes to those. Within about an
>> hour, as I was in chat, I got an alert for the
following:
>> Generic Host Process
>> IP 207.46.226.34
>> svchost.exe
>> A quick lookup showed this to be a microsoft IP; I
wasn't
>> real happy about an executable program wanting access,
so
>> I said "No".
>>
>> Less than 30 minutes later, up pops an alert: This
program
>> is asking for server rights- allow it? Same IP, same
name,
>> same description- this time, I checked Do Not Ask Me
Again-
>> and "No". I immediately lost internet connection.
>>
>> So I go into ZA, find it- and give it access, reboot,
and
>> voila`! I am back online. Called my ISP, nice young man
>> there did some research for me- this is what he turned
up:
>>
>> PING 207.46.226.34: 56 data bytes
>> ICMP Communication Administratively Prohibited from
>> gateway
>> iustsecurc1201-ge-6-0.msft.net (207.46.224.195)
>> for icmp from tacacs02 (12.242.25.151) to
time.windows.com
>> (207.46.226.34)
>>
>> ----207.46.226.34 PING Statistics----
>> 5 packets transmitted, 0 packets received, 100% packet
>> loss
>> asettles@tacacs2:~
>>
>>
>> Anyway, Leonard- the ISP techie- said when they looked
it
>> up, it says microsoft, and when they follow that stuff,
it
>> says it is a windows program. Now can someone tell me
why
>> Windows/Microsoft needs server rights for an executable
>> program through my internet connection? I'm connected
>> through AT&T, and they've not run into this before; this
>> is a new puter running XP- any ideas?
>
>
>.
>