Just wondering if there is any reason to have System or Svchost on the block list for a firewall? For instance could some malware call itself one of these to get round a firewall? I've got SVChost blocked and i still have full connectivity, any reason why it should want to access the internet? For some reason it keeps trying to contact various Network Information Centres around the globe
Isn't svchost the process/service which DNS uses? Also, doesn't Windows Update and other key services use svchost? This explains what it is: http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-why-is-it-running/. Whilst referring to Vista, the general principles apply to Windows 7.
Well I don't seem to have any issues with either so far, can update and access other computers on the network.
afaik Windows Update and the Windows Time Service use svchost to connect to the internet. Try a manual windows Update and see if it still works. It only needs outbound.
All my updates are done manually anyway, and I've just manually updated the windows time service, last successful auto update was 1am.
ahh that seems to be the case, all the logged blocked connections for it are inbound only. I've always been slightly suspicious of svchost as there are so many instances that appear in the task manager, If i was going to attempt to write some malware it would be the first thing i'd try to infiltrate so when commodo asked me if I wanted to block it I said yes.
