svchost being a pain and outpost firewall rules

  hugh-265156 21:57 19 Nov 2003

hi all.

ntl 600k,xp home edt/outpost(running in rules mode)/avg/and the whole caboodle installed and up to date.

i have a problem with svchost.outpost firewall is saying its wanting to go online.this has happened twice,yesterday and today.

both times it was requesting a connection with a different ip address.i didnt write it down sorry,must try harder :-)

this was yesterday evening around 18.30hrs did a quick whois and traceroute and was none the wiser so blocked it.

turned computer off as i had to nip out and on switching back on could not connect to the internet,no google/email etc.

remembered i had blocked svchost so of i trotted to outposts application rules.removed it from the blocked list but did not allow it access.result? internet access again.

did a quick scan with avg,adaware,spybot,swatit,checked my running processes and all came up clean apart from the usual and a few cookies.didnt worry to much about it.

it happened again this evening around the same time,blocked it again and continued what i was doing(browsing here)no problems.

turned of my computer about an hour or so later as had to nip out again and once again on starting it up,no internet access.

so what to do? removed it from the blocked list again and i had internet access once more.popped over to gibson research and ran a scan of common ports click here and found out i can create this effect when this scan runs,svchost requests a connection.

normally(for those of you who are unfamiliar with it)outpost firewall in rules mode will ask for an action to be taken ie/

allow all for this app

block all for this app

create rules for...

the create rules for is normally what i decide to choose as it,most of the time picks something like "browser" and gets on with its job.

these two occaisions however it has "create rules using other"then i have to chose"if the protocall is? if the direction is?allow? block? reject?with various tick boxes.

if i allow it,shields up says port 1025 is open.and my firewall fails the test.if i block it,i pass with stealth and can continue browsing untill i restart the computer,then my internet connection is lost.

if i reject it i also pass but as above,once i restart,same thing.

nothing in event viewer re internet connection etc.i thought there may be some pointers here but alas no.

im thinking this is just ntl renewing my lease or similar but dont want to allow someting that is leaving port 1025 wide open.

sorry for the waffle,any ideas on what it could be and how i should set up this rule properly.

and why has it only started happening? i have not installed anything or changed services configuration etc.


  [DELETED] 22:16 19 Nov 2003

As I'm sure you know svchost is a generic host process for services that are run from dynamic-link libraries (DLLs). In other words it could be anything that is trying to "phone home".

All I can suggest is that you do an online scan for viruses using a different AV e.g. click here run Ad-aware and Spybot and to a search for trojans using The Cleaner click here

  hugh-265156 22:24 19 Nov 2003

sorry vog,thought i said above i ran both avg,spybot and adaware(up to date)

i did say that(read man! lol!)

just running symantec online scan now,will have results shortly.

  [DELETED] 22:27 19 Nov 2003

Sorry, I missed your 8th paragraph. Eye test due next summer!

  hugh-265156 22:30 19 Nov 2003


just remembered i copied the address to a text file.

head like a sieve sorry.the last connection request was to:


  powerless 22:33 19 Nov 2003

Deny it and leave it.

If there are any problems then you'll know about it.

  hugh-265156 22:37 19 Nov 2003

thats what i have been doing.but when i restart the computer(as said above)i have no internet connection and have to remove it from the blocked list again.

if i allow it then port 1025 is wide open.

  powerless 22:38 19 Nov 2003

"Zonnet internet is one of the largest ISP in the Netherlands (Rotterdam)"

  hugh-265156 22:50 19 Nov 2003

ok symantec online scan has just gave me the all clear as have spybot/avg/adaware and swatit

netherlands ok,i can understand the whole "handshakes" thing goin on,with all sorts trying to connect whilst online but why if i deny svchost access to this isp do i get cut of when i restart?

  hugh-265156 22:56 19 Nov 2003

had a look see in

HKEY_LOCAL_MACHINE_SYSTEM\currentcontrolset\services and nothing out of the ordaniary here either.(not as if i would really know if there was lol!)

  hugh-265156 23:52 19 Nov 2003


This thread is now locked and can not be replied to.

Elsewhere on IDG sites

How to watch the World Cup for free on TV and online

Adobe's brand-new video editing app Project Rush works across your computer, tablet and phone

Best external graphics cards (eGPUs) for Mac

Les meilleurs jeux pour Android (2018)