xopx

svchost.exe - all allowed and EIS shows popup anyway

Recommended Posts

Hi,

 

I have the same problem. All connections are allowed, but the alert keeps poping up. I have EIS 11.0.0.5911, beta updates on.

 

 

Here are my hashes for svchost.exe:
MD5: 54A47F6B5E09A77E61649109C6A08866
SHA-1: 4AF001B3C3816B860660CF2DE2C0FD3C1DFB4878

 

Best regards,

 

Martin

Share this post


Link to post
Share on other sites

I noticed a week ago after some updates svchost.exe started displaying Protocol 2 : Port 0, when connecting,

i looked it up in the EIS firewall logs and I believe it was listed as an [iGMP]

 

Also, you are showing us whats in your "Incoming" connections, and although the dialog says its

trying to receive incoming data, I believe its actually an "Outgoing" connection, so you should display

whats in your outgoing connections.

 

I typically see this port try to connect, only when your Internet connection is trying to be made.

So your machine coming from a sleep is most likely trying to connect to the internet.

10:05:47.510    1476  FWEVT: [EFW]: [WFP] [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 Connection attempt
10:05:47.510    1476  FWSRV: ResolutionRequestSubCallback Proto=2; Dir=2; Local=169.254.217.249:0; Remote=224.0.0.22:0; Proc=4; App="System"; IPV6=0
10:05:47.510    1476  FWEVT: [EFW]: [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 No app rule found, asking for resolution
10:05:47.510    1476  FWEVT: [EFW]: [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 Asking for resolution
10:05:47.510    1476  FWEVT: [EFW]: [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 Asking...

Share this post


Link to post
Share on other sites

Here are my hashes for svchost.exe:

MD5: 54A47F6B5E09A77E61649109C6A08866

SHA-1: 4AF001B3C3816B860660CF2DE2C0FD3C1DFB4878

That's the legitimate svchost.exe from Microsoft (32-bit version from Windows 7 from what I am seeing).

Has anyone noticed if this issue was addressed by our latest beta version? If you haven't tried the beta yet, then here's how to install it:

  • Open Emsisoft Internet Security.
  • Click on Settings in the menu at the top.
  • Click on Updates in the menu at the top.
  • On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list.
  • Click on the Update now button on the right side.

Share this post


Link to post
Share on other sites

I had that rule blocked for quite a while so I can't really say,

for me it happened intermittently and only when connecting.

I'm guessing Protocol 2 was an unlisted rule for IGMP

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.