xopx

svchost.exe - all allowed and EIS shows popup anyway

Recommended Posts

Hi,

 

I have the same problem. All connections are allowed, but the alert keeps poping up. I have EIS 11.0.0.5911, beta updates on.

 

 

Here are my hashes for svchost.exe:
MD5: 54A47F6B5E09A77E61649109C6A08866
SHA-1: 4AF001B3C3816B860660CF2DE2C0FD3C1DFB4878

 

Best regards,

 

Martin

Share this post


Link to post
Share on other sites

I noticed a week ago after some updates svchost.exe started displaying Protocol 2 : Port 0, when connecting,

i looked it up in the EIS firewall logs and I believe it was listed as an [iGMP]

 

Also, you are showing us whats in your "Incoming" connections, and although the dialog says its

trying to receive incoming data, I believe its actually an "Outgoing" connection, so you should display

whats in your outgoing connections.

 

I typically see this port try to connect, only when your Internet connection is trying to be made.

So your machine coming from a sleep is most likely trying to connect to the internet.

10:05:47.510    1476  FWEVT: [EFW]: [WFP] [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 Connection attempt
10:05:47.510    1476  FWSRV: ResolutionRequestSubCallback Proto=2; Dir=2; Local=169.254.217.249:0; Remote=224.0.0.22:0; Proc=4; App="System"; IPV6=0
10:05:47.510    1476  FWEVT: [EFW]: [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 No app rule found, asking for resolution
10:05:47.510    1476  FWEVT: [EFW]: [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 Asking for resolution
10:05:47.510    1476  FWEVT: [EFW]: [IGMP] 169.254.217.249: 0 --> 224.0.0.22: 0 /ssConnect/ (System) PID: 4 Asking...

Share this post


Link to post
Share on other sites

Here are my hashes for svchost.exe:

MD5: 54A47F6B5E09A77E61649109C6A08866

SHA-1: 4AF001B3C3816B860660CF2DE2C0FD3C1DFB4878

That's the legitimate svchost.exe from Microsoft (32-bit version from Windows 7 from what I am seeing).

Has anyone noticed if this issue was addressed by our latest beta version? If you haven't tried the beta yet, then here's how to install it:

  • Open Emsisoft Internet Security.
  • Click on Settings in the menu at the top.
  • Click on Updates in the menu at the top.
  • On the left, under Update Settings, click on the box to the right of Update feed and select Beta from the list.
  • Click on the Update now button on the right side.

Share this post


Link to post
Share on other sites

I had that rule blocked for quite a while so I can't really say,

for me it happened intermittently and only when connecting.

I'm guessing Protocol 2 was an unlisted rule for IGMP

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.