SVCHOST.EXE.936 in/out summary only

[Escalader]

Here is a log entry from W7 64 bit with OP FW Pro 2009 6.7.3.3058.

Before asking our vendor I would appreciate it if any body else sees a similar entry. ie in/out bytes at summary level but none at detail level.

Comments as always welcome!

[burebista]

Yep. I have more entries with 0 traffic in detail.

[Manny Carvalho]

The used ports section means that an application has opened a port and is listening for traffic. There's no connection since the bytes are at zero.

The PID of 936 is not relevant since it's an assigned ID number and as you see other sessions of svchost have different PIDs. Svchost hosts quite a few processes so looking at the port number is the way to try and determine what process has that port [49153] open. Process Explorer may be of help trying to determine what port that is but Win 7 is a little more difficult to figure these things out.

Port 49153 belong to the private/ephemeral ports that get randomaly assigned. Try turning off software that you may have running and see if that port gets closed. It's not a real problem as OP will warn you if a new connection is attempted if your svchost rules are properly made.

[Escalader]

Quote:

Originally Posted by Manny Carvalho

The used ports section means that an application has opened a port and is listening for traffic. There's no connection since the bytes are at zero.

The PID of 936 is not relevant since it's an assigned ID number and as you see other sessions of svchost have different PIDs. Svchost hosts quite a few processes so looking at the port number is the way to try and determine what process has that port [49153] open. Process Explorer may be of help trying to determine what port that is but Win 7 is a little more difficult to figure these things out.

Port 49153 belong to the private/ephemeral ports that get randomaly assigned. Try turning off software that you may have running and see if that port gets closed. It's not a real problem as OP will warn you if a new connection is attempted if your svchost rules are properly made.

Hi Manny:

My question is poorly phrased I guess. I'm unconcerned about pid numbers.

I simply wanted to know how I have data in and out at summary level but looking at the detail level all I see is zeros. Normal summary/ detail reports balance. IE the sum of the detail lines equals the summary.

SVCHOST rules do concern me and have alway confused me.

I set rules up on a completely different new application using learning mode for 5 minutes only to find all sorts of new SVCHOST rules showing up via the presets. I must be doing something wrong or suffering rule burn out. But it is very frustrating to keep having to go back and see what damage learning mode did to rules I thought I was done with.

Never mind...

[Manny Carvalho]

Quote:

Originally Posted by Escalader

Hi Manny:

My question is poorly phrased I guess. I'm unconcerned about pid numbers.

I simply wanted to know how I have data in and out at summary level but looking at the detail level all I see is zeros. Normal summary/ detail reports balance. IE the sum of the detail lines equals the summary.

Got you. Makes no sense to me either. Ask Agnitum and let us know the response.

Quote:

SVCHOST rules do concern me and have alway confused me.

I set rules up on a completely different new application using learning mode for 5 minutes only to find all sorts of new SVCHOST rules showing up via the presets. I must be doing something wrong or suffering rule burn out. But it is very frustrating to keep having to go back and see what damage learning mode did to rules I thought I was done with.

Never mind...

Svchost rules can be confusing particularly if you try to make a tight configuration. If you do try to make your own rules then you can't use the learning mode. The point of auto-learn is to make things easy but reasonably secure. That means allowing more things than a tight configuration would. The two aren't compatible and will continue to frustrate you if you try both. If you want to make a tight configuration as per our FAQ then you got to start and continue manually. There's simply no easy way to get a tight configuration. There's nothing automatic about it - no presets, no auto anything, nothing. Turn it all off. It's all hard work.

[Escalader]

Quote:

Originally Posted by Manny Carvalho

Got you. Makes no sense to me either. Ask Agnitum and let us know the response.

Svchost rules can be confusing particularly if you try to make a tight configuration. If you do try to make your own rules then you can't use the learning mode. The point of auto-learn is to make things easy but reasonably secure. That means allowing more things than a tight configuration would. The two aren't compatible and will continue to frustrate you if you try both. If you want to make a tight configuration as per our FAQ then you got to start and continue manually. There's simply no easy way to get a tight configuration. There's nothing automatic about it - no presets, no auto anything, nothing. Turn it all off. It's all hard work.

Hi Manny:

on the in/out summary I will ask the vendor and report back

on the rules I will follow the guide you gave in the post, from this point forward I'll just drive the car with manual transmission.

Maybe some day some nice person will provide a tight rule starter set for OP. Users could download it as a saved configuration file.

[Escalader]

Quote:

Originally Posted by Manny Carvalho

Got you. Makes no sense to me either. Ask Agnitum and let us know the response.

Svchost rules can be confusing particularly if you try to make a tight configuration. If you do try to make your own rules then you can't use the learning mode. The point of auto-learn is to make things easy but reasonably secure. That means allowing more things than a tight configuration would. The two aren't compatible and will continue to frustrate you if you try both. If you want to make a tight configuration as per our FAQ then you got to start and continue manually. There's simply no easy way to get a tight configuration. There's nothing automatic about it - no presets, no auto anything, nothing. Turn it all off. It's all hard work.

Hello Thread:

I did hear back from the vendor. All they said was take and send the usual zip log files so they can see what is going on in my PC. Assumption is that I have done something wrong.

I have not done that, since all they have to do is look at their own versions.

I'm done with this one. They will either fix it or they won't.