I am using Windows XP, and Norton Firewall software. I frequently get the
message from the firewall program that something is trying to access my
computer. The message is:
application: C:\Windows\system32\sychost.exe
Protocol UDP (inbound).
Is this Microsoft attempting to download Windows updates (which I have on
automatic)? Should I give permission to this action in the future?

Thanks for your help.

--
John Garate

610-687-3011

Svchost provides network services for many O/S services that you have
running as well as for their support components. Alerter, DNS Cache, and
Application Management are some routines that use svchost. It is also used
by Automatic Updates. Permitting the program access to the internet gives
that access to every Windows component that uses it. I have always allowed
it access, and since I now use a hardware firewall, I have no way to prevent
it. (I am considering installing Zone Alarm just so that I can control
which programs can access the internet.) If you wish to prevent these
services from accessing the internet, then you should not give the access to
svchost.exe. If you do want even just one of these services to have access,
then you must allow svchost to have access. In either case, you should
consider disabling those services that you do not need.

You can manage services by going to Start->Control Panel->Administrative
Tools->Services. Before taking any action, however, see notes and warnings
below.

All of the following services use svchost:

Services that SHOULD be disabled:

-Alerter
-Computer Browser
-IPv6 Internet Connection Firewall
-Messenger
-Remote Registry
-Routing and Remote Access
-Secondary Logon (unless you want to run programs using alternate
credentials)
-SSDP Discovery Service (unless you DO have UPnP devices)
-TCP/IP NetBIOS Helper (unless you require the unsafe NetBIOS over your
network) (Note: this is not required for file and printer sharing.)
-Universal Plug and Play Device Host (unless you DO have UPnP devices)
-Upload Manager
-WebClient

Other services that CAN be disabled if you do not need them:

-Automatic Updates (if you do not want to be notified automatically of
critical O/S updates)
-Background Intelligent Transfer Service (BITS) (for automatic restarts of
downloads from Microsoft)
-Error Reporting Service (should be disabled unless you want to report
errors to Microsoft)
-Help and Support (if you do not use the Help and Support Center)
-Human Interface Device Access (if none of your external peripherals require
it)
-Internet Connection Firewall (ICF)/Internet Connection Sharing (ICS) (if
you do NOT use the built-in firewall or connection sharing)
-Network Location Awareness (if you do NOT use internet connection sharing)
-Portable Media Serial Number Service (disable for privacy)
-Windows Image Acquisition (if you do NOT use any digital imaging devices)
-Windows Time (if you do not want Windows to automatically update your
computer time)
-Wireless Zero Configuration (if you have no wireless network devices)

Services that should NOT be disabled unless you are SURE you do not need
them:

-COM+ Event System (this can be set to manual)
-DHCP Client (required for most situations that require dynamic IP
addressing)
-Distributed Link Tracking Client (unless you are NOT using NTFS)
-Fast User Switching Compatibility (unless you are NOT using Fast User
Switching)
-Logical Disk Manager
-Network Connections (this can be set to manual)
-Remote Access Auto Connection Manager (this can be set to manual)
-Remote Access Connection Manager (this can be set to manual)
-Removable Storage (unless no removable storage devices you have require it)
(this can be set to manual)
-Server (if you do not need file and printer sharing) (may be required for
other services)
-System Restore Service (unless you do NOT need system restore)
-Telephony (unless you do NOT use a modem for any purpose)
-Terminal Services (unless you do NOT use Fast User Switching)
-Themes (unless you NEVER want to use XP themes--including the default)

Services that ABSOLUTELY SHOULD NOT be disabled:

-Application Management (this can be set to manual)
-Cryptographic Services
-DNS Cache
-Remote Procedure Call (as ominous as this may sound, it should not be
disabled)
-Shell Hardware Detection
-System Event Notification
-Task Scheduler
-Windows Audio
-Windows Management Instrumentation
-Workstation

Note1: Advanced users will probably want to experiment with disabling some
of the NOT services, but doing so may have undesirable side effects. For
example, I have Telephony disabled, and as a result I cannot use my modem at
all. Those who are not sure of what they are doing probably should not
disable anything but the SHOULD list above.

Note2: This is not a complete list of services. It only addresses those
that utilize svchost.exe.

Note3: Not all of these services are present in WindowsXP Home. Any
service that utilizes svchost.exe but that is not installed by default on
WindowsXP Professional is not included above.

Warning1: Disabling Windows services can have serious side effects in your
system. It is possible to seriously degrade or even disable your system by
so doing. Caution should be exercised when working with Windows services.

Warning2: Disabling Windows services should not be considered a substitute
for having a firewall. Everyone must have a firewall--either software or
hardware--to secure their systems, and they must also have and use an up to
date anti-virus program.

I am open to changes to these recommendations if anyone can offer more
information about these services.

Opus

"John Garate" > wrote in message
...
> I am using Windows XP, and Norton Firewall software. I frequently get the
> message from the firewall program that something is trying to access my
> computer. The message is:
> application: C:\Windows\system32\sychost.exe
> Protocol UDP (inbound).
> Is this Microsoft attempting to download Windows updates (which I have on
> automatic)? Should I give permission to this action in the future?
>
> Thanks for your help.
>
> --
> John Garate
>
> 610-687-3011
>
>