Is it possible to block network access by PID instead of process name?

J

joe7dust

New member
I'm using Comodo and whenever I select scvhost.exe [812] and block it, the scvhost.exe [1004] gets blocked as well.

Extremely annoying because, the PID 1004 is required for my DNS to function... websites won't work right without it unless I type the IP address. [812] looks like some sort of Microsuck phone-home BS... whois has it registered to them. I have updates disabled so they need to get off my stuff!
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
Still interested in the answer for prosperity's sake, but for now I fixed the 'issue' by simply banning traffic between my computer and several million M$ucks IP addresses. :)
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
joe7dust said:
I'm using Comodo and whenever I select scvhost.exe [812] and block it, the scvhost.exe [1004] gets blocked as well.

Extremely annoying because, the PID 1004 is required for my DNS to function... websites won't work right without it unless I type the IP address. [812] looks like some sort of Microsuck phone-home BS... whois has it registered to them. I have updates disabled so they need to get off my stuff!
Click to expand...
Out of curiosity, why are you killing SVChost?
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
Call me paranoid, but if I don't have updates turned on I should not have any active connections to MS servers.

I recently had a suspicion of being hacked, so I am plugging ALL holes except stuff that really needs to run.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
Do you have antivirus installed, and a firewall running? If so, you should be solid against any kind of intrusion.

Why aren't you running updates? And how're you sure that it's connections to Microsoft servers, and not simply network traffic (pings and such), are you running network diagnostics?

Sorry for the boatload of questions. I just really want to understand what's going on. it makes it easier to give you a solution that'll make you happy. :)
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
I did a whois on the ipaddress and its part of a range that belongs to MS. After blocking traffic to that entire range, it proceeded to change its destination to a range in York, UK... really annoying. I don't like unsolicited connections between my computer and unnecessary servers. I manually update as needed, automatic updates cause surprises sometimes and can tax the system at moments you don't want that like in the middle of a game.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
Actually, if you keep up to date on updates, you'll only be updating on or after Patch Tuesday. I would pick up a piece of software (and I'm afraid I don't know of any) that monitors network traffic, and tells you what it is that's sending out the information. Are you sure it isn't like MSN messenger running in the background?

Are you running AV and a firewall? Also, what're your system specs? I'm curious what you could be running that might cause updating and similar things to be a viable concern.
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
After filtering both ranges of IPs, and rebooting it seems scvhost.exe finally shut up (for now anyway).

The main stuff I'm curious about now is why services.exe, lsass.exe, & 'system' are all listening on 3 different ports. I'll probably find it on google. Last time I did that it turned out to be something related to wireless network video streaming so I just turned off the related service and it went away.

I like to have full control over my system, automatic things bug me. I'm old school. Like MS-DOS 4.0 and Windows 3.0 old school. Tandy 1000, TRS-80 III, etc. Yes I have AV and of course a firewall (its what alerted me to the unwanted network traffic, duh!)

edit: added my system specs in profile.
edit2: I haven't let the messenger service run on my system for about 6 years now ;)
 
Last edited:

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
Not a bad machine. Well, personally, I'd say ease up on the iron grip. With your specs the way they are, none of the services named are going to be enough of a background process to cause any kind of technical difficulty (lag, etc.), and forcibly killing them just makes your system unstable. I would say just let W7 run and manage itself, and trust it to know what it's doing. It's a strange idea (and one I'm still coming to terms with), but this OS seems to do a good job of managing itself if you let it.
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
I never said I wanted to kill it I know how to do this already and am aware of the system instability that can happen if I did this. Reread post title.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
Sorry. I got distracted by our conversation and lost track of the original goal here. xP

As far as I'm aware, there isn't such a way. I"ll do some digging, but I can't think of any commands that would allow such a thing.
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
What prevents a virus from masquerading as svchost.exe? Windows runs so many of them I'd probably not even notice. Throw in the possibility of it being unblockable and you'd have a real mess!
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
I think it's hard coded into the OS what can be run in svchost, but I really don't know the answer to that one.
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
I wasn't talking about injecting .dll into scvhost, I meant like putting a file called scvhost.exe in a random directory to avoid the system32 folder permissions. It would blend into the list of processes and only be noticeable if you hit "Open File Location"
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
True, I suppose that's possible, but with it not having been done, I'd guess there's a reason hackers haven't. That, however, is beyond my knowledge as far as interior functionality of the OS goes.
 

My Computer

Computer Manufacturer/Model Number
HP 6000 Pro Micro Tower
OS
W7 Professional x64
CPU
Core 2 Duo 2.93
Memory
2 GB
Graphics Card(s)
ATI Radeon 4695
Monitor(s) Displays
Two HP 17's
Hard Drives
150GB Sata Drive
Case
Tiny. Kinda cute.
Keyboard
HP Supplied. Surprisingly nice.
Mouse
Gateway Mouse from an E2610D
Internet Speed
45 mbps
I just wanted to throw my 2 cents out there. I noticed in a earlier post, someone mentioned a program that can show what IP addresses are accessing your computer, there is a program called PeerBlock. PeerBlock is a program that is used to stop communication with IP Addresses but it can also show you what IP Address are "allowed" to access you computer under the "settings" tap. Hope this helps.
 

My Computer

Computer Manufacturer/Model Number
Gateway DX4600-15e
OS
Windows 7 Home Premium 64-bit SP1 Build 7601
CPU
AMD Phenom II X4 810 Deneb 45mm Technology
Motherboard
Gateway RS780 (AM2)
Memory
8GB Dual-Channel DDR2 @ 399MHz
Graphics Card(s)
ATI Radeon HD 3200 Graphics, GeForce GT 220
Sound Card
Realteck High Definition Audio
Hard Drives
1TB Western Digital SATA
Keyboard
Logitech Wave Keyboard K350
Mouse
Logitech Mouse M510
Internet Speed
3Mb/s
Thanks, I think Comodo does basically the same thing but it was tedious to block new IP ranges. That other program sounds easier to use, so I'll check it out.
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate 64-bit
You must log in or register to reply here.
Back
Top