I'm using Comodo and whenever I select scvhost.exe [812] and block it, the scvhost.exe [1004] gets blocked as well.
Extremely annoying because, the PID 1004 is required for my DNS to function... websites won't work right without it unless I type the IP address. [812] looks like some sort of Microsuck phone-home BS... whois has it registered to them. I have updates disabled so they need to get off my stuff!
Still interested in the answer for prosperity's sake, but for now I fixed the 'issue' by simply banning traffic between my computer and several million M$ucks IP addresses. :)
Call me paranoid, but if I don't have updates turned on I should not have any active connections to MS servers.
I recently had a suspicion of being hacked, so I am plugging ALL holes except stuff that really needs to run.
Do you have antivirus installed, and a firewall running? If so, you should be solid against any kind of intrusion.
Why aren't you running updates? And how're you sure that it's connections to Microsoft servers, and not simply network traffic (pings and such), are you running network diagnostics?
Sorry for the boatload of questions. I just really want to understand what's going on. it makes it easier to give you a solution that'll make you happy. :)
I did a whois on the ipaddress and its part of a range that belongs to MS. After blocking traffic to that entire range, it proceeded to change its destination to a range in York, UK... really annoying. I don't like unsolicited connections between my computer and unnecessary servers. I manually update as needed, automatic updates cause surprises sometimes and can tax the system at moments you don't want that like in the middle of a game.
Actually, if you keep up to date on updates, you'll only be updating on or after Patch Tuesday. I would pick up a piece of software (and I'm afraid I don't know of any) that monitors network traffic, and tells you what it is that's sending out the information. Are you sure it isn't like MSN messenger running in the background?
Are you running AV and a firewall? Also, what're your system specs? I'm curious what you could be running that might cause updating and similar things to be a viable concern.
After filtering both ranges of IPs, and rebooting it seems scvhost.exe finally shut up (for now anyway).
The main stuff I'm curious about now is why services.exe, lsass.exe, & 'system' are all listening on 3 different ports. I'll probably find it on google. Last time I did that it turned out to be something related to wireless network video streaming so I just turned off the related service and it went away.
I like to have full control over my system, automatic things bug me. I'm old school. Like MS-DOS 4.0 and Windows 3.0 old school. Tandy 1000, TRS-80 III, etc. Yes I have AV and of course a firewall (its what alerted me to the unwanted network traffic, duh!)
edit: added my system specs in profile.
edit2: I haven't let the messenger service run on my system for about 6 years now
Last edited by joe7dust; 15 Apr 2011 at 00:00.
Not a bad machine. Well, personally, I'd say ease up on the iron grip. With your specs the way they are, none of the services named are going to be enough of a background process to cause any kind of technical difficulty (lag, etc.), and forcibly killing them just makes your system unstable. I would say just let W7 run and manage itself, and trust it to know what it's doing. It's a strange idea (and one I'm still coming to terms with), but this OS seems to do a good job of managing itself if you let it.
I never said I wanted to kill it I know how to do this already and am aware of the system instability that can happen if I did this. Reread post title.
Quote