Is it possible to block network access by PID instead of process name?

WebMattR · 15 Apr 2011

Sorry. I got distracted by our conversation and lost track of the original goal here. xP

As far as I'm aware, there isn't such a way. I"ll do some digging, but I can't think of any commands that would allow such a thing.

joe7dust · 15 Apr 2011

What prevents a virus from masquerading as svchost.exe? Windows runs so many of them I'd probably not even notice. Throw in the possibility of it being unblockable and you'd have a real mess!

WebMattR · 15 Apr 2011

I think it's hard coded into the OS what can be run in svchost, but I really don't know the answer to that one.

joe7dust · 17 Apr 2011

I wasn't talking about injecting .dll into scvhost, I meant like putting a file called scvhost.exe in a random directory to avoid the system32 folder permissions. It would blend into the list of processes and only be noticeable if you hit "Open File Location"

WebMattR · 17 Apr 2011

True, I suppose that's possible, but with it not having been done, I'd guess there's a reason hackers haven't. That, however, is beyond my knowledge as far as interior functionality of the OS goes.

DragonPoet · 18 Apr 2011

I just wanted to throw my 2 cents out there. I noticed in a earlier post, someone mentioned a program that can show what IP addresses are accessing your computer, there is a program called PeerBlock. PeerBlock is a program that is used to stop communication with IP Addresses but it can also show you what IP Address are "allowed" to access you computer under the "settings" tap. Hope this helps.

joe7dust · 18 Apr 2011

Thanks, I think Comodo does basically the same thing but it was tedious to block new IP ranges. That other program sounds easier to use, so I'll check it out.