Generic host processes and spooler subsystem

[dooviewhacker]

I'm using zonealarm, and every time I connect to anything, Generic Host processes asks for permission to access the internet.

I realise that Generic host processes is sort of an umbrella process which allows other processes access, but is there any way to, if not disable it, cut down the unecessary elements, or is there any way to see what's going on inside?

I realise I need to allow it access at the moment, but it also asks to accept connections, and for server rights - i'm a bit dubious about this.

Also, what does the spooler subsystem app do? It also frequently asks for access.

Any thoughts?

Cheers

 

[roho]

Open a command line (run>cmd) and type 'tasklist /svc' (note space before / and without quotes). This will show you a list of running services, its the svchost.exe's (aka generic host) that you need to look at.

Svchost.exe is broken down into groups and in each group the services are shown that are piggy-backing the svchost.exe.

What you then need to know are which are ligit (things like AudioSRV and lanmanworkstatation) and those which are rogue (its your machine so I can't tell you what is a rogue, so if unsure Google for the service).

Personally, on my standalone xp machines I ensure NO window services whatsover are allowed through the firewall legit or rogue (if I had any rogues that is :-0) as there is no logical reason to allow them through.

You could also (again from the command line) type 'netstat -an' and see what is trying to connect to which IP address and then look up the IP address.

The spooler service is for sharing printers on a network so if you are not on a network do not allow it through your firewall.

HTH