Generic host processes and spooler subsystem - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 10-09-2003, 10:34 PM   #1 (permalink)
Newb Techie
 
Join Date: Oct 2003
Posts: 13
Default Generic host processes and spooler subsystem

I'm using zonealarm, and every time I connect to anything, Generic Host processes asks for permission to access the internet.

I realise that Generic host processes is sort of an umbrella process which allows other processes access, but is there any way to, if not disable it, cut down the unecessary elements, or is there any way to see what's going on inside?

I realise I need to allow it access at the moment, but it also asks to accept connections, and for server rights - i'm a bit dubious about this.

Also, what does the spooler subsystem app do? It also frequently asks for access.

Any thoughts?

Cheers
__________________

dooviewhacker is offline  
Old 10-10-2003, 04:03 PM   #2 (permalink)
Super Techie
 
Join Date: Aug 2003
Posts: 268
Default

Open a command line (run>cmd) and type 'tasklist /svc' (note space before / and without quotes). This will show you a list of running services, its the svchost.exe's (aka generic host) that you need to look at.

Svchost.exe is broken down into groups and in each group the services are shown that are piggy-backing the svchost.exe.

What you then need to know are which are ligit (things like AudioSRV and lanmanworkstatation) and those which are rogue (its your machine so I can't tell you what is a rogue, so if unsure Google for the service).

Personally, on my standalone xp machines I ensure NO window services whatsover are allowed through the firewall legit or rogue (if I had any rogues that is :-0) as there is no logical reason to allow them through.

You could also (again from the command line) type 'netstat -an' and see what is trying to connect to which IP address and then look up the IP address.

The spooler service is for sharing printers on a network so if you are not on a network do not allow it through your firewall.

HTH
roho is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 11:08 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.