 firewall "allow" question |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.| Important Announcement: We have two terrific contests running on the site that I wanted all our members and guests to know about. The first contest is the HP Magic Giveaway, which is underway as of November 28th. More information can be found at this topic, which will be updated very soon with further information. The second contests, is for the chance to win two Seagate FreeAgent external hard drives. More information about this contest can be found here. These are both amazing contests and I suggest everyone submit an entry for them. - BleepingComputer Management |
  |
 Jul 14 2005, 12:57 PM
Post
#1
|
|
|
Member  Group: Members Posts: 91 Joined: 13-July 05 From: Austin, of course. Member No.: 27,210  |
I haven't tried to print anything since denying the new alert, so don't know if the printer is affected. Win2000Pro, IE6, HP officejet v40xi EZ Firewall from Computer Associates (almost identical to ZoneAlarm, maybe same company?) Thanks, Randall |
 |
 
|
|
Jul 14 2005, 02:46 PM
Post
#2
|
|
 Member Group: Members Posts: 64 Joined: 22-May 05 Member No.: 20,984 |
I would allow them internet access as long as you are sure that they are associated with Windows. If you recently updated, then there is the possibility that some of these components got changed which could explain why your firewall is asking you to allow them again.
|
|
|
|
|
Jul 14 2005, 04:47 PM
Post
#3
|
|
|
Member Group: Members Posts: 91 Joined: 13-July 05 From: Austin, of course. Member No.: 27,210 |
Thanks, coolchris. That's what I was thinking, but I guess I wanted second opinions. It just doesn't make sense that an app associated with printing needs internet access. If I was on a server network, I could understand a request for server access permission.
A system search appeared to show all apps to be in MS directories so I'm probably okay. I think I'll stop the process with Task Mgr and see if it replicates and shows back up in running apps. Any other opinions are welcomed and I thank everyone for their help. Randall |
|
|
|
|
Jul 14 2005, 05:44 PM
Post
#4
|
|
 Voted most likely Group: Members Posts: 3,675 Joined: 19-September 04 From: Collingwood, Ontario, Canada Member No.: 2,883 |
I wouldn't allow it until I found something that didn't work without it. If you enter spoolsv into our Startup Database (found at the top of this or any page) it comes back as a virus/worm/trojan.
Your post doesn't mention any anti-virus software that you use, unless its EZTrust that is bundled with the firewall. Are you using any? -------------------- **** We use our powers for good, not evil **** When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo |
|
|
|
|
Jul 14 2005, 06:01 PM
Post
#5
|
|
 Senior Member  Group: Banned Posts: 449 Joined: 21-March 05 Member No.: 15,032 |
Spoolsv is the printer spool that makes contact with a printer allowing you to print documents. This is not a virus unless it starts from a location different then C:\windows\system 32\spoolsv.exe
-------------------- =(*)(*)=Home Of The TEB=(*)(*)=
|
|
|
|
|
Jul 14 2005, 06:06 PM
Post
#6
|
|
|
Member Group: Members Posts: 91 Joined: 13-July 05 From: Austin, of course. Member No.: 27,210 |
[QUOTE]Process File: spoolsv or spoolsv.exe
Process Name: Microsoft Printer Spooler Service [QUOTE]Description: spoolsv.exe is a Microsoft Windows system executable which handles the printing process to your local printers. Note: spoolsv.exe is also a process which is registered as the Backdoor.Ciadoor.B Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.[/QUOTE] Since that is a bucketfull of confusion, I did some searches and I think it depends on the location of the app. If it's in a directory, then it's supposed to be okay. Now, I THINK mine is, but since I'm a partial idiot I'm not sure. Also, being a partial idiot, I forgot to post that I have run updated Ad-Aware, M$ AntiSpyware, EZ Trust AV (with Firewall), and M$ Malicious Software Scan(or something of that nature). Everything is coming back negative, but I guess I'm paranoid when something new or unusual happens. Thanks, Randall |
|
|
|
|
Jul 14 2005, 06:27 PM
Post
#7
|
|
|
Member Group: Members Posts: 91 Joined: 13-July 05 From: Austin, of course. Member No.: 27,210 |
Techsomething, I just saw your post. How do I determin where it originates from? A search shows three instances which is scary.
SPOOLSV C:\1386 spoolsv C:\WINNT$NtUpdateRollupPackUninstall$ spoolsv C:\WINNT\system 32 Properties all appear to show as Microsoft files, but a weird thing is the "original name" and "internal name" all say spoolss.exe. which a Google search also shows as a M$ app. No spoolsv.exe to be found. |
|
|
|
|
Jul 14 2005, 10:01 PM
Post
#8
|
|
|
Member Group: Members Posts: 91 Joined: 13-July 05 From: Austin, of course. Member No.: 27,210 |
Never mind.....Sometimes the most simple solution is overlooked...at least by me. It was the update rollup that for some reason caused the spoolsv.exe to need to access the internet. I allowed access in the firewall, uninstalled the update, rebooted and got no request for access. Reinstalled and made the program "ask" for access and guess what???? There was the request from the firewall upon reboot.
Thanks for the help. Randall |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 4th December 2008 - 01:08 PM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.