Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic Host Process & Zonealarm


  • Please log in to reply
16 replies to this topic

#1 scotty38

scotty38

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 28 May 2006 - 05:05 PM

Hi this is my first post on BC and i will try to explain my problem

I am having trouble with my internet connection so i turned off ZoneAlarm to see if this was the problem as i have read someware ZoneAlarm & Aol may have conflicts, I only turned off ZoneAlarm as i have a neetgear rooter with bilt in fierwall but ever since i turned ZoneAlarm back on i keep getting messages saying it has blocked ( Generic host process for win 32 services ) i don't know why it is doing this and its driving me mad.

I have run anti virus, spyware, trojan scanners ETC found nothing also did a hijakthis.log and tested it online all came up ok.

hope this is unuf info

windowsXP pro 2002 with SP2 all updated
AMD sempron ™ processor 3400+
2.01 GHz 960 MB of RAM

thanks in advance if to anyone that can help

Scotty

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:11:14 PM

Posted 28 May 2006 - 07:34 PM

Welcome to BC! :thumbsup:

If you think that your computer is malware free, then it is probably ok to let it connect to the internet, in other words to unblock it.

I found this thread at another forum: http://www.computing.net/security/wwwboard/forum/272.html
Below are some of the cures discussed for this issue as it relates to Zone Alarm:

When I finally did and let the Win32 through, everthing worked fine.

As soon as I installed Zone-alarm I discovered that SVCHOST.EXE is needed to allow access to the internet. So just go ahead and tell Zone to allways give access

I think Generic Host Process for Win32 Services is a transport for dns queries (among other things) this will be why you are not able to access any sites if this service is blocked.

you need to allow it. Just check the box for always allow on zone and forget about it.

I upgraded to ZoneAlarm Pro and now the problem is solved

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:11:14 PM

Posted 28 May 2006 - 09:56 PM

As soon as I installed Zone-alarm I discovered that SVCHOST.EXE is needed to allow access to the internet. So just go ahead and tell Zone to allways give access

Generic Host Process MUST have access to the internet, and MUST have server rights but ONLY in the TRUSTED ZONE. It's the only one where you should allow server rights. IM might be an exception but I have no experience with IM.

Edited by tos226, 28 May 2006 - 09:56 PM.


#4 scotty38

scotty38
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 29 May 2006 - 08:18 AM

Thanks for the advice but i'm still a bit confused this is what ZoneAlarm tells me

ZoneAlarm prevented your computer from accessing port 53 on a DNS server

ZoneAlarm prevented your computer from sending a message to a remote computer. No breach in your security has occurred.Your computer is safe.

What happened?

ZoneAlarm blocked an outbound communication to a Domain Name Server. The function of a Domain Name Server (DNS) is to convert a domain's IP address, such as 207.25.71.28, into a recognizable name, such as www.cnn.com.

Should I be concerned?

There is usually no reason to worry about this alert, but it should be investigated. One possibility is that your application attempted to send a query out to the Internet before ZoneAlarm started running on your machine at start-up time. By default, ZoneAlarm is loaded when Windows first starts up. This minimizes the possibility that an application will establish an Internet connection before the TrueVector Service is loaded.

What should I do?

Your internet application may not be not working properly. In that case, stop the application, then restart it. This often fixes the problem and in that case, you will not receive this alert again. In addition, go to the Configure panel to make sure that ZoneAlarm is configured to load when Windows starts. You can also run regular checks on your machine for viruses and Trojan horses.

Under program control I have Generic Host Process set up as follows Access Trusted & Internet are both ticked and under Server trusted is ticked and Internet has a cross in it, is this set up right ?? and if it is i don't see why i keep getting the message, when i get this message i can still connect to sights with no problems most of the time.

as far as i can see GHS is set up right so it don't make sense if it is set the right way why do i get this message my ZA must be possessed lol

only other thing i notice if i go onto a sight with a lot of photos they load up one by one and some of them don't load at all i thought this was a problem with my internet connection but now i'm not so sure

I'm on AOL silver broadband

scotty

#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:14 PM

Posted 29 May 2006 - 09:41 AM

Generic host process is the name Microsoft gives to numerous applications on your PC, for example svchost. While it is true some viruses can hijack svchost your resident antivirus program is what is responsible for catching that. Your computer will not operate properly without svchost (look in your processes running and you may see it several times).

If you deny it in ZA you will stop many of your aps that need to access the internet from working properly.

ZA by function will notify you of every attempt to access the internet unless it is on the allowed list. Once you allow it you will no longer get the alerts.

Are you having connectivity problems for aps that you have set to update automatically or check for updates including anti-malware aps, email, uploading files like pictures to hosting sites, etc?

I have my ZA set to allow Generic Host Processes for trusted and internet under "Access", and under "trusted" in the "server" column and have experienced no problems - no infection.

#6 scotty38

scotty38
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 29 May 2006 - 10:56 AM

Generic host process is the name Microsoft gives to numerous applications on your PC, for example svchost. While it is true some viruses can hijack svchost your resident antivirus program is what is responsible for catching that. Your computer will not operate properly without svchost (look in your processes running and you may see it several times).

If you deny it in ZA you will stop many of your aps that need to access the internet from working properly.

ZA by function will notify you of every attempt to access the internet unless it is on the allowed list. Once you allow it you will no longer get the alerts.

Are you having connectivity problems for aps that you have set to update automatically or check for updates including anti-malware aps, email, uploading files like pictures to hosting sites, etc?

I have my ZA set to allow Generic Host Processes for trusted and internet under "Access", and under "trusted" in the "server" column and have experienced no problems - no infection.


In my processes i have svchost.exe running 4 times 2 for SYSTEM & 2 for NETWORK SERVICE, I don't remember ever denying it in ZA, the message i get as above is blocking it.

Under program control I have Generic Host Process set up as follows Access Trusted & Internet are both ticked and under Server trusted is ticked and Internet has a cross in it, if i am right this is the same as you have your ZA set up, this problem only started when i turned off ZA then turned it back on again, All my updates for my AV & spyware ETC are set for manual download only automatic updates i have are for WindowsXP updates, I have set my updates this way after reading the TweakingCompanion on BC forgot to mention at the start of this thread i had read it.

only problems i experience ar photos on web pages loading slow or sometimes they don't load & when i upload pictures to hosting sites I.E Ebay or PhotoBucket it pauses for a bit but i just thought it was like that especially with Ebay.

Thanks for the advice

Scotty

#7 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:11:14 PM

Posted 29 May 2006 - 08:25 PM

Your setup sounds correct.

Having said that, if you're still annoyed by the alerts or what you see in the log do some/all of these steps:
1. If you have a router, add the router's IP address to the trusted zone (ZA normally recognizes a network, but sometimes needs a bit of help).
2. Put computer's loopback address (127.0.0.1) into the trusted zone.
3. On the Alerts tab, switch Program logging from High to Medium - that's only cosmetic, of course, has nothing to do with correct controls of the ZA behaviour.
4. When an alert pops up, read the IP address, and if it's safe, Allow it and put a checkmark by Remember this setting.

Some routers act as DNS (domain name server), at least partially (I don't quite understand that part), so putting the router into the Trusted Zone makes sense. If your ISP provider has DNSs, often 2, you may put those there as well, but here I'm not too sure - so check ZA's HELP first as to what they suggest. How it all plays with AOL I do not know either.

4 or more instances of svchost.exe are normal. Google and you'll see.

Pictures upload, any upload is always slower than download.
Pictures, especially large ones, might indeed take their time coming down.

#8 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:11:14 PM

Posted 29 May 2006 - 08:27 PM

I have my ZA set to allow Generic Host Processes for trusted and internet under "Access", and under "trusted" in the "server" column and have experienced no problems - no infection.

Same thing here :thumbsup:

#9 C J.

C J.

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 30 May 2006 - 03:37 PM

Your setup sounds correct.

Having said that, if you're still annoyed by the alerts or what you see in the log do some/all of these steps:
1. If you have a router, add the router's IP address to the trusted zone (ZA normally recognizes a network, but sometimes needs a bit of help).
2. Put computer's loopback address (127.0.0.1) into the trusted zone.
3. On the Alerts tab, switch Program logging from High to Medium - that's only cosmetic, of course, has nothing to do with correct controls of the ZA behaviour.
4. When an alert pops up, read the IP address, and if it's safe, Allow it and put a checkmark by Remember this setting.

Some routers act as DNS (domain name server), at least partially (I don't quite understand that part), so putting the router into the Trusted Zone makes sense. If your ISP provider has DNSs, often 2, you may put those there as well, but here I'm not too sure - so check ZA's HELP first as to what they suggest. How it all plays with AOL I do not know either.

4 or more instances of svchost.exe are normal. Google and you'll see.

Pictures upload, any upload is always slower than download.
Pictures, especially large ones, might indeed take their time coming down.


O/T: Thanks Tos. Due to Item #2 in your list, I solved an annoying problem I had with an Outlook Express authentication issue and couldn't get figured out.

#10 scotty38

scotty38
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 31 May 2006 - 07:53 AM

Your setup sounds correct.

Having said that, if you're still annoyed by the alerts or what you see in the log do some/all of these steps:
1. If you have a router, add the router's IP address to the trusted zone (ZA normally recognizes a network, but sometimes needs a bit of help).
2. Put computer's loopback address (127.0.0.1) into the trusted zone.
3. On the Alerts tab, switch Program logging from High to Medium - that's only cosmetic, of course, has nothing to do with correct controls of the ZA behaviour.
4. When an alert pops up, read the IP address, and if it's safe, Allow it and put a checkmark by Remember this setting.

Some routers act as DNS (domain name server), at least partially (I don't quite understand that part), so putting the router into the Trusted Zone makes sense. If your ISP provider has DNSs, often 2, you may put those there as well, but here I'm not too sure - so check ZA's HELP first as to what they suggest. How it all plays with AOL I do not know either.

4 or more instances of svchost.exe are normal. Google and you'll see.

Pictures upload, any upload is always slower than download.
Pictures, especially large ones, might indeed take their time coming down.


In ZA Alerts & Logs svchost.exe Destination 192.168.0.1 I have added this to the trusted zone and the alerts have stopped

1/2 I cant remember my router IP address how can i find this and then how do i add this and the loopback address in the trusted zone.

3/ on the alerts tab i cant see program logging am i missing something?

4/ how can i tell if an IP address is safe

I think the Picture loading is to do with my broadband connection so i will be having words with AOL very soon

scotty

#11 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:14 PM

Posted 31 May 2006 - 08:56 AM

I believe 192.168.0.1 is your router's address.

#12 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,574 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:11:14 PM

Posted 31 May 2006 - 09:26 PM

What's the router's IP address? When I changed from DSL to fiber, the default number changed from 192.168.1.1 to what Enthusiast listed 192.168.0.1. I don't know whether the number belongs to the different router or the ISP.
Router can use any of the "black hole" numbers 10.10.x.x and few others. See IANA.org on the web.
Several people I know use the 10.10 numbers, but I have not tried that yet. They claim it's safer since it is less commonly used.

Do Start, type cmd, and when the command window opens, type this exactly
ipconfig /all
That'll tell you for sure what the router's address is, as well as the DHCP, DNS and other stuff.
Close the window when you're done.

Is IP address safe? Loaded question. This site isn't bad, it offers lots more than IP translation, and doesn't give you pests:
http://www.dnsstuff.com
use the WHOIS button for starters. Have fun watching how China Telecom is pinging you!

How to add a router to a zone?
Firewall tab, use the Add button. But ZA normally recognizes the network you're connected to and asks you which zone to place it in. But it appears you've already done it. I'm confused.

Program control is one of the tabs I see. What type of ZA do you have (free, pro, suite and version) ? I know that even free version of ZA includes it.

#13 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:14 PM

Posted 31 May 2006 - 09:42 PM

ipconfig reconfigures the lease your isp assigns your modem.
If you don't allow the router, you have no internet connection.

You have already been advised to allow it.
What's your problem?

If you're that paranoid, delete your network connections and use the network connection wizard and allow the resulting Zonealarm alerts.

Edited by Enthusiast, 31 May 2006 - 09:45 PM.


#14 scotty38

scotty38
  • Topic Starter

  • Members
  • 101 posts
  • OFFLINE
  •  
  • Local time:04:14 AM

Posted 01 June 2006 - 07:49 AM

ipconfig reconfigures the lease your isp assigns your modem.
If you don't allow the router, you have no internet connection.

You have already been advised to allow it.
What's your problem?

If you're that paranoid, delete your network connections and use the network connection wizard and allow the resulting Zonealarm alerts.


I DON'T HAVE A PROBLEM and from what i can see in what i have posted it looks like i have added it.

i am not paranoid and find your message to me offensive its not my fault that i DON'T know as much about computers as you do i think i will just go it alone now as i DON'T need any extra stress.

scotty

#15 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:10:14 PM

Posted 01 June 2006 - 07:55 AM

Scotty, you have already been given the answers to t5he question you continue to ask.

Albert advised you the first time:
"As soon as I installed Zone-alarm I discovered that SVCHOST.EXE is needed to allow access to the internet. So just go ahead and tell Zone to allways give access

I think Generic Host Process for Win32 Services is a transport for dns queries (among other things) this will be why you are not able to access any sites if this service is blocked.

you need to allow it. Just check the box for always allow on zone and forget about it."

I, and others advised you as well:
" ipconfig reconfigures the lease your isp assigns your modem.
If you don't allow the router, you have no internet connection.

You have already been advised to allow it."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users