Thread: Firewall Questions
January 29th, 2003, 08:18 PM #1
I am using sygate personal edition firewall.
OS = win2kpro
One i can't seem to find again but it wanted to access the net it was called something like WatchDog. then i clicked no and its new message say that the NT Kernal & System has been blocked.
2. NT Kernal & System
3. LSA Excutable & Server DLL (export version)
4. Generic Host Process for Win32 Services
Okay my question is and I can't seem to find any answers for these is why do these services need to access the net? Also what is watch dog? I looked up one on google and it says something installed with NT versions of OS and its a thingy that watches your computer or something er other and will auto reboot your computer if a system crash occurs. my system hasn't crashed today. only been having net access problems. but i think those are fixed since doing.
January 30th, 2003, 05:03 PM #2
changew the dam firewall get Zone Alarm free editionMr. Alvin
January 31st, 2003, 12:01 AM #3Originally posted by boricua4sho2002
changew the dam firewall get Zone Alarm free edition
FYI I used to use zonealarm and frankly I don't care for it too well. Sygate is not my top choice either. I will be getting a new one and I can assure you that it won't be zone alarm.
January 31st, 2003, 12:29 AM #4
I use Zone Alarm as my first firewall experience and find it easy to use. What don't you like about it? A friend had something from Norton and it was too complicated, Black Ice seemed like looking at footprints after you'd been robbed.
I like the ease of use of ZA but am I in for a bell-ringing?
BTW: I get most of the same requests from ZA. I wonder if pingers are looking for spyware reports. (looking for lost spy's deleted with anti-adware?)
Edit: I did a anti spyware called Search & Destroy. I couldn't run game spy and a couple of others. There were probaly more. What I think is that anything you download for free has spyware, and most make you agree to keep it and won't run without it, unless of course you upgrade to a pay version. I gave gamespy and someone else back their spy and went back to the less ruthless "Adware" from Lavasoft.
This is a whole new topic I'd like to follow with people who know more than I do. I had no idea so many "services" were hitting my net and now I wonder if I want to know...!
I hope this was kinda following the track you were taking...
Last edited by Chuckiechan; January 31st, 2003 at 12:43 AM.The interest on the National Debt ($5.2T) in the next ten years, if allotted to the taxpayers would represent ~ $300 a month per family.
January 31st, 2003, 12:47 AM #5
Kind of a complext answer. Sorry.
Here's the info on svchost.exe .
As I understand it, svchost starts a service and Sygate will report it requesting Internet access and gives the service an alias of "Generic Host Process for Win32 Services". Some viruses will piggy back on this Generic Host Process. (Don't get all freaked out. It's only for your info.)
You'll notice many svhosts if you Ctrl + Alt + Delete and look at the Processes tab. Some of these services may request Internet access and some not. Some request but don't really need to be granted access. You may be able to disable or set to manual some service in your Administrative Services.
The link above has a method of discovering what process are running linked to the svchost activation. Check it out. You could find it interesting.
Watchdog service can be uninstalled through Add/Remove Windows Components. You might want to reinstall your Sygate Firewall first and not save previous settings. Start fresh. Once you are back on the net, remove the check for Watchdog in the Add/Remove Windows Coponents.
The LSA thing is all yours. Don't have a clue on that one.
January 31st, 2003, 12:57 AM #6
For nwo Im just blocking all those services from accessing the net. I found some other forums talking about th esame thing and all of these are looking like they are calling MS. So I just put them all on block and so far no ill effects.
As for the watchdog, not sur eon that one, it is not in my ADD/Remove Programs. I think that name is an alias for one of the windows services. But I can't find any references to it anywhere yet. I am blocking that as well.
the forth one that I listed always ask for interent access rights when ever I boot up. the others are random. So block them all for now.
I personally like NIS better, I thought it was easier and has more features that lack in the freeware versions.What Surreal said: "Wheres the like button?"
January 31st, 2003, 01:07 AM #7
Oh! I agree with boricua4sho2002 but in a more diplomatic way, Zone Alarm is the #1 choice. I have an older version of ZA. Version 2.6.357
Very configurable. Yes it can be a pain in the butt. If you make a mistake, you can undo it pretty easily.
Any program in the list I can right click and remove it from the list. I can tell ZA to allow any of the listed items to pass through the Internet lock. Lets say, leave Outlook Express running to monitor my mail but nothing else. I locked Internet access down all except Outlook Express. Here's where you do that.
If you need any help, if you decide to go with ZA, let us know. Zone Alarm is Internet Kung Fu. Wax on. Wax off.
January 31st, 2003, 01:11 AM #8
Do you have IIS installed on your machine?
January 31st, 2003, 10:38 AM #9
Nope do not have IIS installed. learned about the IIS the hard way when I first got win2k a year ago or so and that is one of the first things I check when I do a reformat.
Sygate its pretty easy to undo mistakes as well IMO. however I do like NIS the best of them all. Has way more features that I like having. Granted its harder to use,however I have used it for about a 6 to 8 months now and understand how to use it pretty well.
The LSA one I found it out its the LSASS one. set for blocked. Suprised I didn't catch what LSA was right off.
NT Kernal and System appears to be the NTOSKRNL.EXE which is a system file. EDIT:I think this is the one i did /edit. One I had modified as well. However not sure why it needs to access the net. AFAIC It doesn't need to. Its set to block and no ill effects with doing that as of yet.
As for these files, doesn't matter what firewall I use, these files always want to access the net and I am trying to figure out why?
Last edited by NeoStarO1; January 31st, 2003 at 10:51 AM.What Surreal said: "Wheres the like button?"
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)