Svchost Firewall exceptions

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

I get these events on a regular basis:

Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 12/4/2005
Time: 2:40:09 PM
User: NT AUTHORITY\NETWORK SERVICE
Computer: WIN2003-HOME
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 1416
User account: NETWORK SERVICE
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 1861
Allowed: No
User notified: No

Using procexp I can see that DHCP (DHCP Client) and DNS Cache (DNS Client)
are the services registered for that process. It is using UDP ports 1029,
1046, 1563, 1861, and 1394 for all remote addresses. One cannot add
svchost.exe to the firewall exception list. The problem; however, is that
process id has had block audit failures on ports 1163, 1172, 2840 and 2843
that is not showing in the current process. Hence, it would seem that the
UDP ports being used by this process vary over time.

The firewall will not let one add svchost.exe to the exception list. How do
I set up the firewall to not block UDP packets for this process??

Thanks.
.

Relevant Pages

  • Re: Dlink 804 does not block UPD ?!
    ... I am also using DI-804 and my checks with ShieldsUp report that ... my local network is completely invisible to Internet. ... scan on those UDP ports that were open on my computer? ... After test installation I tried to scan the firewall with the ...
    (comp.security.firewalls)
  • Firewall UDP
    ... I did not open up any UDP ports but my port scanner can still get to tons of them.... ... # Common: domain ... First I thought maybe the firewall was dropping packed therefor making my scanner not recieve a rejected responce... ...
    (alt.os.linux.suse)
  • Re: UDP-Portscan ISA Firewall
    ... > Enable packet filtering. ... >>i should test a ISA Firewall for a customer. ... In ISA Logs i see that the firewall has blocked all UDP Ports ... >>Scan with the exception of Port 53 but why the portscanner reports me that ...
    (comp.security.firewalls)
  • Re: FC3 - broken into?
    ... > need to make sure you know what TCP and UDP ports have to be open for ... > mischief inside the enterprise and hence already inside the firewall. ... highly recommend Guarddog. ...
    (Fedora)
  • Re: Network problem: "Could not start DB server: socket() failed for UDP socket"
    ... and noticed that DHCP client was not started. ... Among those was Kerio Pernosal ... > changing/reinstalling the firewall would help... ... socketfailed for UDP socket". ...
    (microsoft.public.windowsxp.network_web)