ghost
commented
4 months ago SvcHost.exe acts as a host (middle-man process) for many system services and that also extends onto 3rd party software in some cases. For example, Windows OS DNS Cache service is hosted by SvcHost.exe and if DNS Cache service is enabled, then SvcHost.exe must be allowed to send packets over UDP port 53 or else DNS resolution is not going to be possible (for any services or software in my experience). If DNS Cache service is disabled, then SvcHost.exe can be blocked without affecting DNS resolution for 3rd party software than is simply going to make direct connections over UDP port 53 without using DNS Cache service (and not needing SvcHost.exe).
DNS Cache enablement also creates a major problem because it makes it impossible to block domain resolution for any application because all domain resolution happens through SvcHost.exe. You can still block non-DNS connections from/to whichever application, but not domain resolution requests and responses for whichever application because such responses and requests are made through SvcHost.exe. You can still block domains, but I don't know of software than can block domains on per-application basis.
If Team Viewer specifically relies on services that are hosted by SvcHost.exe, then SvcHost.exe must be allowed to have access to whichever ports are normally used by Team Viewer.
One way to semi-isolate SvcHost.exe is to allow access to SvcHost.exe + whichever services/software you need that uses SvcHost.exe as middle-man service. Then manually block all other services/software that use SvcHost.exe (but not SvcHost.exe itself).
o-data
duttyend
VidarrKerr
Hi.. I was trying to block internet for svchost.exe as we are having capped network. Problem is once I apply a rule for blocking incoming and outgoing then I can't use any remote application such as team viewer..it will fail to connect. Kindly suggest a solution for this.
App version:lates Windows version:windows 10 22h2