Kaspersky
Solved

How can I find which service or app tried to use svchost.exe?

  • 11 June 2020
  • 9 replies
  • 1319 views

I am  using  Kis 2020.I sometimes use Kis in interactive mode, I change the tick  under “Network access” of “Trusted” group to “?”, so it even asks me  if I allow  internet connections of the apps in “Trusted” group. My problem is, when a service or an app is trying to access internet using svchost.exe it just says something like ““Host Process for Windows Services” is trying to connect to -an ip address and port number”.It looks impossible to see how I can see which service or app tried to use svchost.exe to connect to internet ,actually my intention is to be able to see not just which service or app is trying to use svchost.exe but also for some other files too. If I remember right another firewall I had used for a long while was able to warn like “-name of the app- is trying to connect to -ip address and port number- via svchost.exe”.

 

Is it possible to know which app/service is trying to use internet via a file like svchost.exe?I looked at Kaspersky logs, there are some entries about Host Process for Windows(or System) Services and the connection type, but still it doesn’t say which app/service used it to connect to internet.

 

 

icon

Best answer by Wesly.Zhang 19 June 2020, 04:14

View original

9 replies

So, it is not possible with Kis I think?

Userlevel 7
Badge +5

Hello,

There are so many network services related to svchost.exe. But there are two main serivces related to your issue. They are:

 

DHCP Client : C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p

DNS Client : C:\WINDOWS\system32\svchost.exe -k NetworkService -p

 

Regards.

Thanks for your answer.

 

Basically, I mean, when I use interactive mode(enable prompts for every network/internet access for example) I would like to see the name of the parent process which started another process like svchost.exe,rundll32.exe  to connect to internet,like “this service/app is trying to connect to internet via rundll32.exe”...Is it possible to see the name of the parent process using Kis(especially inside it’s user prompts), I don’t see the parent process’ name inside Kis’ user prompt, it just says that svchost.exe is trying to access the domain-port….But it doesn’t give the name of the parent process which is using svchost.exe to connect to internet.

Userlevel 7
Badge +5

Thanks for your answer.

 

Basically, I mean, when I use interactive mode(enable prompts for every network/internet access for example) I would like to see the name of the parent process which started another process like svchost.exe,rundll32.exe  to connect to internet,like “this service/app is trying to connect to internet via rundll32.exe”...Is it possible to see the name of the parent process using Kis(especially inside it’s user prompts), I don’t see the parent process’ name inside Kis’ user prompt, it just says that svchost.exe is trying to access the domain-port….But it doesn’t give the name of the parent process which is using svchost.exe to connect to internet.


Hello,

Could you take a screenshot on the promote popup message of KIS. Thanks.

Regards.

Thanks for your answer.

 

 

 

Userlevel 7
Badge +5

Thanks for your answer.

 

 

 


Hello,

Now, You know PID of the svchost.exe. So you can use Win+R to open run command and type ”taskmgr“ and enter.

In task manager window, Go to services tab and search the item corresponding to this PID.

Regards.

Thanks for your answer. To be sure, is “best answer” selected automatically in this forum? Definetely your last answer is the best answer and the solution but in other forums generally it is selected by the author of the topic, I just want to be sure someone didn’t get into my community account.

Userlevel 7
Badge +5

Thanks for your answer. To be sure, is “best answer” selected automatically in this forum? Definetely your last answer is the best answer and the solution but in other forums generally it is selected by the author of the topic, I just want to be sure someone didn’t get into my community account.


Hello, @Michael-Knight 

“best answer” is selected by topic author (you) or our moderators or community admins. I think one moderator (not me) set my answer as best answer.

No one could get into you community account, Please don’t worry about this.:wink:

Regards.

Thanks for your answer.

 

WeslyZhang wrote:

No one could get into you community account, Please don’t worry about this.:wink:

 

Yeah,sure,but my concern is not directly related to this community site.When I had joined another forum, I got an email which said that my email and password were used in other webservices(it gave a servicename though I couldn’t find about it much on internet) due to a data breach.

 

So I just thought if someone really stole my account information in someway, he may get into my account here too.(cause of the same account information)

Reply