Avatar
Please consider registering
guest
sp_LogInOut Log Insp_Registration Register
Register | Lost password?
Advanced Search
Forum Scope


Match



Forum Options



Minimum search word length is 3 characters - maximum search word length is 84 characters
sp_Feed Topic RSSsp_topic_old
Annoying notification from SNTP after installing Hamachi for VPN use
Avatar
Patrick McMullen
Mod
Members
February 10, 2012 - 6:32 pm
Member Since: December 6, 2011
Forum Posts: 7
sp_UserOfflineSmall Offline

Hey wonderful community. So I've gotten my networking in a pickle after doing some tinkering on our home network. It's really not that big of a concern at all, more of an annoyance I'd say, and I thought now would be a good time to try out making a help thread in our forum! After looking for a a way to create a free VPN on our home network, I discovered and installed Hamachi on three computer: A macbook pro running snow leopard, another macbook pro running a legitimate Windows 7 partition via bootcamp (this is the host of the VPN), and my Lenovo U260 running Windows 7. The previous two work fine, but now on my Lenovo, I get a Symantec Endpoint Protection pop-up every 15 minutes or so saying that, "Traffic has been blocked from this application svchost.exe." I don't think it's a malware infection, and the steps I've found to fix it haven't worked so far.

Things I've tried:

-Check to "Allow Unmatched IP traffic" in the Symantec Network Threat Protection firewall settings
-Uncheck "Block IPv6 over IPv4" conditions in SNTP firewall rules
-Run Malwarebytes quick scan, which found no malware
-Adjusted the wireless network adapter settings from the control panel
-Unchecked IPv6 in the wireless adapter properties
-Stopped iphelper service and turned its start-up to manul
-Reset my comp.

I may have tried some other things, but I can't remember.

Bottom line is: after installing Hamachi on my computer, I've got some weird svchost.exe traffic that is making my security bug out. I don't want to turn off notifications, in case a real threat ever were to arise.

So do any of you have any ideas on what I should try next? I'm going to keep looking around for solutions, but I thought I might as well post a thread here in the meantime.

Avatar
Patrick McMullen
Mod
Members
February 10, 2012 - 7:13 pm
Member Since: December 6, 2011
Forum Posts: 7
sp_UserOfflineSmall Offline

Current configuration:

Changed "Block UPnP Discovery from external computers" rule so that it only blocks traffic from incoming sources, not outgoing sources.

Restarted iphelper service

checked to allow for IPv6 connectivity in the Wireless adapter properties

These steps seems to have worked so far, but I'll update if the the pop-up comes back.

Also, does anyone see any trouble with me modifying the UDnP rule that way, such that it only blocks incoming traffic on port 1900? I want to make sure I'm not opening myself up for an attack.

Avatar
Chad Johnson
Mod
Members
February 10, 2012 - 8:37 pm
Member Since: August 11, 2011
Forum Posts: 867
sp_UserOfflineSmall Offline

Svchost is the windows process that hosts...well, services. Primarily these are microsoft and other built in windows services, but there are applications that do take advantage of svchost to run the service -- I do not know if Hamachi is one of those softwares or not - although it sounds like it is. Using "Process Explorer" (a free download from Microsoft), you can see what services are running under each svchost.

It appears that Hamachi (I've never used it, but I've heard of it) is attempting to send traffic out to your network. From what I understand, this is normal behaviour as it is trying to check in with it's main servers so it can be found later when you're looking for it from the Internet (you connect to the 'server' which is a workstation running hamachi). Your firewall has stopped this connection from ocurring (as it should) and is letting you know.

To stop it, you can do a few things:
1) Add Hamachi to your list of exclusions - it sounds like you're using Symantec...and I have no idea how to do that there.
2) Open the port manually that Hamachi is using - and it sounds as though you've already done this.

I don't see any problems with allowing the outbound connection on port 1900...the only risk is that any malware you encounter will be able to utilize that port to propogate. But that's a non-standard port and I wouldn't worry overly much about that.

Forum Timezone: America/Indiana/Indianapolis
Most Users Ever Online: 2303
Currently Online: twicekidneys
Guest(s) 46
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Chad Johnson: 867
Mindblower: 677
carbonterry2: 356
Flying Dutchman: 278
grr: 211
Member Stats:
Guest Posters: 11
Members: 3229
Moderators: 7
Admins: 3
Forum Stats:
Groups: 8
Forums: 20
Topics: 1954
Posts: 13563
Newest Members:
instaproapk, mousetesteronline, keshamatt, Patriciabin, MattOwens
Moderators: Carol Bratt: 67, dandl: 740, Jason Shuffield: 1, Jim Canfield: 8, Terry Hollett: 0, Stuart Berg: 0, John Durso: 0
Administrators: Jim Hillier: 2709, Richard Pedersen: 210, David Hartsock: 1117
Scroll to Top

WHY NOT SUBSCRIBE TO OUR NEWSLETTER?

Get great content like this delivered to your inbox!

It's free, convenient, and delivered right to your inbox! We do not spam and we will not share your address. Period!