Hey wonderful community. So I've gotten my networking in a pickle after doing some tinkering on our home network. It's really not that big of a concern at all, more of an annoyance I'd say, and I thought now would be a good time to try out making a help thread in our forum! After looking for a a way to create a free VPN on our home network, I discovered and installed Hamachi on three computer: A macbook pro running snow leopard, another macbook pro running a legitimate Windows 7 partition via bootcamp (this is the host of the VPN), and my Lenovo U260 running Windows 7. The previous two work fine, but now on my Lenovo, I get a Symantec Endpoint Protection pop-up every 15 minutes or so saying that, "Traffic has been blocked from this application svchost.exe." I don't think it's a malware infection, and the steps I've found to fix it haven't worked so far.
Things I've tried:
-Check to "Allow Unmatched IP traffic" in the Symantec Network Threat Protection firewall settings
-Uncheck "Block IPv6 over IPv4" conditions in SNTP firewall rules
-Run Malwarebytes quick scan, which found no malware
-Adjusted the wireless network adapter settings from the control panel
-Unchecked IPv6 in the wireless adapter properties
-Stopped iphelper service and turned its start-up to manul
-Reset my comp.
I may have tried some other things, but I can't remember.
Bottom line is: after installing Hamachi on my computer, I've got some weird svchost.exe traffic that is making my security bug out. I don't want to turn off notifications, in case a real threat ever were to arise.
So do any of you have any ideas on what I should try next? I'm going to keep looking around for solutions, but I thought I might as well post a thread here in the meantime.
Changed "Block UPnP Discovery from external computers" rule so that it only blocks traffic from incoming sources, not outgoing sources.
Restarted iphelper service
checked to allow for IPv6 connectivity in the Wireless adapter properties
These steps seems to have worked so far, but I'll update if the the pop-up comes back.
Also, does anyone see any trouble with me modifying the UDnP rule that way, such that it only blocks incoming traffic on port 1900? I want to make sure I'm not opening myself up for an attack.
August 11, 2011
Svchost is the windows process that hosts...well, services. Primarily these are microsoft and other built in windows services, but there are applications that do take advantage of svchost to run the service -- I do not know if Hamachi is one of those softwares or not - although it sounds like it is. Using "Process Explorer" (a free download from Microsoft), you can see what services are running under each svchost.
It appears that Hamachi (I've never used it, but I've heard of it) is attempting to send traffic out to your network. From what I understand, this is normal behaviour as it is trying to check in with it's main servers so it can be found later when you're looking for it from the Internet (you connect to the 'server' which is a workstation running hamachi). Your firewall has stopped this connection from ocurring (as it should) and is letting you know.
To stop it, you can do a few things:
1) Add Hamachi to your list of exclusions - it sounds like you're using Symantec...and I have no idea how to do that there.
2) Open the port manually that Hamachi is using - and it sounds as though you've already done this.
I don't see any problems with allowing the outbound connection on port 1900...the only risk is that any malware you encounter will be able to utilize that port to propogate. But that's a non-standard port and I wouldn't worry overly much about that.
Most Users Ever Online: 188
Currently Browsing this Page:
Guest Posters: 10
Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas
Moderators: Judy Novotny, dandl, Jason Shuffield, Jim Canfield, Dick Evans, Sergey Grankin