Jump to content

Recommended Posts

Posted

I formatted my hard drive and installed SS 6.0.316.0. I selected interactive filtering mode for the firewall. After that I installed many programs that required to connect ot the internet. For most of them I selected to create rule to block them as there was no actual need to connect (I have installed them many time to computers without internet connection and installation didn't actually need internet). Since then, Windows update cannot connect to the internet giving error code 80072EFD. If I turn off the firewall and run Windows update, then it runs normally. I took a look at the list with the rules created but windows update (or wuauclt.exe) is not listed. What's the solution?

  • Administrators
Posted

Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication.

Posted (edited)

Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication.

I want to have full control of my computer's communication and I do know how to respond but it seems that something escaped my attention. The point is what is it. I have a second computer with the same settings (that works fine) and compared the rules. All the rules are the same, no difference. I attached a png file with the rules. If anyone can find which rule is my pain it would be highly appreciated.

post-1533-0-40069300-1377522298_thumb.png

Edited by doctor-z
  • ESET Moderators
Posted

Hello doctor-z,

 

there are two possible ways ho to resolve the issue:

 

1. enable logging of all blocked connections, reproduce the issue by invoking Windows updates and search in the log file, which connections has been blocked and allow them

 

2. reset firewall settings back to defaults and create them from a scratch.

Posted

If Peter's suggestion does not work.

 

I looked at your picture. Nothing seems out of the ordinary besides your netbios blocking. This of course will not allow you to see other workstations on your network. If that is not an issue lets look at your quote :

 

 

I have a second computer with the same settings (that works fine) and compared the rules. All the rules are the same, no difference.

 

With that being said, your problem possibly lies elsewhere.

 

If you are familier with wups, then lets try the following and report back :
 

Navigate to your windows directory

Delete all of the following files with extensions :

.chk

.rip

.tmp

Stop the following service :

Windows Update

rename this folder in windows directory

softwaredistribution > softwaredistribution.old

Start service: Windows Update

 

Report back, if that doesnt work, and ill walk you through RE-registering all your windows update dll's and checking all your services.

Posted (edited)

Hello doctor-z,

 

there are two possible ways ho to resolve the issue:

 

1. enable logging of all blocked connections, reproduce the issue by invoking Windows updates and search in the log file, which connections has been blocked and allow them

 

2. reset firewall settings back to defaults and create them from a scratch.

1. I did it and all reports are about this rule: "Block outgoing SSDP (UPNP) requests for svchost.exe". The point is that this rule is under "Host Process for Windows Services ("Κεντρική διεργασία για υπηρεσίες των Windows" in greek)" and it was created by the program, not me and I am not allowed to change it.

 

2. I did the reset as described in that page but no rule deleted. They are all still there.

 

 

@Arakasi: I did what you said and nothing changed.

                 The two computers never communicated and I would like to make them "talk" at some time.

Edited by doctor-z
Posted

Try re-registering the following dll's

If this does not fix your issue, i would point at the firewall explicitly.

 

Do this from a command prompt

 net stop cryptsvc
 net stop ose
 net stop wuauserv
 net stop bits

 net stop msiserver

 msiexec /regserver
 regsvr32 msi.dll /s
 regsvr32 msihnd.dll /s
 regsvr32 wuaueng.dll /s
 regsvr32 qmgr.dll /s
 regsvr32 qmgrprxy.dll /s
 regsvr32 wuaueng.dll /s
 regsvr32 msxml.dll /s
 regsvr32 msxml2.dll /s
 regsvr32 msxml3.dll /s
 regsvr32 msxml4.dll /s
 regsvr32 qmgr.dll /s
 regsvr32 qmgrprxy.dll /s
 regsvr32 muweb.dll /s
 regsvr32 winhttp.dll /s
 regsvr32 wuapi.dll /s
 regsvr32 wuaueng.dll /s
 regsvr32 wuaueng1.dll /s
 regsvr32 wucltui.dll /s
 regsvr32 wups.dll /s
 regsvr32 wups2.dll /s
 regsvr32 wuweb.dll /s
 regsvr32 cryptdlg.dll /s
 regsvr32 cryptui.dll /s
 regsvr32 dssenh.dll /s
 regsvr32 gpkcsp.dll /s
 regsvr32 initpki.dll /s
 regsvr32 mssip32.dll /s
 regsvr32 sccbase.dll /s
 regsvr32 softpub.dll /s
 regsvr32 slbcsp.dll /s
 regsvr32 rsaenh.dll /s
 regsvr32 winhttp.dll /s
 regsvr32 wintrust.dll /s
 regsvr32 qmgr.dll /s
 regsvr32 qmgrprxy.dll /s
 regsvr32 es.dll /s

 net start cryptsvc
 net start ose
 net start wuauserv
 net start bits

 net start msiserver

 

Post back if you have any errors as i through this together in less then 5 minutes without attention to detail.

Posted (edited)

Try re-registering the following dll's

If this does not fix your issue, i would point at the firewall explicitly.

 

Do this from a command prompt

..................

Post back if you have any errors as i through this together in less then 5 minutes without attention to detail.

I ran all these commands with no error. After that, I ran Windows update and error 80072EFD still exists.

Edited by doctor-z
Posted (edited)

 

Try re-registering the following dll's

If this does not fix your issue, i would point at the firewall explicitly.

 

Do this from a command prompt

..................

Post back if you have any errors as i through this together in less then 5 minutes without attention to detail.

I ran all these commands with no error. After that, I ran Windows update and error 80072EFD still exists.

 

 

I do know a few other things you can do to try and fix windows update, i will PM a batch file.

Aside from that, all those steps including the batch i send, 99% of the time fixes windows update problems that i run into on a daily basis after stripping firewalls and security suites from clients machines.

So i would say im stumped, and although i still push Eset and everything the company and software does always,  . . . my finger points at some kind of mis config with the SS firewall and would suggest trying a uninstall with cleaner ,

and maybe a different version to start, then maybe going for an upgrade if fixed. Or similar, possibly send Marcos a full Sysinspector log for investigation by him and his team.

Edited by Arakasi
  • Administrators
Posted

In the IDS setup, enable logging of all blocked communications, reproduce the issue and then post the recent records here.

Posted (edited)

If I enable logging of all blocked communications, every 2-3 second a new log is writen mostly about rule blocked svchost.exe.

Take a look:

27/8/2013 11:42:56 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:52 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:49 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:46 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:42 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:39 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:38 πμ    No application listening on the port    62.1.38.16:443    192.168.1.65:49852    TCP            
27/8/2013 11:42:38 πμ    No application listening on the port    62.1.38.16:443    192.168.1.65:49852    TCP            
27/8/2013 11:42:38 πμ    No application listening on the port    62.1.38.16:443    192.168.1.65:49851    TCP            
27/8/2013 11:42:37 πμ    No application listening on the port    2.18.82.110:443    192.168.1.65:49848    TCP            
27/8/2013 11:42:37 πμ    No application listening on the port    2.18.82.110:443    192.168.1.65:49848    TCP            
27/8/2013 11:42:36 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:32 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:32 πμ    No application listening on the port    31.13.81.49:443    192.168.1.65:49849    TCP            
27/8/2013 11:42:32 πμ    No application listening on the port    31.13.81.49:443    192.168.1.65:49849    TCP            
27/8/2013 11:42:31 πμ    Packet blocked by active defense (IDS)    192.168.1.254    192.168.1.254    ARP            
27/8/2013 11:42:29 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:26 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:26 πμ    Communication denied by rule    192.168.1.65:52256    94.245.121.253:3544    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:42:24 πμ    No application listening on the port    93.186.137.171:443    192.168.1.65:49835    TCP            
27/8/2013 11:42:24 πμ    No application listening on the port    93.186.137.171:443    192.168.1.65:49835    TCP            
27/8/2013 11:42:22 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:19 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:16 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:14 πμ    No application listening on the port    193.0.160.244:80    192.168.1.65:49818    TCP            
27/8/2013 11:42:14 πμ    No application listening on the port    193.0.160.244:80    192.168.1.65:49818    TCP            
27/8/2013 11:42:14 πμ    No application listening on the port    193.0.160.244:80    192.168.1.65:49819    TCP            
27/8/2013 11:42:13 πμ    No application listening on the port    193.0.160.244:80    192.168.1.65:49819    TCP            
27/8/2013 11:42:13 πμ    No application listening on the port    193.0.160.244:80    192.168.1.65:49811    TCP            
27/8/2013 11:42:13 πμ    No application listening on the port    193.0.160.244:80    192.168.1.65:49811    TCP            
27/8/2013 11:42:12 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:12 πμ    TCP packet not belonging to any open connection    174.128.15.11:80    192.168.1.65:49803    TCP            
27/8/2013 11:42:10 πμ    Communication denied by rule    192.168.1.65:52256    94.245.121.253:3544    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:42:09 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:08 πμ    No application listening on the port    173.194.39.250:80    192.168.1.65:49813    TCP            
27/8/2013 11:42:08 πμ    No application listening on the port    2.16.222.227:80    192.168.1.65:49799    TCP            
27/8/2013 11:42:08 πμ    Communication denied by rule    192.168.1.65:60101    239.255.255.250:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:06 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:05 πμ    Communication denied by rule    192.168.1.65:60101    239.255.255.250:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:04 πμ    TCP packet not belonging to any open connection    72.32.67.100:80    192.168.1.65:49766    TCP            
27/8/2013 11:42:02 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:02 πμ    TCP packet not belonging to any open connection    72.32.67.100:80    192.168.1.65:49766    TCP            
27/8/2013 11:42:02 πμ    Communication denied by rule    192.168.1.65:60101    239.255.255.250:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:42:02 πμ    Communication denied by rule    192.168.1.65:52256    94.245.121.253:3544    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:42:00 πμ    Packet blocked by active defense (IDS)    192.168.1.254    192.168.1.254    ARP            
27/8/2013 11:41:59 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:59 πμ    Communication denied by rule    192.168.1.65:60101    239.255.255.250:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:59 πμ    Communication denied by rule    192.168.1.65:49764    62.1.38.24:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:58 πμ    Communication denied by rule    192.168.1.65:49763    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:58 πμ    Communication denied by rule    192.168.1.65:52256    94.245.121.253:3544    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:41:56 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:56 πμ    Communication denied by rule    192.168.1.65:62091    224.0.0.252:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:56 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60105    ff02::1:3.:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:56 πμ    Communication denied by rule    192.168.1.65:62091    224.0.0.252:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:56 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60105    ff02::1:3.:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:56 πμ    Communication denied by rule    192.168.1.65:60101    239.255.255.250:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:56 πμ    No application listening on the port    192.168.1.65:68    255.255.255.255:67    UDP            
27/8/2013 11:41:56 πμ    Communication denied by rule    192.168.1.65:52256    94.245.121.253:3544    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:41:55 πμ    Communication denied by rule    192.168.1.65:52256    94.245.121.253:3544    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:3702    192.168.1.64:50000    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:3702    192.168.1.64:50000    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:60101    239.255.255.250:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:59436    224.0.0.252:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:53585    ff02::1:3.:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:59436    224.0.0.252:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:53585    ff02::1:3.:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:3702    192.168.1.64:50000    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:63996    224.0.0.252:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:51739    ff02::1:3.:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:3702    192.168.1.64:50000    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:53 πμ    Communication denied by rule    192.168.1.65:63996    224.0.0.252:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:52 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:51739    ff02::1:3.:5355    UDP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\NETWORK SERVICE
27/8/2013 11:41:52 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:49 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:46 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:42 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:39 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:36 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:32 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:30 πμ    Packet blocked by active defense (IDS)    192.168.1.254    192.168.1.254    ARP            
27/8/2013 11:41:29 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:41:26 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE

I ran Windows update and the logs for it are among these:

27/8/2013 11:47:29 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:47:27 πμ    Communication denied by rule    192.168.1.65:50111    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:26 πμ    Communication denied by rule    192.168.1.65:50110    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:26 πμ    Communication denied by rule    192.168.1.65:50109    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:26 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50108    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50107    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50104    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50103    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50102    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50101    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50100    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50099    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50098    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50097    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50096    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50095    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:25 πμ    Communication denied by rule    192.168.1.65:50094    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50093    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50092    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50091    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50090    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50089    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50088    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50087    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50083    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50082    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50081    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50080    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50079    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50078    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50077    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50076    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50075    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50074    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50073    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50072    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50071    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50070    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:24 πμ    Communication denied by rule    192.168.1.65:50069    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50068    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50067    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50066    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50065    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50064    65.55.53.190:80    TCP    Deny communication for wermgr.exe    C:\Windows\System32\wermgr.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50063    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50062    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50061    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50060    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50059    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50058    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50057    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50056    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50055    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50054    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50053    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50052    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50051    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50050    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50049    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50048    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50047    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50046    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50045    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:23 πμ    Communication denied by rule    192.168.1.65:50044    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50038    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50035    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50034    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50033    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50032    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50031    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50030    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50029    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50028    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50027    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50026    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50025    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50024    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50022    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50008    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:22 πμ    Communication denied by rule    192.168.1.65:50007    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:50006    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:50005    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:50004    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    No application listening on the port    192.168.1.65:68    255.255.255.255:67    UDP            
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:50001    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49998    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49997    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49996    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49995    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49994    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49993    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49992    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49991    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49990    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49989    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49988    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49987    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49986    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49985    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49984    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49981    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49974    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49973    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49972    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49971    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49970    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49969    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49968    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49967    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49966    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49965    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:21 πμ    Communication denied by rule    192.168.1.65:49964    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49963    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49962    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49961    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49960    65.55.138.126:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49959    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49958    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49957    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49956    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49955    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49954    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49953    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49952    62.1.38.17:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49951    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49950    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49949    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49948    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49947    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49946    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49945    62.1.38.10:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:20 πμ    Communication denied by rule    192.168.1.65:49944    62.1.38.19:80    TCP    Deny communication for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\SYSTEM
27/8/2013 11:47:19 πμ    Communication denied by rule    fe80::1d81:9cc7:2bdd:ed3c.:60099    ff02::c.:1900    UDP    Block outgoing SSDP (UPNP) requests for svchost.exe    C:\Windows\System32\svchost.exe    NT AUTHORITY\LOCAL SERVICE

Something bad is going on or is it just my imagination?

 

I ran Arakasi's batch file and nothing changed. He says that is nothing wrong with windows update and all its files/services. When I 'll have some time I will uninstall SS and install it again.

Edited by doctor-z
  • ESET Moderators
Posted

Hello,

 

TCP Deny communication for svchost.exe might be causing the issue.

Open Zone and rule setup window and select "Toggle detailed view of all rules" and delete all blocking or asking rules for Host Process for Windows services and System, which are not grayed (default ones)

Posted (edited)

Hello,

 

TCP Deny communication for svchost.exe might be causing the issue.

Open Zone and rule setup window and select "Toggle detailed view of all rules" and delete all blocking or asking rules for Host Process for Windows services and System, which are not grayed (default ones)

As you can see in the picture above, there is no other rule for svchost than the ones that SS has by itself and is not allowing me to edit or delete them.

 

Some hours ago, I opened the computer and the audio service was not running and my network card was not working at all. I couldn't ping the router or open router's main page. Weird a lot. I ran SS and performed smart scan and a deep one. Nothing found. So I formatted my disk and Installed all over again. Now I do not have the problem but the only thing i am worried about is the logs that keep appearing in the list talking about blocks of svchost every 2-3 seconds. My main computer with the same OS and programs has not got all these logs. What is wrong?

Edited by doctor-z
Posted

Hi guys , I'm BB from Iran, i think your problem is similar to mine . I have "WindowsUpdate_80072efd" error <_< for 1 week ago recently and when i think about it times and times :ph34r: i remember that i change my D-Link all in one device to support Port Forwarding for creating a Counter Strike game server! That's my problem reason i believe (%99.9 ;D)

Have a good time ;)

Posted

Hi guys , I'm BB from Iran, i think your problem is similar to mine . I have "WindowsUpdate_80072efd" error <_< for 1 week ago recently and when i think about it times and times :ph34r: i remember that i change my D-Link all in one device to support Port Forwarding for creating a Counter Strike game server! That's my problem reason i believe (%99.9 ;D)

Have a good time ;)

In my case, I changed nothing. I cannot understand this: I have two computers with similar hardware and the same software, OS and programs. One computer works fine and has too few logs about blocked svchost and the other computer with brand new installation logs blocked svchost every 2-3 seconds. I understand that a Windows service is responsible for this but which is it? Why does a service from the second pc need eagerly to connect to the internet and the same service to the other pc doesn't need?

Posted

 

Hi guys , I'm BB from Iran, i think your problem is similar to mine . I have "WindowsUpdate_80072efd" error <_< for 1 week ago recently and when i think about it times and times :ph34r: i remember that i change my D-Link all in one device to support Port Forwarding for creating a Counter Strike game server! That's my problem reason i believe (%99.9 ;D)

Have a good time ;)

In my case, I changed nothing. I cannot understand this: I have two computers with similar hardware and the same software, OS and programs. One computer works fine and has too few logs about blocked svchost and the other computer with brand new installation logs blocked svchost every 2-3 seconds. I understand that a Windows service is responsible for this but which is it? Why does a service from the second pc need eagerly to connect to the internet and the same service to the other pc doesn't need?

 

 

 

It wouldnt work that way, something is missing, or we have missed something.

Would you allow remote support ?

 

Very strange . . .

Posted (edited)

 

It wouldnt work that way, something is missing, or we have missed something

I compared the running services and did some tests and found out that the service responsible for the logs is "Peer Networking Identity Manager". For stopping it, "Peer Networking Grouping" and "Peer Name Resolution Protocol" are stopping too as they depend on "Peer Networking Identity Manager". Now I have a little less logs. I need to search more, as it seems that more services might be responsible. I am wondering why these services are not running on the first computer, when the startup type is set to manual to both computers.

Edited by doctor-z
  • 10 months later...
  • Administrators
Posted

The rule "Deny communication for svchost.exe" is a custom rule, not a pre-defined one (pre-defined blocking rules commence with "Block", not "Deny" as shown in your screen shot). That said, you should be able to remove it from the rule list.

  • 1 month later...
Posted (edited)

I solved this easy as ESET has many connections to look at when not configured right in the Settings. Do non of the above solutions, and i about LOL@ re-register dll's.

No, this was not this guys problem.

Because i ran into the same problem, because WinUpdate was set to delay-Autostart at system startup and its the only 1 thing i ever denied interactive PLEASE NOTE ( For diagnostic reasons only).

I love my auto setting but don't get me started on auto activated programs, they all suck. No offense ESET wonderful job, but having main core system names in the firewall to know where to look would have been nice.

Answer / Solution for this problem, even if he has denied lots of things and is lost please follow my steps.

1. Open ESET Advanced Settings
2. Select ( Personal Firewall Expand tree)
3. Select ( Rules and Zones )
4. On the right hand information screen , look at the bottom named (Rules to Display)
5. Select (Only User Defined Rules) Note. There are 3 choices, you want the (user defined) NOT (User Pre-defined) Predefined is still looking at the same mess just a little shorter.

From here go to SETUP For (Zone /Rule editor) Its time to edit out what you did. RESTTING ESET DEFAULTS DOES NOT WORK !

This button is all on the same page second button below Trusted Zone

Heres where it gets tricky, You should now be in the (Zone /Rule editor) somewhere at the top is
(HOST PROCESS FOR WINDOWS SERVICES)

Select (Deny communication to -svchost.exe- )
EDIT / ALLOW every one of them, like i said i only had one for when it did windows startup, so you might have many of them, because its used by many applications

Also select ACTION-ASK- for every one of them. You will now get ASKED everytime the system tries to use svchost.exe, anywhere.

after allowing all of those, click Ok,OK, and close eset menu window.

IMMEDIATLY GO TO WINDOWS UPDATE, make sure you are still in interactive mode, click update.

I hope this helped. Enjoy your updates.

 

If you noticed you could just delete it... and that it still will say Deny with the ask option selected. You could do this, but you said total control and i kind of like it being there like that. This way you can always TempAllow it  for that short usage and next reboot it is denied.

 

Total Control bud.

Edited by AtlasMinor
  • 1 year later...
Posted

Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication.

I have automatic mode on and it is querying me for EVERY system change....HELP!....reboot does not help...credentials and log provided as needed.

 

Thanks in advance for your speedy reply,

 

Chas

Posted

Check out this posting: hxxp://www.sevenforums.com/windows-updates-activation/198811-windows-updates-windows-activation-error-code-80072efd.html

 

Person did similar to you; reformat and OS reinstall. Below is what fixed it for him.

 

Thank you Noel for your suggestions. Before I had a chance to try it though I was able to resolve the issue.

I think I got one of those DNS changing viruses before my computer reformat. When I reset both the router and modem to factory settings, reset up my wireless network, and changed the usernames and passwords for both the modem and router I was able to access the windows update servers.

I can't believe that after everything I tried I missed one of the easiest troubleshooting tasks!
confused.gif

Thank you again for your help!

Posted

Wow, this really worked for me, thank you very much. I just created an account to let you know it was useful for somebody and thank you.

 

I´ve been surviving without updating Windows for almost a year because I got that error nobody knows the answer. I tried fixes and strange commands whenever I wasn´t feeling lazy to do the research and not give up after a few trys.

 

But I never had the idea of turning off the Eset Firewall, and when turned off, updates would work. I just did what you said and yes, I remember blocking Svchost in some point because some program annoyed me with it. Now problem solved. Thank you!

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...