doctor-z 0 Posted August 26, 2013 Posted August 26, 2013 I formatted my hard drive and installed SS 6.0.316.0. I selected interactive filtering mode for the firewall. After that I installed many programs that required to connect ot the internet. For most of them I selected to create rule to block them as there was no actual need to connect (I have installed them many time to computers without internet connection and installation didn't actually need internet). Since then, Windows update cannot connect to the internet giving error code 80072EFD. If I turn off the firewall and run Windows update, then it runs normally. I took a look at the list with the rules created but windows update (or wuauclt.exe) is not listed. What's the solution?
Administrators Marcos 5,443 Posted August 26, 2013 Administrators Posted August 26, 2013 Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication.
doctor-z 0 Posted August 26, 2013 Author Posted August 26, 2013 (edited) Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication. I want to have full control of my computer's communication and I do know how to respond but it seems that something escaped my attention. The point is what is it. I have a second computer with the same settings (that works fine) and compared the rules. All the rules are the same, no difference. I attached a png file with the rules. If anyone can find which rule is my pain it would be highly appreciated. Edited August 26, 2013 by doctor-z
ESET Moderators Peter Randziak 1,181 Posted August 26, 2013 ESET Moderators Posted August 26, 2013 Hello doctor-z, there are two possible ways ho to resolve the issue: 1. enable logging of all blocked connections, reproduce the issue by invoking Windows updates and search in the log file, which connections has been blocked and allow them 2. reset firewall settings back to defaults and create them from a scratch.
Arakasi 549 Posted August 26, 2013 Posted August 26, 2013 If Peter's suggestion does not work. I looked at your picture. Nothing seems out of the ordinary besides your netbios blocking. This of course will not allow you to see other workstations on your network. If that is not an issue lets look at your quote : I have a second computer with the same settings (that works fine) and compared the rules. All the rules are the same, no difference. With that being said, your problem possibly lies elsewhere. If you are familier with wups, then lets try the following and report back : Navigate to your windows directory Delete all of the following files with extensions : .chk .rip .tmp Stop the following service : Windows Update rename this folder in windows directory softwaredistribution > softwaredistribution.old Start service: Windows Update Report back, if that doesnt work, and ill walk you through RE-registering all your windows update dll's and checking all your services.
doctor-z 0 Posted August 26, 2013 Author Posted August 26, 2013 (edited) Hello doctor-z, there are two possible ways ho to resolve the issue: 1. enable logging of all blocked connections, reproduce the issue by invoking Windows updates and search in the log file, which connections has been blocked and allow them 2. reset firewall settings back to defaults and create them from a scratch. 1. I did it and all reports are about this rule: "Block outgoing SSDP (UPNP) requests for svchost.exe". The point is that this rule is under "Host Process for Windows Services ("Κεντρική διεργασία για υπηρεσίες των Windows" in greek)" and it was created by the program, not me and I am not allowed to change it. 2. I did the reset as described in that page but no rule deleted. They are all still there. @Arakasi: I did what you said and nothing changed. The two computers never communicated and I would like to make them "talk" at some time. Edited August 26, 2013 by doctor-z
Arakasi 549 Posted August 26, 2013 Posted August 26, 2013 Try re-registering the following dll's If this does not fix your issue, i would point at the firewall explicitly. Do this from a command prompt net stop cryptsvc net stop ose net stop wuauserv net stop bits net stop msiserver msiexec /regserver regsvr32 msi.dll /s regsvr32 msihnd.dll /s regsvr32 wuaueng.dll /s regsvr32 qmgr.dll /s regsvr32 qmgrprxy.dll /s regsvr32 wuaueng.dll /s regsvr32 msxml.dll /s regsvr32 msxml2.dll /s regsvr32 msxml3.dll /s regsvr32 msxml4.dll /s regsvr32 qmgr.dll /s regsvr32 qmgrprxy.dll /s regsvr32 muweb.dll /s regsvr32 winhttp.dll /s regsvr32 wuapi.dll /s regsvr32 wuaueng.dll /s regsvr32 wuaueng1.dll /s regsvr32 wucltui.dll /s regsvr32 wups.dll /s regsvr32 wups2.dll /s regsvr32 wuweb.dll /s regsvr32 cryptdlg.dll /s regsvr32 cryptui.dll /s regsvr32 dssenh.dll /s regsvr32 gpkcsp.dll /s regsvr32 initpki.dll /s regsvr32 mssip32.dll /s regsvr32 sccbase.dll /s regsvr32 softpub.dll /s regsvr32 slbcsp.dll /s regsvr32 rsaenh.dll /s regsvr32 winhttp.dll /s regsvr32 wintrust.dll /s regsvr32 qmgr.dll /s regsvr32 qmgrprxy.dll /s regsvr32 es.dll /s net start cryptsvc net start ose net start wuauserv net start bits net start msiserver Post back if you have any errors as i through this together in less then 5 minutes without attention to detail.
doctor-z 0 Posted August 26, 2013 Author Posted August 26, 2013 (edited) Try re-registering the following dll's If this does not fix your issue, i would point at the firewall explicitly. Do this from a command prompt..................Post back if you have any errors as i through this together in less then 5 minutes without attention to detail. I ran all these commands with no error. After that, I ran Windows update and error 80072EFD still exists. Edited August 26, 2013 by doctor-z
Arakasi 549 Posted August 27, 2013 Posted August 27, 2013 (edited) Try re-registering the following dll's If this does not fix your issue, i would point at the firewall explicitly. Do this from a command prompt..................Post back if you have any errors as i through this together in less then 5 minutes without attention to detail. I ran all these commands with no error. After that, I ran Windows update and error 80072EFD still exists. I do know a few other things you can do to try and fix windows update, i will PM a batch file. Aside from that, all those steps including the batch i send, 99% of the time fixes windows update problems that i run into on a daily basis after stripping firewalls and security suites from clients machines. So i would say im stumped, and although i still push Eset and everything the company and software does always, . . . my finger points at some kind of mis config with the SS firewall and would suggest trying a uninstall with cleaner , and maybe a different version to start, then maybe going for an upgrade if fixed. Or similar, possibly send Marcos a full Sysinspector log for investigation by him and his team. Edited August 27, 2013 by Arakasi
Administrators Marcos 5,443 Posted August 27, 2013 Administrators Posted August 27, 2013 In the IDS setup, enable logging of all blocked communications, reproduce the issue and then post the recent records here.
doctor-z 0 Posted August 27, 2013 Author Posted August 27, 2013 (edited) If I enable logging of all blocked communications, every 2-3 second a new log is writen mostly about rule blocked svchost.exe. Take a look: 27/8/2013 11:42:56 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:52 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:49 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:46 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:42 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:39 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:38 πμ No application listening on the port 62.1.38.16:443 192.168.1.65:49852 TCP 27/8/2013 11:42:38 πμ No application listening on the port 62.1.38.16:443 192.168.1.65:49852 TCP 27/8/2013 11:42:38 πμ No application listening on the port 62.1.38.16:443 192.168.1.65:49851 TCP 27/8/2013 11:42:37 πμ No application listening on the port 2.18.82.110:443 192.168.1.65:49848 TCP 27/8/2013 11:42:37 πμ No application listening on the port 2.18.82.110:443 192.168.1.65:49848 TCP 27/8/2013 11:42:36 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:32 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:32 πμ No application listening on the port 31.13.81.49:443 192.168.1.65:49849 TCP 27/8/2013 11:42:32 πμ No application listening on the port 31.13.81.49:443 192.168.1.65:49849 TCP 27/8/2013 11:42:31 πμ Packet blocked by active defense (IDS) 192.168.1.254 192.168.1.254 ARP 27/8/2013 11:42:29 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:26 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:26 πμ Communication denied by rule 192.168.1.65:52256 94.245.121.253:3544 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:42:24 πμ No application listening on the port 93.186.137.171:443 192.168.1.65:49835 TCP 27/8/2013 11:42:24 πμ No application listening on the port 93.186.137.171:443 192.168.1.65:49835 TCP 27/8/2013 11:42:22 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:19 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:16 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:14 πμ No application listening on the port 193.0.160.244:80 192.168.1.65:49818 TCP 27/8/2013 11:42:14 πμ No application listening on the port 193.0.160.244:80 192.168.1.65:49818 TCP 27/8/2013 11:42:14 πμ No application listening on the port 193.0.160.244:80 192.168.1.65:49819 TCP 27/8/2013 11:42:13 πμ No application listening on the port 193.0.160.244:80 192.168.1.65:49819 TCP 27/8/2013 11:42:13 πμ No application listening on the port 193.0.160.244:80 192.168.1.65:49811 TCP 27/8/2013 11:42:13 πμ No application listening on the port 193.0.160.244:80 192.168.1.65:49811 TCP 27/8/2013 11:42:12 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:12 πμ TCP packet not belonging to any open connection 174.128.15.11:80 192.168.1.65:49803 TCP 27/8/2013 11:42:10 πμ Communication denied by rule 192.168.1.65:52256 94.245.121.253:3544 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:42:09 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:08 πμ No application listening on the port 173.194.39.250:80 192.168.1.65:49813 TCP 27/8/2013 11:42:08 πμ No application listening on the port 2.16.222.227:80 192.168.1.65:49799 TCP 27/8/2013 11:42:08 πμ Communication denied by rule 192.168.1.65:60101 239.255.255.250:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:06 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:05 πμ Communication denied by rule 192.168.1.65:60101 239.255.255.250:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:04 πμ TCP packet not belonging to any open connection 72.32.67.100:80 192.168.1.65:49766 TCP 27/8/2013 11:42:02 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:02 πμ TCP packet not belonging to any open connection 72.32.67.100:80 192.168.1.65:49766 TCP 27/8/2013 11:42:02 πμ Communication denied by rule 192.168.1.65:60101 239.255.255.250:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:42:02 πμ Communication denied by rule 192.168.1.65:52256 94.245.121.253:3544 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:42:00 πμ Packet blocked by active defense (IDS) 192.168.1.254 192.168.1.254 ARP 27/8/2013 11:41:59 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:59 πμ Communication denied by rule 192.168.1.65:60101 239.255.255.250:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:59 πμ Communication denied by rule 192.168.1.65:49764 62.1.38.24:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:58 πμ Communication denied by rule 192.168.1.65:49763 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:58 πμ Communication denied by rule 192.168.1.65:52256 94.245.121.253:3544 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:41:56 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:56 πμ Communication denied by rule 192.168.1.65:62091 224.0.0.252:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:56 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60105 ff02::1:3.:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:56 πμ Communication denied by rule 192.168.1.65:62091 224.0.0.252:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:56 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60105 ff02::1:3.:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:56 πμ Communication denied by rule 192.168.1.65:60101 239.255.255.250:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:56 πμ No application listening on the port 192.168.1.65:68 255.255.255.255:67 UDP 27/8/2013 11:41:56 πμ Communication denied by rule 192.168.1.65:52256 94.245.121.253:3544 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:41:55 πμ Communication denied by rule 192.168.1.65:52256 94.245.121.253:3544 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:3702 192.168.1.64:50000 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:3702 192.168.1.64:50000 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:60101 239.255.255.250:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:59436 224.0.0.252:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:53585 ff02::1:3.:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:59436 224.0.0.252:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:53585 ff02::1:3.:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:3702 192.168.1.64:50000 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:63996 224.0.0.252:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:51739 ff02::1:3.:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:3702 192.168.1.64:50000 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:53 πμ Communication denied by rule 192.168.1.65:63996 224.0.0.252:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:52 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:51739 ff02::1:3.:5355 UDP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\NETWORK SERVICE 27/8/2013 11:41:52 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:49 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:46 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:42 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:39 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:36 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:32 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:30 πμ Packet blocked by active defense (IDS) 192.168.1.254 192.168.1.254 ARP 27/8/2013 11:41:29 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:41:26 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE I ran Windows update and the logs for it are among these: 27/8/2013 11:47:29 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:47:27 πμ Communication denied by rule 192.168.1.65:50111 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:26 πμ Communication denied by rule 192.168.1.65:50110 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:26 πμ Communication denied by rule 192.168.1.65:50109 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:26 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50108 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50107 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50104 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50103 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50102 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50101 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50100 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50099 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50098 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50097 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50096 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50095 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:25 πμ Communication denied by rule 192.168.1.65:50094 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50093 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50092 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50091 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50090 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50089 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50088 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50087 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50083 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50082 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50081 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50080 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50079 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50078 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50077 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50076 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50075 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50074 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50073 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50072 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50071 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50070 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:24 πμ Communication denied by rule 192.168.1.65:50069 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50068 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50067 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50066 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50065 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50064 65.55.53.190:80 TCP Deny communication for wermgr.exe C:\Windows\System32\wermgr.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50063 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50062 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50061 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50060 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50059 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50058 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50057 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50056 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50055 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50054 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50053 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50052 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50051 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50050 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50049 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50048 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50047 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50046 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50045 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:23 πμ Communication denied by rule 192.168.1.65:50044 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50038 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50035 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50034 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50033 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50032 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50031 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50030 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50029 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50028 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50027 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50026 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50025 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50024 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50022 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50008 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:22 πμ Communication denied by rule 192.168.1.65:50007 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:50006 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:50005 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:50004 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ No application listening on the port 192.168.1.65:68 255.255.255.255:67 UDP 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:50001 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49998 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49997 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49996 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49995 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49994 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49993 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49992 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49991 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49990 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49989 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49988 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49987 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49986 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49985 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49984 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49981 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49974 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49973 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49972 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49971 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49970 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49969 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49968 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49967 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49966 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49965 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:21 πμ Communication denied by rule 192.168.1.65:49964 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49963 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49962 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49961 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49960 65.55.138.126:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49959 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49958 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49957 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49956 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49955 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49954 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49953 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49952 62.1.38.17:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49951 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49950 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49949 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49948 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49947 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49946 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49945 62.1.38.10:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:20 πμ Communication denied by rule 192.168.1.65:49944 62.1.38.19:80 TCP Deny communication for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\SYSTEM 27/8/2013 11:47:19 πμ Communication denied by rule fe80::1d81:9cc7:2bdd:ed3c.:60099 ff02::c.:1900 UDP Block outgoing SSDP (UPNP) requests for svchost.exe C:\Windows\System32\svchost.exe NT AUTHORITY\LOCAL SERVICE Something bad is going on or is it just my imagination? I ran Arakasi's batch file and nothing changed. He says that is nothing wrong with windows update and all its files/services. When I 'll have some time I will uninstall SS and install it again. Edited August 27, 2013 by doctor-z
ESET Moderators Peter Randziak 1,181 Posted August 27, 2013 ESET Moderators Posted August 27, 2013 Hello, TCP Deny communication for svchost.exe might be causing the issue. Open Zone and rule setup window and select "Toggle detailed view of all rules" and delete all blocking or asking rules for Host Process for Windows services and System, which are not grayed (default ones)
doctor-z 0 Posted August 27, 2013 Author Posted August 27, 2013 (edited) Hello, TCP Deny communication for svchost.exe might be causing the issue. Open Zone and rule setup window and select "Toggle detailed view of all rules" and delete all blocking or asking rules for Host Process for Windows services and System, which are not grayed (default ones) As you can see in the picture above, there is no other rule for svchost than the ones that SS has by itself and is not allowing me to edit or delete them. Some hours ago, I opened the computer and the audio service was not running and my network card was not working at all. I couldn't ping the router or open router's main page. Weird a lot. I ran SS and performed smart scan and a deep one. Nothing found. So I formatted my disk and Installed all over again. Now I do not have the problem but the only thing i am worried about is the logs that keep appearing in the list talking about blocks of svchost every 2-3 seconds. My main computer with the same OS and programs has not got all these logs. What is wrong? Edited August 27, 2013 by doctor-z
Guest BB Posted August 27, 2013 Posted August 27, 2013 Hi guys , I'm BB from Iran, i think your problem is similar to mine . I have "WindowsUpdate_80072efd" error for 1 week ago recently and when i think about it times and times i remember that i change my D-Link all in one device to support Port Forwarding for creating a Counter Strike game server! That's my problem reason i believe (%99.9 ;D) Have a good time
doctor-z 0 Posted August 28, 2013 Author Posted August 28, 2013 Hi guys , I'm BB from Iran, i think your problem is similar to mine . I have "WindowsUpdate_80072efd" error for 1 week ago recently and when i think about it times and times i remember that i change my D-Link all in one device to support Port Forwarding for creating a Counter Strike game server! That's my problem reason i believe (%99.9 ;D) Have a good time In my case, I changed nothing. I cannot understand this: I have two computers with similar hardware and the same software, OS and programs. One computer works fine and has too few logs about blocked svchost and the other computer with brand new installation logs blocked svchost every 2-3 seconds. I understand that a Windows service is responsible for this but which is it? Why does a service from the second pc need eagerly to connect to the internet and the same service to the other pc doesn't need?
Arakasi 549 Posted August 29, 2013 Posted August 29, 2013 Hi guys , I'm BB from Iran, i think your problem is similar to mine . I have "WindowsUpdate_80072efd" error for 1 week ago recently and when i think about it times and times i remember that i change my D-Link all in one device to support Port Forwarding for creating a Counter Strike game server! That's my problem reason i believe (%99.9 ;D) Have a good time In my case, I changed nothing. I cannot understand this: I have two computers with similar hardware and the same software, OS and programs. One computer works fine and has too few logs about blocked svchost and the other computer with brand new installation logs blocked svchost every 2-3 seconds. I understand that a Windows service is responsible for this but which is it? Why does a service from the second pc need eagerly to connect to the internet and the same service to the other pc doesn't need? It wouldnt work that way, something is missing, or we have missed something. Would you allow remote support ? Very strange . . .
doctor-z 0 Posted September 1, 2013 Author Posted September 1, 2013 (edited) It wouldnt work that way, something is missing, or we have missed something I compared the running services and did some tests and found out that the service responsible for the logs is "Peer Networking Identity Manager". For stopping it, "Peer Networking Grouping" and "Peer Name Resolution Protocol" are stopping too as they depend on "Peer Networking Identity Manager". Now I have a little less logs. I need to search more, as it seems that more services might be responsible. I am wondering why these services are not running on the first computer, when the startup type is set to manual to both computers. Edited September 1, 2013 by doctor-z
Administrators Marcos 5,443 Posted July 1, 2014 Administrators Posted July 1, 2014 The rule "Deny communication for svchost.exe" is a custom rule, not a pre-defined one (pre-defined blocking rules commence with "Block", not "Deny" as shown in your screen shot). That said, you should be able to remove it from the rule list.
AtlasMinor 1 Posted August 18, 2014 Posted August 18, 2014 (edited) I solved this easy as ESET has many connections to look at when not configured right in the Settings. Do non of the above solutions, and i about LOL@ re-register dll's.No, this was not this guys problem.Because i ran into the same problem, because WinUpdate was set to delay-Autostart at system startup and its the only 1 thing i ever denied interactive PLEASE NOTE ( For diagnostic reasons only).I love my auto setting but don't get me started on auto activated programs, they all suck. No offense ESET wonderful job, but having main core system names in the firewall to know where to look would have been nice.Answer / Solution for this problem, even if he has denied lots of things and is lost please follow my steps.1. Open ESET Advanced Settings2. Select ( Personal Firewall Expand tree)3. Select ( Rules and Zones )4. On the right hand information screen , look at the bottom named (Rules to Display)5. Select (Only User Defined Rules) Note. There are 3 choices, you want the (user defined) NOT (User Pre-defined) Predefined is still looking at the same mess just a little shorter.From here go to SETUP For (Zone /Rule editor) Its time to edit out what you did. RESTTING ESET DEFAULTS DOES NOT WORK !This button is all on the same page second button below Trusted ZoneHeres where it gets tricky, You should now be in the (Zone /Rule editor) somewhere at the top is(HOST PROCESS FOR WINDOWS SERVICES)Select (Deny communication to -svchost.exe- )EDIT / ALLOW every one of them, like i said i only had one for when it did windows startup, so you might have many of them, because its used by many applicationsAlso select ACTION-ASK- for every one of them. You will now get ASKED everytime the system tries to use svchost.exe, anywhere.after allowing all of those, click Ok,OK, and close eset menu window.IMMEDIATLY GO TO WINDOWS UPDATE, make sure you are still in interactive mode, click update.I hope this helped. Enjoy your updates. If you noticed you could just delete it... and that it still will say Deny with the ask option selected. You could do this, but you said total control and i kind of like it being there like that. This way you can always TempAllow it for that short usage and next reboot it is denied. Total Control bud. Edited August 18, 2014 by AtlasMinor
Hesynergy 0 Posted September 3, 2015 Posted September 3, 2015 Perhaps you blocked Internet access for one of the crucial system processes, such as svchost.exe. Use interactive mode only if you know how to properly respond when asked to allow or block certain communication. I have automatic mode on and it is querying me for EVERY system change....HELP!....reboot does not help...credentials and log provided as needed. Thanks in advance for your speedy reply, Chas
itman 1,799 Posted September 3, 2015 Posted September 3, 2015 Check out this posting: hxxp://www.sevenforums.com/windows-updates-activation/198811-windows-updates-windows-activation-error-code-80072efd.html Person did similar to you; reformat and OS reinstall. Below is what fixed it for him. Thank you Noel for your suggestions. Before I had a chance to try it though I was able to resolve the issue.I think I got one of those DNS changing viruses before my computer reformat. When I reset both the router and modem to factory settings, reset up my wireless network, and changed the usernames and passwords for both the modem and router I was able to access the windows update servers.I can't believe that after everything I tried I missed one of the easiest troubleshooting tasks!Thank you again for your help!
Naegus 0 Posted September 8, 2015 Posted September 8, 2015 Wow, this really worked for me, thank you very much. I just created an account to let you know it was useful for somebody and thank you. I´ve been surviving without updating Windows for almost a year because I got that error nobody knows the answer. I tried fixes and strange commands whenever I wasn´t feeling lazy to do the research and not give up after a few trys. But I never had the idea of turning off the Eset Firewall, and when turned off, updates would work. I just did what you said and yes, I remember blocking Svchost in some point because some program annoyed me with it. Now problem solved. Thank you!
Recommended Posts