Hi folks,

Just installed some new anti-virus software and one of the features of it is it stops things from connecting to your pc without your say so.

But I keep getting this trying to connect.......

Path : C:\WINDOWS\System32\svchost.exe

File Name : Microsoft Generic Host Process for Win32 Servives

Direction : Inbound

Local Address : All Local Network Adapters

Local Port : 1026

Remote Address : 64.170.102.***

Remote Port : 16693

Protocol : UDP

Anyone know what this means? I've been blocking it so far cos I dont want anything connecting that shouldn't

Anyways, thanks in advance :cheers:

drewsie

Port 1026 is used by the Messenger Service. (It's not the same as Windows Messenger). Unless you're in a corporate environment that needs it you should turn off the Messenger service.

Start --> Run... --> services.msc

Locate the Messenger service in the list, right-click properties, and set the startup type to Manual

Thanks for the advice qwerty, I'll give it a go.

Some programs can rely on Messenger Service.

Unless you know what you are doing, you need to be very careful.

Better still, have a look at BLACKVIPER's (http://www.blackviper.com/) site for the details of each setting.

Some programs can rely on Messenger Service.

Unless you know what you are doing, you need to be very careful.

Better still, have a look at BLACKVIPER's (http://www.blackviper.com/) site for the details of each setting.

decent site, but enlighten me as to any program that relys on messenger service for anything, that a home user, even a networked one, uses.

I could never enlightened you. :)

Anyway, it's just a theory, nothing certain. An application running in a system could rely upon the built-in Messenger Service for the delivery of its information, although I've only ever seen them use their own program and GUI for that. It was originally designed for that and also for system administrators until fools decided to use it to channel spam.

I have however seen a lot of people disable their system by disabling the wrong services, or getting services mixed up, so that site is about as foolproof as it gets.

BTW, I'm sure BlackViper is breathing a sigh of relief that you "approve" of his site. Maybe now he can lay off the daily sessions of cone smoking.

Some programs can rely on Messenger Service.

Unless you know what you are doing, you need to be very careful.
[/b][/url] site for the details of each setting.

From what I've heard, the Norton suite of programs use Messenger Service. But I would think that would be outbound. If it's inbound you might have a trojan that someone is trying to activate. Or spyware. Do you run Adaware and SpyBot as well as your antivirus?

You'll note that I said set the startup type to Manual not disabled. Any program that needed it could still start it.

The messenger service is used to broadcast messages across a network. (A pop-up message box on your desktop) I don't know about Norton but I do know of a UPS monitoring program and couple system monitoring programs that use it to broadcast system alerts to the administrator. Disabling the messenger service would only prevent those messages from being broadcast/received across a network, otherwise there is no significant harm to a home user by disabling it.

I don't see any harm in disabling it, but for the inexperienced or unsure, manual certainly is a safe alternative. If any program needs it, it can at least start it rather than having it on needlessly all the time.

As far as Norton, I have System Works installed and have disabled Messenger and had no problems. Norton has half a dozen components it installs in services that it uses for live update etc.

To the author, the best advice is to follow the guide on BlackViper's site and anything you are unsure or to be on the safe side, set it to manual.