Hi, I'm getting notifications every few minutes that traffic has been blocked for svchost.exe
I'm running symantec endpoint protection version 11.0.6100.645 on windows 7 home premium 64 bit, unmanaged.
I have searched the forums and found others with very similar issues, although I have been unable to find a resolution.
I will try to provide any information that is needed. I would like to solve this problem and help anyone else having the same problem.
I saw in another thread that someone thought a homegroup could be the culprit, but there is no homegroup setup on my pc. I verified this right before typing by checking the network and sharing center.
From my network threat protection traffic log (this pattern happens every couple minutes):
1/1/2011 11:39:11 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:38:09 PM 1/1/2011 11:38:09 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:38:40 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:37:39 PM 1/1/2011 11:37:39 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:38:25 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:37:23 PM 1/1/2011 11:37:23 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:38:14 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:37:13 PM 1/1/2011 11:37:13 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:38:09 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:37:08 PM 1/1/2011 11:37:08 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:38:09 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:37:08 PM 1/1/2011 11:37:08 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:38:09 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-01-00-02 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:37:08 PM 1/1/2011 11:37:08 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:36:38 PM Allowed 10 Incoming UDP 192.168.1.2 00-1F-3B-32-11-C5 137 192.168.1.255 FF-FF-FF-FF-FF-FF 137 C:\Windows\system32\ntoskrnl.exe Steven SoederFTW Default 9 1/1/2011 11:35:36 PM 1/1/2011 11:36:22 PM Allows NetBIOS UDP protocols in LAN subnet
1/1/2011 11:35:41 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:34:40 PM 1/1/2011 11:34:40 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:35:41 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:34:40 PM 1/1/2011 11:34:40 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:35:41 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:34:40 PM 1/1/2011 11:34:40 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:35:41 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:34:40 PM 1/1/2011 11:34:40 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:35:36 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:34:35 PM 1/1/2011 11:34:35 PM Block IPv6 (Ethernet type 0x86dd)
1/1/2011 11:35:36 PM Blocked 3 Outgoing IPv6 [type=0x86DD] 0.0.0.0 33-33-00-00-00-0C 0 0.0.0.0 00-22-B0-6E-B1-F0 0 Steven SoederFTW Default 1 1/1/2011 11:34:35 PM 1/1/2011 11:34:35 PM Block IPv6 (Ethernet type 0x86dd)
Also, in another forum post i was reading it was suggested to run a tasklist /svc to see what services are running....so I did that as well and here are the results:
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 292 N/A
csrss.exe 380 N/A
wininit.exe 448 N/A
csrss.exe 460 N/A
services.exe 508 N/A
winlogon.exe 532 N/A
lsass.exe 552 KeyIso, SamSs
lsm.exe 568 N/A
svchost.exe 680 DcomLaunch, PlugPlay, Power
svchost.exe 760 RpcEptMapper, RpcSs
svchost.exe 856 AudioSrv, Dhcp, eventlog,
HomeGroupProvider, lmhosts, wscsvc
svchost.exe 888 AudioEndpointBuilder, hidserv, Netman,
PcaSvc, SysMain, TrkWks, UxSms,
WdiSystemHost, Wlansvc
svchost.exe 916 AeLookupSvc, Appinfo, BITS, EapHost, gpsvc,
IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, SENS, ShellHWDetection,
Themes, Winmgmt, wuauserv
svchost.exe 308 EventSystem, fdPHost, netprofm, nsi,
WdiServiceHost
Smc.exe 440 SmcService
svchost.exe 1068 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
ccSvcHst.exe 1168 ccEvtMgr, ccSetMgr
spoolsv.exe 1488 Spooler
svchost.exe 1524 BFE, DPS, MpsSvc
Rtvscan.exe 1740 Symantec AntiVirus
svchost.exe 1860 PolicyAgent
taskhost.exe 2212 N/A
dwm.exe 2264 N/A
explorer.exe 2316 N/A
SmcGui.exe 2344 N/A
uTorrent.exe 2652 N/A
ProtectionUtilSurrogate.e 2780 N/A
ccApp.exe 2976 N/A
SearchIndexer.exe 1316 WSearch
wmpnetwk.exe 2560 WMPNetworkSvc
svchost.exe 2704 FDResPub, SSDPSRV
firefox.exe 908 N/A
plugin-container.exe 2180 N/A
sppsvc.exe 3188 sppsvc
msiexec.exe 2564 msiserver
Setup.exe 3864 N/A
Setup.exe 3664 N/A
msiexec.exe 3668 N/A
msiexec.exe 3724 N/A
SymCorpUI.exe 3336 N/A
audiodg.exe 3316 N/A
WmiPrvSE.exe 1088 N/A
cmd.exe 3916 N/A
conhost.exe 3976 N/A
tasklist.exe 3908 N/A