Jump to content

How to monitor what the svchost daemon is doing?

Guest Jack

By Guest Jack
in Windows XP

 Share

Recommended Posts

Guest Jack

Guest Jack

Posted
Posted

Are there any good ways to achieve this?

Such as reading a file, writing something etc

Thanks

Jack

  • Replies 9
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Bjarke Andersen

Guest Bjarke Andersen

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

"Jack" <jl@knight.com> crashed Echelon writing

news:OGLbmJwuIHA.3564@TK2MSFTNGP03.phx.gbl:

> Are there any good ways to achieve this?

> Such as reading a file, writing something etc

 

Sysinternals which is a part of Microsoft now, have made several tools.

Process Explorer which is an advanced task manager, which can provide

details of the specific services behind svchost.exe

 

Also they have a file and disk monitor tools, which can give you details of

what is being writte and read on the disk.

 

--

Bjarke Andersen

Guest Jack

Guest Jack

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

Hi Bjarke,

Thanks for your prompt reply.

I have downloaded process explorer from Microsoft.

Now I have another question, how do I make XP show a messagebox or something

when there is a file deletion request from the outside world?

Thanks a lot

Jack

Guest Jack

Guest Jack

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

Ahh.. put it this way. Can you deny all deletion requests outside of your

computer?

Thanks

Jack

Guest Gerry

Guest Gerry

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

Jack

 

I am not sure you're headed in the right direction!

 

What are you seeing the daemon doing? Is it excessive CPU usage?

 

Using Process Explorer it would be helpful if you could post the Command

Line of the svchost

process generating the excessive CPU usage. In Process Explorer place

cursor on Process and select Properties, Image.

 

 

 

--

 

 

 

Hope this helps.

 

Gerry

~~~~

FCA

Stourport, England

Enquire, plan and execute

~~~~~~~~~~~~~~~~~~~

Jack wrote:

> Ahh.. put it this way. Can you deny all deletion requests outside of

> your computer?

> Thanks

> Jack

Guest Jack

Guest Jack

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

I want to disable remote deletion from outside of my computer, are there any

settings that can help me with this?

 

Thanks

Jack

Guest Gerry

Guest Gerry

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

Jack

 

Start, Control Panel, System, Remote. Uncheck the x before Allow Remote

Assistance etc.

 

 

--

 

 

 

Hope this helps.

 

Gerry

~~~~

FCA

Stourport, England

Enquire, plan and execute

~~~~~~~~~~~~~~~~~~~

Jack wrote:

> I want to disable remote deletion from outside of my computer, are

> there any settings that can help me with this?

>

> Thanks

> Jack

Guest Bjarke Andersen

Guest Bjarke Andersen

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

"Gerry" <gerry@nospam.com> crashed Echelon writing

news:eT$QOk1uIHA.4848@TK2MSFTNGP05.phx.gbl:

> Start, Control Panel, System, Remote. Uncheck the x before Allow Remote

> Assistance etc.

 

That has nothing to do with file security.

 

--

Bjarke Andersen

Guest Bjarke Andersen

Guest Bjarke Andersen

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

"Jack" <jl@knight.com> crashed Echelon writing

news:#BdzZg0uIHA.4876@TK2MSFTNGP02.phx.gbl:

> I want to disable remote deletion from outside of my computer, are

> there any settings that can help me with this?

 

You need to elaborate that question or think it through.

 

It depends on how the remote users gain access to your computer. FTP, Samba

or...?

 

One way or the other, you need to at least look at sharing settings. The

common field for deletion is write access. But in general this would also

block the option of editing files and creating files.

 

On the next level you have the file security settings. With NTFS you

actually have the ability to specify settings more detailed than read/write

access. You can specify whether a user is allowed to create, edit and read

a file, but not delete.

 

So yes, with NTFS and Windows file sharing, you can block outside users

from deletion.

 

However, this scenario is about you sharing files. If the question is

somehow linked with the svchost.exe question, then blocking programs from

deleting files is more tricky, since programs usually are authenticated by

the user logged on or by the system itself.

 

--

Bjarke Andersen

Guest jameshanley39@yahoo.co.uk

Guest jameshanley39@yahoo.co.uk

Posted
Posted

Re: How to monitor what the svchost daemon is doing?

 

On 21 May, 16:40, "Gerry" <ge...@nospam.com> wrote:

> Jack

>

> Start, Control Panel, System, Remote. Uncheck the x before Allow Remote

> Assistance etc.

>

> --

>

> Hope  this helps.

>

> Gerry

> ~~~~

> FCA

> Stourport, England

> Enquire, plan and execute

> ~~~~~~~~~~~~~~~~~~~

>

>

>

> Jack wrote:

> > I want to disable remote deletion from outside of my computer, are

> > there any settings that can help me with this?

>

> > Thanks

> > Jack-

 

don't know why you top posted, but good answer!

 

I haven't really heard of any case of malicious remote file

deletions.. But one way would be malware exploiting browser and

running code that deletes files. But they tend not to do that.

 

Some protection would be not browsing with Internet Explorer...

especially not browsing dodgy sites with it.

 Share
Go to topic listing
×
×
  • Create New...