Yes, I am aware that svchost.exe is used often to connect to windows update, but...
1. how was my computer come up listed as the remote computer while a MS IP address with a MAC
address of a computer who knows where, gets listed as the local machine on a few entries of the
firewall? Is this a manipulation to allow inbound traffic when a firewall is set to stop inbound traffic?
hmm...
2. I have never liked the way MS has svchost.exe setup as a global gateway for up to 20 or more services
at the same time. Just look at the results when using Sysinternals; autoruns.exe, just right click on some
of iterations of svchost.exe to see how many services programs are using svchost as their door to the
internet. This seems to me to be a Single Point of Failure. If svchost is given free license to make
connections how am I to know what Service is actually initiating such connection. the firewall loggs
only report svchost.exe made or attempted to make a connection. By the way, you don't have to
allow svchost.exe to have internet access in order to have a internet connection work just fine.
3. Do any of you know of a method to trace back to identify: [connection initiating program -> service ->
svchost.exe] ?