Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Carlos_Jara
Contributor
Jump to solution

We are detecting suspicius DNS request from svhosts.exe process in windows server

Hi,

We are detecting suspicius DNS request from svhosts.exe process in windows server.

Checkpoint block this connections via GeoPolicy.

How can I know the process or application that use svhosts.exe to send DNS query to external servers?

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

That, Im really no sure, apologies. Im not much of a Windows person myself, but it definitely appears its something to do with that server. Does it happen only on one machine or multiple?

View solution in original post

0 Kudos
5 Replies
the_rock
Legend
Legend

Hm...does not really seem like fw issue, as its doing what its supposed to do. I found below online, not sure if might help you.

https://www.glasswire.com/process/svchost.exe.html

 

Andy

Carlos_Jara
Contributor

Hi,

The svchost.exe is a safe windows process, but I don't know why lunch DNS query to external servers when we was define internar DNS in the server.

Checkpoint firewall works fine and block this traffic with GeoPolicy.

Many thank's for your help!

 

 

 

0 Kudos
the_rock
Legend
Legend

That, Im really no sure, apologies. Im not much of a Windows person myself, but it definitely appears its something to do with that server. Does it happen only on one machine or multiple?

0 Kudos
Carlos_Jara
Contributor

I detect this in only one server!

the_rock
Legend
Legend

So what I would do is maybe compare DNS settings with other machines and if its same, possibly reboot or shut down might help. As old school Microsoft support "motto" goes...reboot 3 times, just in case 🙂

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events