is it normal for bash.exe, sh.exe, and uname.exe to IPC with svchost.exe

is it normal for bash.exe, sh.exe, and uname.exe to IPC with svchost.exe

[LMH]

Hello,

I am trying to run down some odd behavior on my system. I have reset my firewall to
"ask" for most operations and am trying to rebuild my rules.

While running a bash script that I wrote, I get notifications from my firewall that
bash.exe, sh.exe and uname.exe are attempting inter-process communication with
svchost.exe. I also get a notification that a potential threat to network traffic
interception or injection has been detected for the same processes. Blocking this IPC
does not appear to affect anything in how my script runs, so I am wondering what the
purpose of the communication is. The bash script does not make any connections.

I have observed that software that is trying to bypass a firewall and find a back way
onto the internet will often attempt to use svchost.exe to make the connection
because svchost.exe is often given free access by default.

Is there some reason I should be expecting these processes to talk to svchost.exe?

LMH

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: is it normal for bash.exe, sh.exe, and uname.exe to IPC with svchost.exe

[Achim Gratz]

LMH writes:
> Is there some reason I should be expecting these processes to talk to
> svchost.exe?

If your machine is in a domain they will contact the DC to get user and
group information via standard Windows facilities.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Factory and User Sound Singles for Waldorf Blofeld:
http://Synth.Stromeko.net/Downloads.html#WaldorfSounds

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: is it normal for bash.exe, sh.exe, and uname.exe to IPC with svchost.exe

[LMH]

Achim Gratz wrote:
> LMH writes:
>> Is there some reason I should be expecting these processes to talk to
>> svchost.exe?
> 
> If your machine is in a domain they will contact the DC to get user and
> group information via standard Windows facilities.
> 
> 
> Regards,
> Achim.
> 

As far as I know this computer is not part of a domain. Under System Properties >
Computer Name, the Workgroup is listed a WORKGROUP and not a domain name. The full
computer name is just the CPU model.

LMH

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Re: is it normal for bash.exe, sh.exe, and uname.exe to IPC with svchost.exe

[Brian Inglis]

On 2019-03-26 14:12, Achim Gratz wrote:
> LMH writes:
>> Is there some reason I should be expecting these processes to talk to
>> svchost.exe?
> If your machine is in a domain they will contact the DC to get user and
> group information via standard Windows facilities.

Could it also be Windows instrumentation trying to send info about what's going
on the system?
I know there's a lot of stuff network admins like to block from leaving Windows
systems so that they have some hope of seeing real problems amongst the useful
traffic.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple