I run Zone Alarm on Windows XP Pro... once in a while ZA tells me that something called "Generic Host Process" is trying to connect to the internet. I have always said "no" without ill effect, but what is this program trying to do, and should I let it?

My guess would be you have Windows Auto Update enabled and XP is seeking new security patches etc., from Microsoft.

Easy way to find out is let it make the connection and see who it calls.

If it's the Secret Service, it may be time to leave town.

Svchost.exe is a generic host process name for services that run from dynamic-link libraries (DLLs).
The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load.

Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can run, depending on how and where Svchost.exe is started. This allows for better control and easier debugging.

Svchost.exe groups are identified in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Cu rrentVersion\Svchost

Third party software, especially older HP printers and scanners, are known to cause problems with the host process.
Other possibilities are a USB connected Cable modem, and a good bet would be Zone Alarm firewall software.

Ok, I think I get it... but what I really want to know is whether I should allow these processes to connect to the internet.

Originally posted by Soapy Sam
Easy way to find out is let it make the connection and see who it calls.

See and I'm not sure how to tell. If I say "Yes" or "No" it just goes away and I don't see anything unusual happen

I'm not an expert on Zone alarm, I prefer Sygate, its far far less invasive on my machine.

Does zone alarm not allow the details of connected services to be examined?

I'm thinking here of the address each is connected to.

I have a funny view (I guess) about software calling home, I view it as something of an invasion of privacy, so I tend to block stuff until I'm ready to have the updates done etc.

When I was attacked by MSBlast, the first notification about something being wrong was svchost acting wierd.

We all assume that you've installed the latest patches against MSBlast. Unless you've been in NY the whole weekend :)

I've used both Zone Alarm and Sygate. I used SPF first then one day realised it wasn't running, checked the logs and found that for 2 weeks it had been quietly failing to start as it couldn't load a data file, and it hadn't alerted me. Zone alarm isn't quite so friendly - cruder GUI etc - but it does log stuff like attempted IP address, port, UDP or whatever. When I have time I'll try to get SPF going properly as it was easier to work with but for now ZA is fine.

Zone alarm isn't quite so friendly - cruder GUI etc

I wish the ZA people would realize this. How can such a fancy GUI be so unusable. *sigh*

Originally posted by Torlack
Zone alarm isn't quite so friendly - cruder GUI etc

I wish the ZA people would realize this. How can such a fancy GUI be so unusable. *sigh*

It's called just sitting down and pushing buttons and hoping nothing gets broken. And trial & error.