I understand svchost.exe can be corrupted by MSBlaster. Likewise the Welchia Worm attacks Svchost.exe. With that in mind if svchost.exe exhibits error, a virus such as MSBlaster or Welchia Worm would be high on the list of suspects. In the most general of terms I understand svchost.exe plays a role in organizing the DLL's needed to run various applications. With that little bit of knowledge I would suspect that the activity of svchost.exe would be confined to matters internal to my stand alone computer. However, in setting up Norton Personal Firewall on a Win 2000 Pro (SP2) box I opted to receive Security Alerts, I am receiving a great number of alerts saying: "C:\WINNT\system32\svchost.exe Protocol TCP (Inbound)" "is attempting to access your computer" Almost every time this happens, a new popup screen appears and this time it is another computer trying to access mine and NPF says to Block it. I block these, Intuitively I think these should be blocked, however NPF recommends Permitting it to access the computer. Which should I chose? If there is material on the subject please advise. Google reveals several articles, but what I have read either describes the role of svchost.exe or how to get rid of the various virii which attach that executable. I can't find anything that describes a relationship between svchost.exe and accessing via the internet. TIA Hazen Woods Austin, TX USA eCS and Win2k Pro what a combination ********************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm