Taming svchost bandwidth usage?

M

Morlock

Limp Gawd
Joined
Jun 8, 2012
Messages
508
I'm on a low bandwidth, metered connection, a situation that won't be changing any time soon. I need a browser that doesn't use svchost.exe to connect to the web, if such a thing is possible.

On W7 I could use my firewall to end offending svchost.exe connections, but on W10 this is causing my browsers to give me 502 errors constantly. If I let W10 do what it wants, it eats all my bandwidth constantly, so I can't use browsers anyway.

It's either find a way to make W10 behave, or go back to W7. I can't put up with this shit.

Anyone know a browser that doesn't use svchost.exe? Or some magical firewall that will solve this issue? I really would like to give W10 the old college try.
 
I don't think you understand what svchost is.

It's windows service host, any number of windows services could be running under a specific svchost.

Try disabling updates, and setting your internet to a metered connection.

Trying to stop svchost from touching the internet without knowing what service is using the web isn't going to work
 
I know that svchost is used by other processes to access the web, if that's what you mean.

The only metered connection setting I know of in W10 is for wifi, and I don't use wifi.

I don't know how to disable updates, either. Looked everywhere I can think of, nada. Maybe it's just the flavor of W10 I have; it's Home, and I don't know which one because I only plan on using it until tomorrow night when I have my new rig installed, and I'll be installing a different flavor of W10.

Trying to stop svchost from touching the internet without knowing what service is using the web isn't going to work
Click to expand...

I assume that's because internet access itself depends on svchost in W10? If so I'll be going back to W7 because it handled me ending svchost's TCP/UDP in/out connections just fine.
 
You can choose "metered connection" for wired networks.
 
Last edited:
Morlock said:
I assume that's because internet access itself depends on svchost in W10? If so I'll be going back to W7 because it handled me ending svchost's TCP/UDP in/out connections just fine.
Click to expand...

I don't know what changed, but my guess is that something like DNS queries now runs under a service that is hosted within an svchost container.

For funsies you can load a cmd prompt and run 'tasklist /svc" to see what services are running within a specific svchost.

You could disable the windows update service from within services.msc, though that should also impact downloading updates for defender which you probably want.
 
Get a stand alone firewall appliance, setup logging and you might find your rogue traffic. Watch what happens when you have no website open.

Have you changed all the W10 privacy setting to as low as possible? If they got automagically set to high, data being sent to the MS mothership could be a fair amount of your traffic.
 
How do you connect to the internet, and who is your provider? Having been on rural and high latency connections myself, I have never experienced a 502 error, even when my connection was at .01 mbps and 2000+ms. The pages would time out but never a web server error returned. Is there a proxy/filter involved?
 
For funsies you can load a cmd prompt and run 'tasklist /svc" to see what services are running within a specific svchost.
Click to expand...

Yeah I read about an app that makes it easy to do this at Raymond.cc but I got distracted by something else and forgot to download it. I'm going to have to run that one down, I think.

You could disable the windows update service from within services.msc, though that should also impact downloading updates for defender which you probably want.
Click to expand...

I think I already did this, but I'll double-check. I'll get my updates over sneakernet.

Get a stand alone firewall appliance, setup logging and you might find your rogue traffic. Watch what happens when you have no website open.
Click to expand...

I'm using Comodo Internet Security. I've been using it for a long time because I like the way their firewall works; I can easily open a window to monitor all internet connections, instantly see how much bandwidth they're using, etc. The answer is yes, there's always all kinds of hinky shit going on. Svchost frequently has traffic when I'm doing nothing (I just checked and Windows Update was running, but set to "manual start," which makes no sense because 1 I'm pretty sure I set it to "disabled" several reboots ago, and 2 I sure as Hell haven't manually started Windows Update on this rig in many years. So, I was going to say that normally I'd suspect Windows Update, but that can't be it because I turned it off, but now it's the primary suspect again.). I have javascript turned off in my browsers, but Firefox frequently just spontaneously starts downloading data for no apparent reason when I haven't touched my browser for half an hour. I need to find the user agent switcher I used to have, it let me identify as IE7, which seems to cut down on the bloat that sites try to send me; unfortunately it's hiding in a bunch of other FF extensions named "user agent switcher"; the one I downloaded doesn't have many options, just the current flavors of the major browsers. The old one had, well, it looked like every browser, ever.

Scobar: you don't want to know, it's too depressing. PS, it's something to do with me killing the offending svchost connection via firewall; if I kill the wrong one, a browser stops loading certain pages altogether. It doesn't start loading them, just goes right to 502. But it will load other pages (say, google search) just fine. I have to restart Windows to fix the issue. And no, no proxies or filters.
 
Last edited:
I think if you're on metered Internet, you're doing pretty basic stuff anyways so just run a linux livecd like lightweight portable security when you need access and be done with the problems.
 
thebufenator said:
I don't know what changed, but my guess is that something like DNS queries now runs under a service that is hosted within an svchost container.

For funsies you can load a cmd prompt and run 'tasklist /svc" to see what services are running within a specific svchost.

You could disable the windows update service from within services.msc, though that should also impact downloading updates for defender which you probably want.
Click to expand...

You are correct twice. I just thumbed through svchost really quickly, and it looks like DNSclient is being launched by it in Windows 10. Block DNS queries from going outbound, and break your computer.
 
Morlock said:
I know that svchost is used by other processes to access the web, if that's what you mean.
Click to expand...

It does about 100x more things than that these days. I have almost 70 processes of svchost running on my pcs. If you open up task manager and go to details, you can see all of them. Right click on one and go to services. Half of the core windows services run under svchost, so randomly killing them or blocking them is probably not going to make things work. As stated in the posts above, the ability to look up www.hardforum.com and translate that into a number is running under svchost, so all browsers are going to be relying on the system to perform that functionality. So when you block it from leaving your computer it's going to cause DNS lookups to fail.
 
No worries. When I saw that Windows Update was still running I disabled it again, and that stopped most of the issues.

Edit: as for Linux, I have a couple of spare rigs by now, so I really should install Linux on one and learn to get around in it.
 
Except Linux will not really solve the problem you're having at all. If you think Windows updates uses a lot of bandwidth just wait until you try to keep a standard desktop with the default installation packages up to date.
 
You must log in or register to reply here.
Back
Top