High CPU caused by Windows Firewall

Topic

New Reply

I’m suddenly seeing periodic (every 30 to 40 seconds) cpu usage peaks in svchost. I’ve traced it to the Windows Firewall – turn the firewall off and it stops. Web searches have not led to any Windows XP solutions or even hints. A second Windows XP machine on the same network does not show this. Both are completely up to date.

The firewall log does not show an excessive number of blocked connections, although there are continuous blocked connections.

Reply | Quote

Replies

One thing to remember is that the Windows XP firewall only blocks outgoing connections. If the firewall is being triggered, maybe something is trying to “phone home”. The second thing to remember is that the communication may be an allowed connection rather than blocked – either way might cause a hit on the CPU – so looking at blocked connections in pfirewall.log might miss the culprit.

Can you pinpoint the date this started? Was there any software installed on the machine after that time – maybe roll back using system restore to before that date and see if that overcomes the issue.

Alternatively download and install TCPView from Sysinternals to look at what might be attempting to communicate outside of the box.

Reply | Quote

One thing to remember is that the Windows XP firewall only blocks outgoing connections.

Tino,

I always thought it was Incoming connections? :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

Did I say outgoing – oh dear, that’s what comes from editing and re-editing drafts then leaving in earlier snippets of text as one rushes to collect daughter form work.:rolleyes:

For a service or program to communicate through the firewall an exception needs to be added. The rest stands as noted (I think I drafted that bit right:confused:) – it might be allowed or blocked, but looking for blocked might miss the issue.

Using TCPView will illuminate all TCP and UDP connections and help discover if it is indeed something spiking the firewall.

Need to rush off for dinner now, so hopefully no more silly typos!

Reply | Quote

Run a complete AV/AM scan from a tool independant of what you currently have installed, and go with a popular 3rd party firewall instead of XP’s.
It is generally known that the firewalling capability of Windows XP is somewhat inferior to most 3rd party choices.

Windows Secrets: Easily view Windows XP firewall log

Reply | Quote

Update on my problem. I could see nothing suspicious going on. I installed online armor free. It’s logs don’t show anything unusual – even in log everything mode. For now, I’ll just try to forget about it.

Reply | Quote