TairikuOkami

Level 21
Content Creator
Verified
The only problem are certificates, used by Windows and browsers, they are updated daily via svchost.
They might get outdated or not revoked, when they get vulnerable, like for drivers or webpages.
Then again, 10 is updated twice a year, so it is not such an issue, but still worth considering.

 

Andy Ful

Level 37
Content Creator
Trusted
Verified
I was taking this route, but got this warning message which I did not fully understand:

View attachment 208759
That is the longer version of what I posted. Some system processes are restricted by Microsoft, and changing that may have unexpected consequences.
Allowing svchost.exe should not be dangerous to the system. But, blocking it fully can be more dangerous.
 

Andy Ful

Level 37
Content Creator
Trusted
Verified
Fully allowing svchost.exe, makes checking Windows Updates functional. I tried to restrict svchost for anything, except Windows services, but this blocked Windows Updates. So, svchost in Windows Updates needs something more than services only.