I was wondering that should i keep restricting these or add custom rule?
svchost.exe (secsvcs)
svchost.exe (swprv)
svchost.exe (localsystemnetworkrestricted)
svchost.exe (dcomlaunch)
Did some quick research and didn't find usable (for me) info. gotta go to work now, running 45mins late already :o
There may be no singular answer for *all* PCs, as every 'executive environment' (software, hardware, and user) is different. However, I recommend excluding them if you are seeing them restrained a lot.
Thanks for answer. I exclude those. Those are constantly being restricted (amount depends on wwhat is my current project). Once whole graph was yellow on restricts, sad that i didn't take shot of that :)