System services and Windows Store apps

Saturday, February 2, 2019 5:41:02 PM

Since version 4.0.43 NetLimiter can differentiate among various system services like DNS Client or Windows Update.

It also detects all Windows Store Apps, which are often hidden behind complicated file names like c:\program files\windowsapps microsoft.skypeapp_12.1815.210.0_x64__kzf8qxf38zg5c\skypehost.exe. Version number is a part of a path of such app and thus each new version was previously detected as a new app. It now works correctly. In Activity, Store apps are now displayed under their package node for better readability.

/img/docs/nl-store-pkg.PNG

On most system this feature should work out-of-the-box, but on some machine additional setup will be required. The main (and only) challenge users will face is that the on some systems the system services won't be visible by NetLimiter. Fortunately, there is a remedy...

/img/docs/nl-info-svc.PNG

Forcing services to be visible

Even with newest update some system services won't be detected by NetLimiter. It is because several services can run in a single process and in this case they are undetectable (by NetLimiter) and all their traffic falls under svchost.exe application.

This setup is usual on systems with low memory resources, but you can manually force selected system services to run in their own process and thus make them visible to NetLimiter...

  1. Open registry editor (type regedit to Windows search box and select it) and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YOUR-SERVICE-NAME where YOUR-SERVICE-NAME is a name of the service you'd like to edit. For example: to edit DNS Client replace YOUR-SERVICE-NAME with Dnscache.
  2. Set Type value to 0x10 and ServiceSidType value to 1. If ServiceSidType is not present, create it.
  3. Restart your machine. (This is necessary!)

/img/docs/regedit-svc-hl.png

Creating custom filters

It is pretty similar to creating other Filters.

To create a filter with system (or any) service or Store app, just select Application is or Application is not filter function in Filter editor and from a list of services and apps select those you'd like to filter.

/img/docs/nl-flted-svc.PNG

List of some important system services and their function

DNS Client API DLL (name dnscache): The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computers name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start..

Windows Update Agent (wuauserv): Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.

Background Intelligent Transfer Service (BITS): Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.

DHCP Client Service (Dhcp): Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.

Windows Backup Service (SDRSVC): Provides Windows Backup and Restore capabilities.

Delivery Optimization (DoSvc) : Performs content delivery optimization tasks. This service exists in Windows 10 only.

Connected User Experiences and Telemetry (DiagTrack) : Enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.