[Bug] rules not applied to some services/svchost.exe

[mesvam]

Checklist

• I have used the search function to see if someone else has already submitted the same bug report.
• I will describe the problem with as much detail as possible.

App version

3.6.7

Windows version

Windows 11

Steps to reproduce

I often see notifications for svchost.exe for services that I have either allowed or blocked. The "Packet log" tab also does not indicate that rules have been applied to these connections. This happens even if notifications are disabled for the service. This does not seem to occur with all services, only a few specific ones. Here are the ones I have noticed so far

• DiagTrack (Block)
• wlidsvc (Block)
• BITS (Allow)
• CryptSvc (Allow)
• DoSvc (Allow)

DiagTrack and DoSvc seems to make the most frequent connections and would be eaisest to test. Steps to reproduce:

1. Allow or block one of the previously listed problematic services in the Services tab
2. Optional: right click on the service and check Rules/Disable notifications (should not be necessary, but can test it anyways)
3. Restart the service, which should immediately initiate some connections
4. Notification pops up

Bug may be intermittent. In Procmon, it logs as a "TCP Disconnect". The workaround is to manually specify a giant list of IP rules for these services as you see the notifications, but it's a massive pain since you can't easily identify which service triggered the connection in the notification dialog

Expected behavior

No response

Actual behavior

Notification pops up

Logs

Here is a log for this happening with DoSvc (Allowed)
simplewall.log

[henrypp]

Why it is happening is described here #677.