Ports being probed ?
 

I run Malwarebytes with full time protection (paid version).Whenever I use my laptop with my 3G data USB stick,I see that Malwarebytes is quite active in blocking attempts to probe various ports.Svchost.exe always involved.

I looked at the logs and did a 'whois' on the blocked IP addresses and...every one of them originates in China.

The USB data stick is made in China by Huawei.Only occurs when the USB data stick is in use,never with my home ADSL or Wifi.

Just a co-incidence or maybe something more nefarious ?

It's nothing to do with the Huawei nature of your 3G dongle.

It's to do with you needing a firewall when you use it, as there's no NAT between you and the internet when you do. Ensure your PC uses a firewall at all times.

Agree with MB.
You almost certainly do not have a firewall turned on. Have a look at this site.
Hit "proceed" at the bottom to test the effectiveness of the firewall. All ports, ideally, will appear as stealthed.
The Windows firewall is effective at this, provided there is no actual malware on the computer. It is not so good at controlling outbound applications.

Thanks for your replies.I have a work issued laptop with W7.I have limited admin status,unit setup by IT at HQ.I checked and Windows firewall is enabled.I ran the GRC test,all ports tested and got a perfect 'Trustealth' rating for 1st 1056 ports.I used the USB data stick in question for this test (and am using it now).

Don't know if it's relevant,but MS Forefront Client Security is running on the machine.I have no priveleges to see what it's doing.All I can do is see a list of applied updates which are pushed out over VPN from HQ.

Interesting.

Coincidence. There are mysterious sites in China that constantly probe every machine they can reach. I sometimes get hundreds or thousands of hits in an hour, and sometimes many attempts per day.

As long as you have a firewall, you're fine. If you don't have a firewall, you have a potential problem. If you're running just an ordinary desktop machine (not a server), you should have just about all incoming unsolicited traffic blocked.

The svchost.exe program is used to run all sorts of utility functions, including a number of essential network services, so it's not surprising or abnormal to see its name pop up in association with network activity.

At which point i'd theorise that the Malwarebytes runtime is interacting with the firewall correctly and keeping these ports blocked whilst also monitoring them. The only thing it's doing wrong is giving you a small sense of worry.

You wouldn't get these same messages when connected to your broadband at home, as your home router does the firewalling function for you, hence none of those port scans ever reach your laptop for Malwarebytes to complain about them.

A pretty secure system there sir :ok:

Thanks everyone for giving me the benefit of your knowledge.Much appreciated.