|
Posted by Duane Arnold on April 10, 2006, 7:09 am
If you were Registered and logged in, you could reply and use other advanced thread options
> I've been trying to close as many unnecessary open ports as possible.
> Whenever I do a netstat -an command or use TCPView by Sysinternals, I
> notice that Port 135 is in this state:
>
> Local Address Foreign Address
>
> TCP 0.0.0.0:135 0.0.0.0:0
> LISTENING
Sometimes, one tends to go to far with it not really knowing what's going
on to begin with, which leands to trouble..
>
> Since I'm not using a networked computer and had netbios running, I
> disabled that. I deleted my "client for MS networks" option in the
> local area connection properties. Then I tried running Dcomcnfg.exe and
> unchecked the "enable Distributed Com" box.
Well, did you uninstall MS File and Print Sharing of the NIC too, which
would make sense for a Windows O/S that you don't want to network with a
direct connection to the Internet?
> I then edited HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc as follows:
> Created an "Internet Key" with the string "UseInternetPorts" and a value
> of N.
You should just leave it alone.
>
> However, when I rebooted, Port 135 was still showing when doing a netstat
> -an command.
What is your concern here as the port is protected by the host based packet
filter ZA running on the machine to both inbound and outbound traffic?
>
> I see it's blocked in my ZA internet zone security (incoming and
> outgoing).
It's not open to the public Internet as the host based packet filter
solution (ZA) has the port closed to unsolicited inbound traffic. Now, if
you had set rules to opened port 135 with ZA to unsolicited inbound traffic
and RPC listening on 135 then you might have some trouble. And besides, if
ZA has 135 blocked on outgoing as well, then what's the problem?
>
> Why can't I shut it down upon rebooting?
>
Look, the machine is protected by the host based packet filter ZA so what's
the problem?
> TCPView tells me the port is running:
>
> svchost -k rpcss.
So what that it's running, because again, the host based packet filter ZA
has the machine protected at the machine level.
> by Microsoft won't run after
> booting. Supposedly, that program depends on the remote procedure call
> service.
So, if it's dependant upon it, it's dependent upon it and there is nothing
you can do, other than, not run the solution.
>
> I now keep getting this error message even after uninstalling and
> reinstalling, and re-enabling Dcom.
You should have left it alone.
>
> Windows Defender Application failed to initialize: 0x800106ba. A problem
> caused Windows Defender Service to stop. To start the service, restart
> your
> computer or search Help and Support on how to start a service manually.
Then you set the service to not start and the problem is gone.
>
>
>
> Has anyone got a solution?
>
Get yourself a NAT router and put the machine behind it.
Because the ZA service (a third party solution) is not a service that is a
dependency to any other NT based O/S service like the one that makes the
TCP/IP available making it wait for the ZA service to start before it can
start, along with other such services, malware can and will beat ZA at the
boot and login process and be done before the ZA service can start to
protect anything. It can and will use Svchost during the time frame and be
done.
You could hack the registry on Service dependencies, I suggest that you just
leave it alone and go behind the protection of a NAT router that can stop
inbound and outbound by setting packet filter rules. The router will not be
booted when you boot the O/S, because it's not running with the O/S on the
machine. It is a standalone solution.
Duane :)
| 
XML site map