Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've been trying to close as many unnecessary open ports as possible.  
Whenever I do a netstat -an command or use TCPView by Sysinternals, I
notice that Port 135 is in this state:

                    Local Address       Foreign Address

TCP                0.0.0.0:135             0.0.0.0:0                  
LISTENING

Since I'm not using a networked computer and had netbios running, I
disabled that.   I deleted my "client for MS networks" option in the
local area connection properties.  Then I tried running Dcomcnfg.exe and
unchecked the "enable Distributed Com" box.

I then edited HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc as follows:
Created an "Internet Key" with the string "UseInternetPorts" and a value
of N.

However, when I rebooted, Port 135 was still showing when doing a netstat
-an command.

I see it's blocked in my ZA internet zone security (incoming and
outgoing).

Why can't I shut it down upon rebooting?

TCPView tells me the port is running:

svchost -k rpcss.



I have noticed that when I disable dcom and create the RPC key, upon
rebooting Windows Defender beta Spyware by Microsoft won't run after
booting.  Supposedly, that program depends on the remote procedure call
service.

I now keep getting this error message even after uninstalling and
reinstalling, and re-enabling Dcom.

Windows Defender Application failed to initialize: 0x800106ba. A problem
caused Windows Defender Service to stop. To start the service, restart
your
computer or search Help and Support on how to start a service manually.



Has anyone got a solution?









Re: Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!


| I've been trying to close as many unnecessary open ports as possible.
| Whenever I do a netstat -an command or use TCPView by Sysinternals, I
| notice that Port 135 is in this state:
|
|                     Local Address       Foreign Address
|
| TCP                0.0.0.0:135             0.0.0.0:0
| LISTENING
|
| Since I'm not using a networked computer and had netbios running, I
| disabled that.   I deleted my "client for MS networks" option in the
| local area connection properties.  Then I tried running Dcomcnfg.exe and
| unchecked the "enable Distributed Com" box.
|
| I then edited HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc as follows:
| Created an "Internet Key" with the string "UseInternetPorts" and a value
| of N.
|
| However, when I rebooted, Port 135 was still showing when doing a netstat
| -an command.
|
| I see it's blocked in my ZA internet zone security (incoming and
| outgoing).
|
| Why can't I shut it down upon rebooting?
|
| TCPView tells me the port is running:
|
| svchost -k rpcss.
|
| I have noticed that when I disable dcom and create the RPC key, upon
| rebooting Windows Defender beta Spyware by Microsoft won't run after
| booting.  Supposedly, that program depends on the remote procedure call
| service.
|
| I now keep getting this error message even after uninstalling and
| reinstalling, and re-enabling Dcom.
|
| Windows Defender Application failed to initialize: 0x800106ba. A problem
| caused Windows Defender Service to stop. To start the service, restart
| your
| computer or search Help and Support on how to start a service manually.
|
| Has anyone got a solution?
|

RPC/RPCSS DCOM is required and many software components are dependent upon it.

If you are on Broadband Internet then I suggest using a Cable/DSL Router.  This
will isolate
Internet inbound activity to the Router and not the PC.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!


Quoted text here. Click to load it


I'm using a router.  Are you saying I can't close Port 135 if it's
running rpcss?  When I closed Dcom created the UseInternetPorts key, I
was still able to use the net and e-mail services.

I've since found out that Windows Defender can't run unless the "Client
for MS Networks" component is included in the Local Area Connection
properties.  After I reinstalled that, Windows Defender ran again.  What
a quirky program.  


Re: Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!



|
| I'm using a router.  Are you saying I can't close Port 135 if it's
| running rpcss?  When I closed Dcom created the UseInternetPorts key, I
| was still able to use the net and e-mail services.
|
| I've since found out that Windows Defender can't run unless the "Client
| for MS Networks" component is included in the Local Area Connection
| properties.  After I reinstalled that, Windows Defender ran again.  What
| a quirky program.

No, I am not specifically stating that.  I am stating that you can't disable
RPC.  The
specifics of not having TCP port 135 open is another issue and I don't know how
to not open
that port.  However I am stating its a moot point if you are behind a NAT Router.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!


Quoted text here. Click to load it

Yes, you can close the port. I've done it on my system (Win2k) without
any loss of functionality.

http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en

"Disabling DCOM does not close TCP port 135. To close it, one solution
 is to remove IP-based RPC protocols sequences from the list that can
 be used by DCOM".

See the section labelled "--[ DCOM ]--" near the end of the page, and
read it thoroughly.

Quoted text here. Click to load it

I've no idea what the UseInternetPorts registry entry is. It's not
present in mine.



Re: Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!


Quoted text here. Click to load it

The solution is not a quirky program it's doing whatever it is supposed to
be doing based on specifications given to the developers for the solution.
If you think it's quirky, then simply uninstalled off the machine and it
won't be quirky anymore or shutdown the service.

As far as you doing anything with RPC and in particular with a machine
setting behind a NAT router, it's much to do about *nothing* and you should
just leave it alone.

Duane :)



Re: Windows Defender problems after Port 135 and rpc disabling! Dr Lipman and others - help!


Quoted text here. Click to load it

Sometimes,  one tends to go to far with it not really knowing what's going
on to begin with, which leands to trouble..

Quoted text here. Click to load it

Well, did you uninstall MS File and Print Sharing of the NIC too, which
would make sense for a Windows O/S that you don't want to network with a
direct connection to the Internet?

Quoted text here. Click to load it

You should just leave it alone.

Quoted text here. Click to load it

What is your concern here as the port is protected by the host based packet
filter ZA running on the machine to both inbound and outbound traffic?

Quoted text here. Click to load it

It's not open to the public Internet as the host based packet filter
solution (ZA) has the port closed to unsolicited inbound traffic. Now, if
you had set rules to opened port 135 with ZA to unsolicited inbound traffic
and RPC listening on 135 then you might have some trouble. And besides, if
ZA has 135 blocked on outgoing as well, then what's the problem?

Quoted text here. Click to load it

Look, the machine is protected by the host based packet filter ZA so what's
the problem?

Quoted text here. Click to load it

So what that it's running, because again,  the host based packet filter ZA
has the machine protected at the machine level.

Quoted text here. Click to load it

So, if it's dependant upon it, it's dependent upon it and there is nothing
you can do, other than, not run the solution.

Quoted text here. Click to load it

You should have left it alone.

Quoted text here. Click to load it

Then you set the service to not start and the problem is gone.

Quoted text here. Click to load it

Get yourself a NAT router and put the machine behind it.

Because the ZA service  (a third party solution) is not a service that is a
dependency to any other NT based O/S service like the one that makes the
TCP/IP available making  it wait for the ZA service to start before it can
start, along with other such services, malware can and will beat ZA at the
boot and login process and be done before the ZA service can start to
protect anything. It can and will use Svchost during the time frame and be
done.

You could hack the registry on Service dependencies, I suggest that you just
leave it alone and go behind the protection of a NAT router that can stop
inbound and outbound by setting packet filter rules. The router will not be
booted when you boot the O/S, because it's not running with the O/S on the
machine. It is a standalone solution.

Duane :)




Site Timeline