Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

ZONE ALARM /Scan

Feb 2, 2004 10:07AM PST

Installed Zone Alarm last evening..Did a scan a few minutes ago and it says FAILED..Port135/emmap endpoint resolution,DCE is OPENED.What should i do now??Running out of Programs to Install.

Discussion is locked

- Collapse -
Re:ZONE ALARM /Scan
Feb 2, 2004 10:23AM PST

Background and Additional Information:

Port 135 is certainly not a port that needs to be, or should be, exposed to the Internet. Hacker tools such as "epdump" (Endpoint Dump) are able to immediately identify every DCOM-related server/service running on the user's hosting computer and match them up with known exploits against those services.

Any machines placed behind a NAT router (any typical residential or small business broadband IP-sharing router) will be inherently safe. And any good personal software firewall should also be able to easily block port 135 from external exposure. That's what you want.

In addition, many security conscious ISPs are now blocking port 135 along with the notorious "NetBIOS Trio" of ports (137-139). So even without any of your own proactive security, you may find that port 135 has been blocked and stealthed on your behalf by your ISP.

Closing Port 135 at http://grc.com/port_135.htm

- Collapse -
Re:Re:ZONE ALARM /Scan
Feb 2, 2004 10:32AM PST

Already talked to Verizon about this..They said to get a good firewall..They dont CLOSE any PORTS.Thought this ZONE ALARM was so great..??

- Collapse -
Re:Re:Re:ZONE ALARM /Scan
Feb 2, 2004 10:43AM PST

Try using the DCOMbobulator from http://www.grc.com/dcom/ then restart your system. Run another scan if possible use ShieldsUp from www.grc.com

From the above page:

Closing TCP Port 135

Three systems within Windows NT/2000/XP/2003 share TCP port 135: DCOM, Task Scheduler, and Distributed Transaction Coordinator (MSDTC). Since running any of these services will hold TCP port 135 open to accept incoming connections, they must all be stopped and disabled in order to close port 135. The DCOMbobulator disables and "unbinds" DCOM from port 135, but it does not take any responsibility for dealing with the other two services.

Under Windows 95/98/ME, disabling DCOM with the DCOMbobulator will close port 135 since the Windows 98/ME task scheduler does not use port 135 and those systems don't have the Distributed Transaction Coordinator.

Any personal firewall or NAT router will isolate a system's open ports from external intrusion, so leaving port 135 open is not a problem if your system has additional intrusion protection in place. At the same time, the best security is obtained with multi-layered security where each layer is as secure as possible. If you can determine that you do not need the Windows Task Scheduler, or that you can live without its services, you can probably arrange to completely close your TCP port 135.

MSDTC ? As with DCOM, typical Windows users have no need for the Distributed Transaction Coordinator service. If it is running, it can be stopped and disabled without any negative impact on the system. But unfortunately, as we'll see, the same may not be true of the Windows Task Scheduler service:

Task Scheduler ? Users of Windows XP who wish to use XP's "Prefetch" system for startup performance enhancement must leave the Task Scheduler running. Many people also depend upon Task Scheduler for timely anti-virus and other updates. For these reasons it may not be practical for you to shut down and disable the Task Scheduler. However, I wanted to provide the information for users of other Windows versions who care enough about permanently and finally closing port 135.

- Collapse -
Re:Re:Re:Re:ZONE ALARM /Scan
Feb 2, 2004 11:18AM PST

Thanks..Shields Up is what i used to scan with..Just did another one and now says ALL Ports are stealth,strange if you ask me and didnt do anything except reboot PC.Think im gonna take a break from PC, Internet and this farm for a few days,and just hang out on the beach and the fishing pier,watch the boats bring in the catch of the day,have some good honest conversation along with some good home cooking and watch the wind go by.. just might catch the Big One everyone is after!Thanks for your time and the help.

- Collapse -
Re:ZONE ALARM /Scan
Feb 2, 2004 12:13PM PST

You're welcome.

Seen the same thing before but not with Port 135. It is with Port 1025. Confused me at first but I realized on which of installed applications is using Port 1025. Found out it's one of Symantec component. Refreshing the browser resulted to stealth. I restarted the system and ran the scan again = stealth again Grin

- Collapse -
Re:Re:Re:Re:Re:ZONE ALARM /Scan
Feb 2, 2004 4:12PM PST

I also use Zone Alarm. My last scan at Shields Up showed that my system was fully protected. Just for the heck of it, I just now went back to Shields Up and checked out port 135. It is definitely stealthed.