epmap local port 135, what is this?

In CurrPorts I see that svchost.exe has a TCP to port 135, at address; the local port name is epmap.
I’m not familiar with epmap, but what I could find didn’t sound good.

How can I block this port? I tried to define a rule but ended up blocking svchost.exe.

RPC endpoint mapper (and DCOM) port 135 - TCP/UDP is an interprocess communication protocol used by windows applications on either a single PC or between PCs/Servers across a network.

Unfortunately, it’s no easy process to terminate this port without possible, undesirable side effects. Your best bet is to create an Application rule for the System process that blocks UDP and TCP out on this port.

Thanks for the reply, Radaghast.

Is that: Firewall> Define a New Blocked Application> or is it under Computer Security policy?

It will be a firewall rule for the system process.


Apologies for replying to an old post,

Blocking this port may cause issues with any monitoring systems. Solarwinds (or most WMI based applications) use port 135 to connect to a windows system to retrieve data. Windows credentials are required to retrieve this data. Anonymous access will not allow data retrieval