How can i block a port as outgoing only

  For about two weeks, the firewall askes me about allowing different IP adresses to connect to me through svchost.exe throught this port - [b]ms-rpc(135)[/b] 
  After a google search i found that this port is a common target for attacks. The ips that try to connect all start with 10.0. ,and the firewall allways asks me to allow or block the connection,is there a way to make the firewall always block incoming connections through that port?

Open CIS, go to firewall → my blocked network zones → add the file


what do you mean add the file?

You have Add option at the top right!!!

…what i am asking is WHAT FILE TO ADD?! ,svchost.exe? would’t that block it completly? i just want to know how to block ingoing acces to the 135 port

Open CIS → Firewall tab → Advenced Tab left side → Network Security Policy → My ports sets → And remove the unknown port!


it doesn’t appear there,also i tried creating a custom policy that made port 135 as outgoing only,but the firewall still asks me to allow or block.

If you want to block incoming you have to create a rule in Global Rules.


[attachment deleted by admin]

As far as CIS3 is concerned, it is enough to write individual applications rules: usually, blocking ALL the netbios range (135-139) TCP IN for scvhost and UDP OUT for system is enough.

However, the 10.0 ip leads to think it might be a local LAN adress, and if so, there would be no sense to block it, and you might even, doing so, throw yourself out of your LAN if using netbios.
Under such circumstances, the rules have to be doubled: one allowing the netbios ports for the lan, the other blocking it outside.

Port 135 is not a dedicated port by itself, but a “mapping” port; it is impossible to close, as it is integrated in windows, but one might want to disable related services: if not disabling netbios itself, often needed, at least e.g. windows shares, dcom…

Also note that cis stealthing port wizard is supposed to do the job.

You can also set Svchost.exe as ‘Outgoing Only’ in your Firewall rules.
I would recommend doing the same with System.

can you please wrote Global Rule for Svchost.exe? And is it OK to put Svchost.exe as Outgoing?