I made a clean install, Windows XP x64 SP2, drivers (x64), NOD32 (x64), CFP3 (x64), Diskeeper 2k8 (x64), no any other program.
When I finished all install, I tested on grc.com (ShieldsUp!). It shows port 1025 is open (used by lsass.exe), port 1033 is closed (used by diskeeper), other ports are stealth.
When I shutdown Diskeeper server, port 1033 is stealth.
What does lsass.exe make? How can I shutdown it? In Task Manager I can’t: “This is a critical system process. task Manager cannot end this process.”
I can’t find it (hidden files are showed), but in CFP3 → “View Active Connections” this is the path: c:\windows\system32\lsass.exe TCP, Listening: 1025, Bytes In 0 / Bytes Out 0
Yes Lsass is for the “Security Accounts Manager” - “The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.” - Microsoft…
Anyway if it bothers you you can disable it in the services snap-in in mmc … just type services.msc in the RUN window and scroll down to disable it… if other services depend on it make sure you dont need them and disable them also… Restart for Changes to occur…
after that test to see if the port is still open …
This is interesting, we had some similar issues with V2, although I’m not sure they were totally resolved. It seems to affect some uses and not others…
As far as I remember, it’s Svchost.exe listening on port 1025 or port 1026. I guess you could block those and see what happens, but be prepared any problems.
shinobiteno: I tried to follow your instuction, but (this is my fault) doesn’t work.
Finally I reinstalled CFP with “I wanna know everything” option, and when I check on grc.com CPF alert me: lsass.exe wamts to accept connections from internet. I denied, so it works fine!
CPF3
PC Flank returned string
1025 closed n/a n/a
Shields UP! returned
1025 Host Closed Your computer has responded that this port exists but is currently closed to connections.
Yes, its not opened. But closed port and stealthed port is not really the same thing. Today its closed but exists and tells anyone about it. Sure it won’t open tomorrow? Note I used Stealth Ports Wizard but it didn’t help. Why NSA? It’s almost a joke ), but they are suspected to be spying ports 1024-1030: http://cryptome.org/nsa-ip-update11.htm
Hope port will be stealthed ASAP. Thanks for CPF3, nice work.
No, just modem D-Link 200, and my ISP doesn’t filter anything.
In a pic PC FLANK Stealth Test results with CPF2, but now I’ve got 135 port being stealthed! So 135 was visible in a prev. version. Now its not.