open ports

DeepSeaDiver2005 · July 18, 2009, 11:37am

Help needed form the experts

We have all read tons of comments about closed and stealth ports and that we should not worry about them, but when GRC reports that all the ports are open and the firewall is on stealth mode, what is the issue?
Who should we trust. Are there any other sites we can test scan ports in the event GRC is going crazy?

Gary

larlyles · July 18, 2009, 1:17pm

I assume you are using CIS and does it show System Status with a checkmarked green circle? I have used CIS since it first came out in Beta and have never had GRC report any open ports when I have tested using Shields Up at the GRC site. I just tested again a minute ago and all ports were stealthed.

DeepSeaDiver2005 · July 18, 2009, 4:25pm

Thanks for you reply.

I had just downloaded a day or two ago the CIS_Setup_3.10.102363.531_XP_Vista_x64.exe.
Running Vista 64 - without the anti virus as i already have one installed (as you can see from the installation exe).
In System Status - All systems are active and running - Green check mark
Under Firewall/Advanced/Network Security Policy/Global Rules/Block And Log IP In From IP Any Where Protocol Is Any - is red with x and logging.
That is why i am totally confused of the (all) open ports status.
Also, I am behind a router on which firewall rules are set to block all incoming traffic. Therefore i should not see any open ports even if Comodo is not active (i am assuming the right thing?)
I uninstalled Norton Suite that was pre-installed on my laptop - HP HDX 18, Intel Core2 Quad 8 MB ram (I was on stealth mode then) to install Comodo, and in my book as a firewall neither Norton provides the security, nor allows advanced user control, proper logging or live connection monitoring like Comodo does. So when i see all ports open, i believe i have the reason to be concerned, at least realize that something is not working well.
For info, i did uninstall and re-install, same results. I know its weird specially that i never had any problems with the firewall on any of the other machines i have/had or recommended friends to install.
Thanks in advance
Gary

HeffeD · July 18, 2009, 5:03pm

GRC will be testing your router unless you have a DMZ set up. If GRC is showing open ports, no matter of configuration in CIS will change that.

However, it’s really not a big deal. Even if your ports actually are open, you have CIS lurking behind your router to still keep you protected.

Citizen_K · July 18, 2009, 5:09pm

First of all it sounds like there is something not right with your router setup. Did you put your computer by accident as DMZ (Demilitarised Zone) or Exposed host? That would explain why the router firewall is bypassed: your computer gets all the web traffic.

Try the Norton removal tool to make sure all Norton stuff is gone: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039 .

Then try running Diagnostics, under Miscellaneous, and see what it comes up with.

We are gonna take a look to see if there are some old drivers of your previous security programs are still around. Go to Device Manager → View → show hidden devices → now look under Non Plug and Play drivers → when you see a driver that belongs to your previous security programs click right → uninstall —> do this for all drivers → reboot your computer.

When the problem persists make sure there are noauto starts from your previous security programs download Autoruns and run it.

This program finds about all auto starts in Windows. This tool can therefore seriously damage Windows when not handled properly. After starting go to Options and choose to hide Windows and Microsoft entries and then push F5 to refresh.

Now check all entries to see if there are references to your previous security program. When you find them untick them. After unticking reboot your computer and see what happens.

DeepSeaDiver2005 · July 18, 2009, 5:12pm

I am not behind a DMZ. It is the same link i am using for both laptops both protected with CIS, one gives me stealth ports, the other open ports

Citizen_K · July 18, 2009, 6:54pm

What do you mean with “I am not behind a DMZ”? DMZ is a state the router puts a computer in. The computer is no longer behind the NAT and the router’s firewall. It is something to set up in the router. Please make sure you have your router set up properly.

DeepSeaDiver2005 · July 18, 2009, 11:33pm

1- Not on DMZ - Both machines on same link - wired and not wireless (don’t trust them)
2- Diagnostics reported no problem
3- Norton removal starts and then nothing happens (i will assume Norton totally removed)
4- No Non Plug and Play drivers
5- No auto starts

I just realized that it all depends on the startup. Sometimes CF works and stealth’s the ports, sometimes keeps everything open. So for now, i consider things are ok and the problem is from my side and not CIS causing the issue

thanks for all your help

Gary

Citizen_K · July 19, 2009, 12:22am

Do you have other security programs running in the background? Try disabling them and try again. Also make sure Windows Firewall is disabled; CIS won’t disable it when it is being installed.