The Shields Up site showed port 135 was open. Is it possible that this was related to my recent use of the tracert command at the command prompt? Otherwise, I have no idea how long the port was open. Can there be any other explanation? Is it dangerous?
I haven’t updated my Comodo version (3.8.65951.477) for a while because the last time I visited these forums there was a complaint that the latest update was preventing a user’s windows logon. My OS is Vista Home Premium.
Thanks.
Hi nitpicker,
First and foremost I recommend you upgrade to the latest version, which can be found here:
Second, Port 135 is used to support a variety of MS services but id not associated with tracert. It’s actually The RPC (Remote Procedure Call) Endpoint Mapper and is a fairly crucial service. However, it should be in stealth mode as far as GRC is concerned, assuming you have run the stealth port wizard from within CIS/Firewall/Common tasks/…
As there are a number of known vulnerabilities that can be targeted at this port, I suggest you run a security check for any potential malware.
Please feel free to follow up with any additional queries you may have.
Before posting here, I reconfigured the firewall to stealth all ports (I thought this was default) and this seems to have solved the problem. I’ve installed version 3.11.108364.552 (not the AV).
Malwarebytes’ Anti-Malware full scan reports nothing.
Avira reports nothing.
SpyBot reports nothing
Could you give me some reasons why this port would be open (good and bad) and what the tell-tale signs of these activities would be.
Thanks.
Hi,
The port is open because there are services actively listening on that port, for example DCOM and RPC. The problem is that the RPC service is used by a number of Microsoft services. See the attached for some examples:
It is possible to disable DCOM, in fact, if I remember correctly grc.com used to have a small utility for doing just that, I think it was called DCOMbobulator.
Whilst it is possible to disable the RPC service, it’s highly recommended that you don’t, as it could cause various connection and service difficulties.
Best thing to do is make sure your stealthed and if necessary, create a firewall rule the blocks inbound and outbound connections for TCP on port 135.
[attachment deleted by admin]
Forgot to mention that immediately prior to installing the latest version (as mentioned in my post above), I returned to my PC after leaving it to download for several hours, only to find a “Sorry, had to close” message from my Comodo firewall.
I also installed SUPERAntiSpyware Free Edition which found Trojan.IRCBot/Dropper-Gen. However, the “trojan” turned out to be a small VB6 program I’d written myself. I can’t see how SUPERAntiSpyware could even have made a heuristic stab at this since it is basically a text box that counts the links I paste into it.