Hi people,
Am just getting used to CIS v3.9 after installation yesterday. I am running with Proactive Security, Firewall in Safe Mode and Defence+ in Clean PC Mode otherwise I have all default settings. I went to Shields Up this evening to test it and passed all tests except it told me that Ports 135 & 445 were open and that I should use my Firewall to close them.
Can someone tell me how to do this and what rules to apply?. Thanks in advance for any help offered.
It’s strange that it said those ports were open. You must have services running that use them. When I run shields up, it says that all ports except 113 are stealthed and that port is closed. It also said that stealthing that port could cause problems but says I failed the test.
From the shields up site:
Dealing with Port 445
Needless to say, you do NOT want port 445 exposed to the Internet. Like Windows port 135 (which is a whole different problem) port 445 is deeply embedded in Windows and can be difficult or impossible to safely close. While its closure is possible, other dependent services such as DHCP (dynamic host configuration protocol) which is frequently used for automatically obtaining an IP address from the DHCP servers used by many corporations and ISPs, will stop functioning.
Going Further: Closing port 135
The widespread exposure and insecurity of this port has generated a great deal of concern among PC gurus. This has resulted in several approaches to shutting down the Windows DCOM server and firmly closing port 135 once and for all. Although applications may be “DCOM enabled” or “DCOM aware”, very few, if any, are actually dependent upon the presence of its services. Consequently, it is usually possible (and generally desirable if you’re comfortable doing such things) to shut down DCOM and close port 135 without any ill effects.
Remember that if you are behind a router, this test is actually testing your router, not your software firewall.
I’m not sure of that. I have 2 ports forwarded through my router and when I probe them, it still says they are stealthed.
I found this too about ports being reported as closed:
–Unless you’re feeling paranoid, don’t worry about it.
‘Stealth’ is a bogus term - indeed if I remember correctly, it was invented by one Steve Gibson, the owner of the over-alarmist (and in many places quite ridiculously over-the-top) GRC site.
A port report as ‘closed’ is no less secure than a port reported as ‘stealth’.
Well yes, if you’ve allowed traffic through these ports and probe them, then the test will be hitting your software firewall…
There are a few replies but unless I am missing something no solutions. Can anyone offer any simple advice on what I should do. If as said, they are impossible to close how do the rest of you deal with them them?. Should I just leave them alone not being a technical expert or is there a rule I can set in regard to them?.
Nobody said they were impossible to close…
It’s just that if you are behind a router, they would need to be closed at the router and not through CIS.
Thanks for the reply HeffeD, I am not behind a router I have a cable modem fast ethernet broadband connection through Virgin Media here in the UK.
More information is needed; what is the firewall security level set to? Can you post a screenshot of your global rules?
Hi Nubiatech,
I am running Comodo CIS v3.9 in Proctive Mode. The AV is set to Stateful, the Firewall in Safe Mode and Defence+ is set to Clean PC Mode. All othe settings are at installation default levels. Here is a screenshot of my Global Rules as requested.
[attachment deleted by admin]
Problem solved. I applied Kyles Firewall and Defence+ configuration guides from the CIS guides section and all ports are now stealthed. I had to make a new Global Rule to allow my ISP to renew my address and all is well again. Thanks for the replies.