Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
lucid717

XP - Close ports 135 & 445 at OS level

Recommended Posts

These are 2 problem ports that hang open and "listen in", if you've ever looked at FW logs/connection lists. I always like to harden and sure up things at the point of attack first instead of just relying on 3'rd party software to stealth ports. This way if an app failed to fire up properly at boot, or sometimes a router isn't working properly but you're oblivious to it because it's not in an obvious way. Like you may have internet connectivity but it's not stealthing ports properly. Anyhow, this is how you do it:

Run regedt32 (Port 445)

Go to: HKLM\System\CurrentControlSet\Services\NetBT

Locate the "Start" entry (DWORD value). Modify value from 1 to 4

Find "Parameters" entry in NetBT. Erase the "\Device\" value, leaving the field blank.

(Port 135)

Disable the Services: DCOM, COM+ Event System, COM+ System Application, System Event Notification

... You'll have to restart your computer to for DCOM to "Stop"

Run regedt32

Go to: HKLM\Software\Microsoft\OLE

Locate the entry "EnableDCOM". Modify the value to "N".

Now Go to: HKLM\Software\Microsoft\Rpc

Right click & modify the value named "DCOM Protocols"

Under the "Value Data" you will see several values, starting with "ncacn". Delete them all, leaving field blank

Close registry editor. Reboot computer. Ports 135 & 445 should be closed now.

Run the cmd "netstat -an" to see that those ports are no longer listening.

You can go ahead and turn those services back on again if you want to. It won't break anything, just close those ports. But really you don't need any of them except DCOM if you want to use the integrated defragmenter, or to update windows.

Edited by lucid717

Share this post


Link to post
Share on other sites

sorry to bring this thread to life again, but the fall creators update appears to have closed port 135.

previously trying to close it causes print spooler to stop working on rs2 and older windows versions.

Edited by RanCorX2

Share this post


Link to post
Share on other sites

None of these ports should ever be open past a firewall so it doesn't matter.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×