Under analysis/connections ewido reports the following as listening
Protocol TCP /Local address0.0.0.0:445 /remote address 0.0.0.0:0/Status LISTENING
Protocol TCP/Local address 127.0.0. 1:1025/remote address 0.0.0.0:0/Status LISTENING
Protocol TCP/Local adddress 127.0.0.1:1027/Remote address 0.0.0.0:0/Status LISTENING
Is this a threat? None of my programs have server status and I have ZA firewall high setting and in stealth mode
Thanks in advance

check these websites for minimizing your services
on Black Viper's site he lists which services you
can safely turn off and the 2nd site gives an
excellent guide to closing services/ports

Black Vipers usual URL is this - but his site is down
http://www.blackviper.com/

use this instead - turn on Java or it will re-direct you to
Black Vipers site
http://web.archive.org/web/20041128094512/http://www.blackviper.com/

an excellent guide to closing services
http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html


445 = Microsoft_DS
1025/1027 are used by various things. I make a rule in my firewall
to not allow these ports as there are so many exploits associated
with them. You'd need to check what program/service is listening
could be a normal thing like services.exe

see here for more info on & for closing - port 445
http://www.outpostfirewall.com/forum/archive/index.php/t-6750.html

For me they correspond to the following:-

Kaspersky is 1027

ZA (vsmon.exe) is 1025

System (microsoft-ds) is 445

Why don't you try TCPView from Sysinternals or Active Ports from here:-

http://www.snapfiles.com/get/activeports.html

That will give you more info.