Hi guys !!

i don't remember krnl386.exe using port 137,138,139. looking in the kerio's status firewall windows appears this, 2 UDP protocols and 1 TCP. and 4292 bytes in the Rx column.

is this correct? i think this ports are used by Netbios or something like that but iam not sure.

tkz my friend.

Yes it is netbios. If you run a LAN with file sharing then you need to permit it for your lan machine, and block it from the internet.

If you do not run LAN, then rename x:\windows\system\vnbt.386 to x:\windows\system\vnbt386.ren, and reboot.

ok !!

but now there's no krnl386.exe using those ports, instead system is using them

cya...

Interesting, but that should have fixed the problem. Make sure there is no file called vnbt.386 still on your computer, and if you do find another one let me know please. However if its back in its original location try deleting it this time as you already have a backup as vnbt386.ren

Well I was looking for a page to help you disable all the settings that could cause netbios to listen, but didn't find the exact page I was looking for. I was looking for one that would actually go through the process when the checked box is greyed out so you can't disable netbios over tcp/ip.

-{ Quote: " quoting: BlitzenZeus link=board=23;threadid=15969;start=0#msg99477 date=1068190062]
Well I was looking for a page to help you disable all the settings that could cause netbios to listen, but didn't find the exact page I was looking for. I was looking for one that would actually go through the process when the checked box is greyed out so you can't disable netbios over tcp/ip.
" }-

BlitzenZeus, might this thread help? It has some links and post there that mentions the process to go through when that "Disable NetBIOS" box is greyed out.

http://www.wilderssecurity.com/showthread.php?t=13476;start=30