sean2002
February 1st, 2003, 07:05 PM
Here is what I found. I usually right after installing windows XP or 2000 I disable all the networking services. I can get it to where upon reboot, I have no listening ports. This has never caused any problems with any antivius or other software including NOD 32, but when I install the beta program will not load and also I cannot access ther internet after I install it. After day of trouble shooting I found what is causing this to happen. If I leave TCP port 135 listening like it is in a default installation, NOD 32 BETA will work fine, but I set it up so TCP port 135 is not listening, nod 32 BETA will hand during startup, and I cannot access the internet and a few other services will not start either. here is the instructions I used to close TCP port 135 verbatim.
The only remaining opened port is TCP port 135. It is opened by the Remote
Procedure Call (RpcSs) service and it is not possible to disable it because thisTEXTTEXTTEXT
service contains the COM service control manager, used by local processes.
TCP port 135 remains opened because it is used to receive remote activation
requests of COM objects. A global setting exists to disable DCOM and can be set
in the registry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Value: EnableDCOM
Type: REG_SZ
Content: "Y" (to enable) or "N" (to disable)
This registry value corresponds to the 'Enable Distributed COM on this computer'
setting that appears in the dcomcnfg tool:
C:\WINDOWS> dcomcnfg
However, disabling DCOM does not close TCP port 135. To close it, one solution
is to remove IP-based RPC protocols sequences from the list that can be used by
DCOM. In our case, the sequence ncacn_ip_tcp (transport on TCP/IP) can be
removed.
The simplest solution for this is to use the dcomcnfg tool and to remove
'Connection-oriented TCP/IP' in the 'Default Protocols' tab.
Under Windows 2000, dcomcnfg directly shows the DCOM properties of the local
system, in particular, the 'Default Protocols' tab. Under Windows XP, dcomcnfg
launches an MMC console showing three nodes. The 'Default Protocols' tab appears
in the properties of the My Computer node, under the Computer node.
The list shown in the 'Default Protocols' tab is stored in the registry, under
the following value:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
Value: DCOM Protocols
Type: REG_MULTI_SZ
Thus, it is also possible to directly edit the registry and remove ncacn_ip_tcp
from the DCOM Protocols value.
Now, it's the ncacn_ip_tcp protocallk which if it's removed NOD32 BETA will not load, if I add it back, it will load fine.. So my question is does NOD 32 BETA need this protocall to run?, the orginal; version runs fine with out it.
BTW, I can tell my firewall to block all incomming/outgoing to/from TCP port 135 and the program still runs fine, but I would rather not have it listening at all.
Sean.
The only remaining opened port is TCP port 135. It is opened by the Remote
Procedure Call (RpcSs) service and it is not possible to disable it because thisTEXTTEXTTEXT
service contains the COM service control manager, used by local processes.
TCP port 135 remains opened because it is used to receive remote activation
requests of COM objects. A global setting exists to disable DCOM and can be set
in the registry:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Value: EnableDCOM
Type: REG_SZ
Content: "Y" (to enable) or "N" (to disable)
This registry value corresponds to the 'Enable Distributed COM on this computer'
setting that appears in the dcomcnfg tool:
C:\WINDOWS> dcomcnfg
However, disabling DCOM does not close TCP port 135. To close it, one solution
is to remove IP-based RPC protocols sequences from the list that can be used by
DCOM. In our case, the sequence ncacn_ip_tcp (transport on TCP/IP) can be
removed.
The simplest solution for this is to use the dcomcnfg tool and to remove
'Connection-oriented TCP/IP' in the 'Default Protocols' tab.
Under Windows 2000, dcomcnfg directly shows the DCOM properties of the local
system, in particular, the 'Default Protocols' tab. Under Windows XP, dcomcnfg
launches an MMC console showing three nodes. The 'Default Protocols' tab appears
in the properties of the My Computer node, under the Computer node.
The list shown in the 'Default Protocols' tab is stored in the registry, under
the following value:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
Value: DCOM Protocols
Type: REG_MULTI_SZ
Thus, it is also possible to directly edit the registry and remove ncacn_ip_tcp
from the DCOM Protocols value.
Now, it's the ncacn_ip_tcp protocallk which if it's removed NOD32 BETA will not load, if I add it back, it will load fine.. So my question is does NOD 32 BETA need this protocall to run?, the orginal; version runs fine with out it.
BTW, I can tell my firewall to block all incomming/outgoing to/from TCP port 135 and the program still runs fine, but I would rather not have it listening at all.
Sean.