Now & then ZAF (v2.6.231) tells me that Distributed Com Services (v4.71.2900) is listening on two ports, & not always the same ports. Read article recently on the Web that said Dist. Com Services isn't generally considered an "evil empire" operation nor is it generally used against one's PC, but... Dist. Com Services (Rpcss.exe) seems to go its own way, no matter how I instruct ZA to handle it. So, I just wondered in general, what is this Dist. Com. thing doing, exactly - anyone know? Thanks for any info, SG1 (Pat)
Hi SG1, Here's a GRC page that describes DCOM in general, and is also rather timely given some of the current exploits that are being targeted. There is a tool there that allows you to disable it, if you'd like. http://grc.com/dcom/ You certainly can block this with ZAF... However, don't confuse blocking unsolicited inbound connections to port(s) related to RPC and DCOM with the fact that the service will still be listening locally on your system. The firewall can protect you from people outside trying to connect to those ports, but, they'll still be there, open locally on your system, and that's okay. You can disable or leave it all enabled & firewalled, and still be secure.
Hi SG1, I agree with LWM about using the program at GRC... A bit more info from http://www.pacs-portal.co.uk/ Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see herehttp://www.cexx.org/rpc.htm If you are on an NT based OS, you do not want to disable rpcss.exe. I would use gibson's DCOMbobulator to disable the expoloits.... HTH... Regards, Kent