Tried using RPCCFG utility from Microsoft to bind RPC to the loopback adapter. Unofrtunately, when I do so the computer BSODs at next system restart. Am I doing something wrong? Can anyone suggest ways to isolate RPC from the network? I'd rather configure the service itself than Firewall it.
Appears a few got this utility to run on Win 7. Appears it doesn't run on anything OS-wise later that that: https://social.technet.microsoft.co...patibility-on-windows-10?forum=win10itproapps
How to isolate RPC from network? Use firewall. This are my settings. It is for those who don't share files in local network via SMB protocol and other stuff. IPv4-only network. As you see I only allow DHCP packets (send via UDP protocol) and ICMP packets for input. Inbound connections that do not match a rule are blocked.
So it's safe to isolate RPC and WMI from the network via Firewall rules? My goal is to remove them as a remote access vector. I always assume in my threat-scenarios that the system password is already compromised.
Yes, especially inbound rules. Network is a place where lag, lost packets and even disconnections are a norm. Network facing services should be resistant against a lot of things. Blocking them by firewall, especially just inbound rules shouldn't make system unstable. You can have lost features, but this shouldn't make OS unstable.