Help with possible remote ports listening in Windows 7

Discussion in 'other firewalls' started by Anon0011, Feb 21, 2020.

Thread Status:
Not open for further replies.
  1. Anon0011

    Anon0011 Registered Member

    Joined:
    Feb 20, 2020
    Posts:
    9
    Location:
    USA
    Hello all,

    I've spent a day trying to figure out why all these ports are listening on my Windows 7 Home PC (single PC, connected through router -> cable modem -> PC.

    I can't figure out what they're doing listening on these ports and if they're for remote connections. Can someone help me identify each port & if they are for remote connection, how to disable them?

    Here's what I got:

    49152, msrpc [wininit.exe]
    49153, msrpc [svchost.exe, Eventlog]
    49154, msrpc [svchost.exe, Schedule]
    49155, msrpc [services.exe]
    49165, msrpc [lsass.exe]

    I found some information online (not sure it's relevant) that said:

    Port 49152 provides the ability to shut the computer down remotely via the shutdown.exe tool. It can be disabled by writing registry DWord HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRemoteShutdownRPCInterface=1

    Port 49153 allows remote viewing of the Event Log. I don't know how to disable it yet.
    (worked)

    Port 49154 allows remote viewing and administration of Scheduled Tasks. It can be disabled by writing registry DWord HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\DisableRpcOverTcp=1

    Port 49155 allows remote viewing and administration of Local Services. It can be disabled by writing registry DWord HKLM\System\CurrentControlSet\Control\DisableRPCOverTCP=1

    Port 49165 - No clue
     
  2. Anon0011

    Anon0011 Registered Member

    Joined:
    Feb 20, 2020
    Posts:
    9
    Location:
    USA
    Nevermind, figured it out. I added:

    HKLM\Software\Microsoft\Rpc\Internet\UseInternetPorts="N"

    Now only connections I have are 135 RPCSS & Dnscache 5355.
    I don't see any reason to get rid of Dnscache. Not sure about RPCSS though.
     
  3. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,858
    and why do you screw up registry instead using the regular given switches?
    where did you read out the port numbers?
    did you read about internal communication ports?
    what is your final target?
     
  4. Anon0011

    Anon0011 Registered Member

    Joined:
    Feb 20, 2020
    Posts:
    9
    Location:
    USA
    1) I didn't screw up my registry, lmfao. What switcheso_O
    2) On a more helpful forum.
    3) I stated my final target.
    Bye!
     
  5. pandlouk

    pandlouk Registered Member

    Joined:
    Jul 15, 2007
    Posts:
    2,976
  6. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    5,858
    someone asked same long ago
    https://serverfault.com/questions/526607/what-is-msrpc-needed-for-on-a-windows-7-workstation
    those are working ports, several programs use such working ports for internal communication (eg firefox do, you can see both ends leading from<>to firefox)

    ofc this is win7 home (beside win8/10 pro) and do not matter that i wont turn it off that way more a firewall setting to deny access from WAN and only from LAN which makes more sense from my view.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.