Is this a bug in NOD32 Beta???

Discussion in 'NOD32 Early v2 Beta' started by sean2002, Feb 1, 2003.

Thread Status:
Not open for further replies.
  1. sean2002

    sean2002 Registered Member

    Jan 31, 2003
    Here is what I found. I usually right after installing windows XP or 2000 I disable all the networking services. I can get it to where upon reboot, I have no listening ports. This has never caused any problems with any antivius or other software including NOD 32, but when I install the beta program will not load and also I cannot access ther internet after I install it. After day of trouble shooting I found what is causing this to happen. If I leave TCP port 135 listening like it is in a default installation, NOD 32 BETA will work fine, but I set it up so TCP port 135 is not listening, nod 32 BETA will hand during startup, and I cannot access the internet and a few other services will not start either. here is the instructions I used to close TCP port 135 verbatim.

    The only remaining opened port is TCP port 135. It is opened by the Remote
    Procedure Call (RpcSs) service and it is not possible to disable it because this[glow=red,2,300]TEXT[/glow][glow=red,2,300]TEXT[/glow][glow=red,2,300]TEXT[/glow]
    service contains the COM service control manager, used by local processes.

    TCP port 135 remains opened because it is used to receive remote activation
    requests of COM objects. A global setting exists to disable DCOM and can be set
    in the registry:
    Value: EnableDCOM
    Type: REG_SZ
    Content: "Y" (to enable) or "N" (to disable)

    This registry value corresponds to the 'Enable Distributed COM on this computer'
    setting that appears in the dcomcnfg tool:

    C:\WINDOWS> dcomcnfg

    However, disabling DCOM does not close TCP port 135. To close it, one solution
    is to remove IP-based RPC protocols sequences from the list that can be used by
    DCOM. In our case, the sequence ncacn_ip_tcp (transport on TCP/IP) can be

    The simplest solution for this is to use the dcomcnfg tool and to remove
    'Connection-oriented TCP/IP' in the 'Default Protocols' tab.

    Under Windows 2000, dcomcnfg directly shows the DCOM properties of the local
    system, in particular, the 'Default Protocols' tab. Under Windows XP, dcomcnfg
    launches an MMC console showing three nodes. The 'Default Protocols' tab appears
    in the properties of the My Computer node, under the Computer node.

    The list shown in the 'Default Protocols' tab is stored in the registry, under
    the following value:
    Value: DCOM Protocols
    Type: REG_MULTI_SZ

    Thus, it is also possible to directly edit the registry and remove ncacn_ip_tcp
    from the DCOM Protocols value.

    Now, it's the ncacn_ip_tcp protocallk which if it's removed NOD32 BETA will not load, if I add it back, it will load fine.. So my question is does NOD 32 BETA need this protocall to run?, the orginal; version runs fine with out it.

    BTW, I can tell my firewall to block all incomming/outgoing to/from TCP port 135 and the program still runs fine, but I would rather not have it listening at all.

  2. jan

    jan Former Eset Moderator

    Oct 25, 2002
    Hey sean2002,

    that seems interesting ;) - we'll have a look at that.

    Thanks. :)

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.