What is this?

Discussion in 'other firewalls' started by Donn, Mar 28, 2004.

Thread Status:
Not open for further replies.
  1. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    Zone Alarm intercepts an outgoing request that comes up whenever I boot up to desktop, before going on the net:

    Distributed COMM Services
    source: IP 0.0.0.0 Port 135
    application RPCSS.EXE
    Version 4.71.3328

    What is it?

    edit: also, I just downloaded MRU Blaster: ques:

    How to donate by snail mail?

    Donn
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi Donn :)

    Welcome to Wilders.

    U are asking 2 questions about very different subjects so i moved your post over here to Other Firewalls for your Zone Alarm question.

    For your second question u may want to edit your post and ask this question again back in the MRU Blaster forum.




    snowbound
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Remote Procedure Call. Required by windows for programs to communicate with each other on networks/different machines. Originally for NT only but now installed with Win98/98se. Under Win98/98se, a program may need it to communicate with other components of itself. You could delete the program but if any abnormalities occur soon after then reinstall. Under NT, deleting this critical system component will disable the OS. For a more detailed explanation see:

    http://www.cexx.org/rpc.htm
     
  4. me

    me Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    33
    Location:
    New Baden, IL
  5. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    It is normal to see this service establishing a listening connection on local service/port 135. Inbound connections to this service from the WAN (Internet) is something that should be blocked with your firewall. If you are on a LAN, this is something that could be allowed for those systems (Local Zone).

    Do the logs indicate any destination IP?

    Regards,

    CrazyM
     
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    DCOMbobulator
    Tame Windows insecure DCOM facility

    Ever since Windows 98, a powerful, but unnecessary and rarely used facility known as DCOM (Distributed Component Object Model) has been an integral part of Windows. The DCOMbobulator checks the effectiveness of Microsoft's security patches and allows the user to increase the security of their system by simply turning DCOM off.

    You can download this little prog here:

    http://www.grc.com/freepopular.htm

    Greetings,

    Gerard
     
  7. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    Thanks for the info and downlds. I have WinMe, so howcom I have this program, are there some parts of Win NT and 98 in Me? With tht in mind should I let it live or delete it? o_O

    Iwill be dwnldg the patch that was supplied, thanks for that, but I really do NOT like dwnlding from M$, I swear it makes me feel like one of those kids on Fear Factor that has to lay ina glass box full of scorpions or tarantulas. :'(

    thanks//Donn
     
  8. RedLobster

    RedLobster Guest

    D O N O T D E L E T E


    deletion may make you sysytem UN-USEABLE........on win98 or 98se.....how can I be so sure.....CAUSE I ONCE DELETED IT LOL


    Its harmless.......CrazyM covered it all.
    As Gerard said DCOM can be dis-able..I disable vie the registry.....but use the program G referred you too....safer
     
  9. RedLobster

    RedLobster Guest

    CORRECTION:

    Come to think of it I didn't delete it...I just locked it up preventing it from running an just that slammed the computer
     
  10. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    Ok, so if it is safe to disable, then it is safe to just leave it alone (my favorite action) and just put on the firewall on permanent block? Long as it is broad, right?

    But since I have WinMe and not NT or 2000, why is it there and asking for access, also, what is Win32 kernel.dll. Sygate is asking me permission to allow it access --core component, right? why should it be suspect enough to ask?

    //Donn
     
  11. RedLobster

    RedLobster Guest

    Donn


    Don't delete...don't disable...just leave it alone......an block...if you are on a home pc
     
  12. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    Yep, home pc, ok I'll just let it run then, and teh Win 32 Kernell.dll?

    //donn
     
  13. RedLobster

    RedLobster Guest

    ok,,,Donn may be confused..hows this:


    DCOM = disable

    rpcss = leave alone..block
     
  14. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    Oh, now I am rally confused. As I read the Sygate notice it told me that Distributed COMM Services was asking for permission to access the internet with a file named:
    RPCSS.EXE.

    It also is asking for permission to let Win32 Kernell.dll have access. I know tht's a core component, I am wondering why it is aksing me to allow/disallow access.

    We cool now?

    //Donn
     
  15. RedLobster

    RedLobster Guest

    Donn ..sorry,,we are cross posting at the same time...


    ""Yep, home pc, ok I'll just let it run then, and teh Win 32 Kernell.dll?

    //donn """



    Yes, thats correct
     
  16. RedLobster

    RedLobster Guest

    DONN

    Just Block...........nothing else....just block


    --------------------------------

    This confuses lots of people...would take awhile to explain....just enjoy your surfing instead........
     
  17. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    Ok, we got it. I let Win32 Kernel.Dll run and kept the block on DCOM. I recall that mjc mentioned in regard to this file that it goes through port 135, and that port 135 should not be exposed to the net. But it kept coming at me and my thought was, maybe there is more to this than meets the eye, so..when in doubt communicate..as a famous man once said.

    Best//donn
     
  18. RedLobster

    RedLobster Guest

    DONN..you are doing just fine....the confusion came from us cross posting.....

    Ok.....on my computer..

    rpcss = blocked

    DCOM =disabled

    yes 135 is a netbios port an should be blocked if file sharing is not used.....an yes rpcss wants to use that port.....blocking rpcss wont do any harm to your computer...nor to rpcss........
    A firewall rule could be made for rpcss..but Donn that may be alittle much for you just now.........easier on you to just block BOTH DCOM and RPCSS..................you don't have to disable DCOM as I do.....just blocking it works ok.......so where are we.

    DCOM =block

    rpcss = block

    That should keep it simple.......an I sure believe in keeping life simple LOL
    Nice having met you Donn........

    was just thinking to myself that if javacool doesn't fix spywareblaster soon....I'll have to become a member here....posting left and right ..lol
     
  19. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    that's interesting --I just dwldd spywareblaster today, it is the newest version, what should I be on the lookout for?

    //Donn
     
  20. RedLobster

    RedLobster Guest

    Donn

    SB does not install correctly on win 98 and winME......javacool is working on solving the issue......
    Since we are on the subject......spywareblaster will need to be allowed out for updates.....only OUT......
     
  21. Donn

    Donn Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    11
    uhmm, sorry if it's a distraction from your regular duties, but I am not familiar with the terms "allowed out" "only OUT" what does that mean to me with Win Me (looked like an ok dwld to me, noprobs, smooth as silk...)

    //Donn
     
  22. RedLobster

    RedLobster Guest

    Donn

    Duties.....got none.....I am just visting here an offering a helping hand to those I can.
    SB...yeah, thats the thing it installs for some but not for all........which OS are you using..if you don't mind saying....somehow I thought it was win98 ( oh, your os wont change what we already talked about = rpcss/dcom/)
    Hey, notice in another thread you stated being hit by a trojan.....Donn, you do have a trojan and anti-virus scanner ?
    Now as for the IN/OUT term

    internet explorer needs to be allowed OUT...but does not need to be allowed IN
    This simple means that you can allow programs OUT of your system(pass the firewall)......but you don't need to allow programs INTO your system(blocked by firewall..........your anti-virus allowed OUT for updates.....but not IN for any reason....just apply that respectively to all your programs....
    THINGYS can piggyback into a system on the back of honest programs...or an open port can be hacked if its being kept out because of an improper Rule or no RULE.......you don't need to FULLY understand thing at this point but you do need to make your your ports are stealted.......so, before doing anything else go over to the WILDERS free services page an the look for PCFLANK....go there an take both the stealth test and the advaced test.....there is also a like in free services to the sygate scanning site.......take them both..if you have time......do PCFLANK first if you will.....an don't worry the scans are ok......no danger.....
    let us know if you don't have anti-virus/trojan scanners...ok.......
    P.S. lets get you nervous LOL...if you have a port OPEN....thats bad news...
     
  23. RedLobster

    RedLobster Guest

    With all those typos in my last post I hope you can wade through the mistakes and understand what I said.....
     
Loading...
Thread Status:
Not open for further replies.