I´ve got to face an issue concerning my McAfee firewall since its last update and I´d be very thankful if you helped me solving this problem:
My McAfee Security Center (including the firewall) worked just fine on my Win 7 Home Premium system with all available updates but since the last update certain ports seem to be open and can´t be closed. The shields up service provided by the site www.grc.com offers a quick check regarding open ports. So far I´ve passed every test and all the ports were closed. However since the last update it indicates that the ports 135 and 445 are open.
It´s true that the McAfee firewall settings grant you the option to close respectively open individual ports but it doesn´t effect the outcome of the test. The aforementioned ports remain open (besides I don´t have a router so the results refer indeed to the McAfee firewall and not to a router built-in one).
I´ve already uninstalled the McAfee software completely, cleaned up its remains via the MCPR tool and downloaded the newest McAfee version (Security Center build: 12.8.750; Personal Firewall build: 13.8.706) from my online account but unfortunately the results remain exactly the same: The ports 135 and 445 are indicated as open. Trying to close them via the firewall´s setting still doesn´t do anything.
Thanks in advance for all of your efforts.
Nachricht geändert durch gemini on 12.10.13 20:47:49 CDTNachricht geändert durch gemini on 12.10.13 21:30:11 CDT
Those ports are commonly used by system services, and before you attempt to close them you need to know what programs or processes are using them.
Download and run McAfee's fport (which gives you enhanced "netstat -an" output). The download page gives an example of the output which shows Ports 135 and 445 allocated to Svchost and System respectively. If these processes need those ports to be open then either they will override your closure or - if the ports stay closed - they may not work properly. Run it yourself and see what's using those ports.
Alternatively open Security Center and click on Navigation, then open Traffic Monitor and select Active Programs. When I do that I see Port 135 in use (Listening) by "Generic Host Process for Win32 Services" and Port 445 in use (Listening) by System Process.
First of all I´ve got to thank you for your quick reply Hayton.
I´ve downloaded the fport programm but unfortunately it doesn´t work for me: When I run it (as an administrator) a MSDOS-window pops up and disappears immediately.
The McAfee Traffic Monitor does work and displays the exact same results you´ve mentioned: Port 135 in use (Listening) by "Generic Host Process for Win32 Services" and Port 445 in use (Listening) by "System Process".
However I´m still worried as these services use -according to the McAfee Traffic Monitor- also other ports (e.g. the "System Process" ist specified as listening to the ports 137, 138, 139 as well) but grc.com declares their status as "stealth" whereas the ports 135 and 445 are said to be widely open. Here´s the quote from grc:
Port 135 OPEN! (Remote Procedure Call) This impossible-to-close port appears in most Windows systems. Since many insecure Microsoft services use this port, it should never be left "open" to the outside world. This port has been exploited to send "Messenger Spam" pop-ups to Microsoft windows users. Since it is impossible to close, you will need a personal firewall or NAT router to block it from external access. Do it soon!
Port 445 OPEN! This impossible-to-close port first appeared on Windows 2000 and was carried over to Windows XP. Since several insecure Microsoft services use this port, it should never be left "open" to the outside world. Since it is impossible to close you'll need a personal firewall or residential NAT router to block this port from external access. Do it soon!
I think it´s quite normal for these ports to appear in the Traffic Monitor but I guess they shouldn´t been listed as widely open (before the latest McAfee´s update grc.com always said these ports were closed and everything worked properly).
Nachricht geändert durch gemini on 12.10.13 23:05:58 CDTNachricht geändert durch gemini on 12.10.13 23:06:50 CDT
If you have a router or modem that has a firewall too the software will most likely be reading that rather than your Windows installation so its settings would need to be checked.
What does Shields Up say? https://www.grc.com/x/ne.dll?bh0bkyd2
Message was edited by: Ex_Brit on 13/10/13 6:49:44 EDT AM
Thank you Ex_Brit for joining the discussion.
Shields up says that the ports 135 & 445 are open, whereas all the other ports are said to be in stealth mode. In addition it points out that my system replied to the Ping (ICMP Echo) requests. Before the last McAfee update Shields Up let me pass its security test (no ports were open whatsoever).
I don´t have a router or a modem with a built-in firewall so the results of the probe refer to the Settings of my firewall.
Nachricht geändert durch gemini on 13.10.13 06:39:36 CDTNachricht geändert durch gemini on 13.10.13 06:40:07 CDT
There must be some software installed that has done that, but what is anyone's guess.
Hayton may have something to add, but if not I would open a case with Technical Support, it's free by phone or online chat and linked under Useful Links at the top of this page.
I trust that Win7 is SP1 and fully updated?Message was edited by: Ex_Brit on 13/10/13 7:54:26 EDT AM
Win 7 is SP1 and fully updated. McAfee´s regular virus scans and one I´ve carried out just a few hours ago don´t stumble across anything suspicious either. As I´ve already pointed out passing the Shields Up test has never been a Problem.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: