Results 1 to 6 of 6

Thread: ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135

  1. #1
    hxllo Guest

    Default ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135

    One week ago i updated my ZoneAlarm Pro 7.0.362.000en to ZoneAlarm Pro 7.0.408.000en
    with a 'Clean Installation'. I dont change the recommended default settings.
    My Windows XP Prof. PC are updated with SP2 and the latest Windows/office online updates.
    Yesterday I have found out to my astonishment that with a Portscan http:// www.heise.de/security/dienste/portscan/
    the port 135 is indicated as open, although in ZoneAlarm Pro 7.0.408.000en port 135 is registered as blocked.
    (This are the default settings of ZoneAlarm Pro 7.0.408.000en)
    (Firewall-> Internet zone Security = High, "block incoming tcp port 135, etc . ..." )
    (Firewall-> Trusted zone Security = Medium)
    There I knew from earlier Portscans that with previous ZoneAlarm Pro versions the port 135 was also blocked,
    i have carried out the following tests.
    I have played in a backup of the C-Partition on which still ZoneAlarm Pro 7.0.362.000en was installed.
    Also with ZoneAlarm Pro 7.0.362.000en the port 135 is indicated with a Portscan as open.
    Thereupon
    I have played in a backup of the C-Partition on which still ZoneAlarm Pro 7.0.337.000en was installed.
    Now with a Portscan the port 135 was also indicated as blocked.
    Then I updated the ZoneAlarm Pro 7.0.337.000en version to ZoneAlarm Pro 7.0.408.000en.
    With a Portscan the port 135 was indicated now again as open.
    Then I deinstalliert ZoneAlarm Pro 7.0.408.000en and installed again ZoneAlarm Pro 7.0.337.000en.
    With a Portscan the port 135 was indicated now again as blocked.
    Can it be that ZoneAlarm Pro leaves the port 135 open starting from version 7.0.362.000en,
    although the port 135 is registered in ZoneAlarm Pro 7.0.408.000en as blocked?


    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Pro


    Message Edited by hxllo on 09-28-2007 06:34 AM

  2. #2
    watcher Guest

    Default Re: ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135

    Dear hxllo:

    Port 135 is used by a vital Windows service, RPC, not ZAPRO. To close it, you must edit the Registry, specifically:

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSs

    Add this string Value Name:

    ListenOnInternet=N

    Reboot. I have performed this edit myself and it works.

    Hope this helps.

    WATCHER

  3. #3
    hxllo Guest

    Default Re: ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135

    Thanks WATCHER,
    but the question was: why ZoneAlarm Pro 7.0.362.000en (and newer) does not block the port 135 any longer?
    However ZoneAlarm Pro 7.0.337.000en (and older) also blocking the port 135!

  4. #4
    watcher Guest

    Default Re: ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135

    Dear hxllo:

    I wouldn't know about ZAPRO v.7.0.362.000 as I have v.7.0.337.000 but I will say that ZAPRO v.7.0.337.000 NEVER blocked port 135 on my computer, nor any previous versions and I've been using ZAPRO since 2004. It was only when I did the Registry edit that it no longer showed up as an active port in netstat or other port-mapping utilities. Netstat showed it only in the LISTENING state, not ESTABLISHED. The latter state means the port is open. ZAPRO uses stateful packet inspection(SPI) so any unsolicited traffic inbound would be blocked. Only responses to traffic you initiated would be allowed.

    Hope this helps.

    WATCHER

  5. #5
    whb Guest

    Default Re: ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135

    <blockquote><hr>WATCHER wrote:
    Dear hxllo:

    Port 135 is used by a vital Windows service, RPC, not ZAPRO. To close it, you must edit the Registry, specifically:

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSs

    Add this string Value Name:

    ListenOnInternet=N

    Reboot. I have performed this edit myself and it works.

    Hope this helps.

    WATCHER
    <hr></blockquote>
    This part of your responce to hxllo's question: &quot;To close it, you must edit the Registry, specifically:

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSs&quot; It seems that you should be more SPECIFIC when you are responding or

    posting as to not add confusion to anyones problems they are already having.

    These are the proper Registry HKEY headings:

    HKEY_CLASSES_ROOT

    HKEY_CURRENT_USER

    HKEY_LOCAL_MACHINE

    HKEY_USERS

    HKEY_CURRENT_CONFIG

    Although i understand what and where you are referring to, but you must not forget that there are others with less knowledge, or who

    are kind of new to the lingo and can easily be thrown off by misinformation, and also to add that when giving anyone advice when

    dealing with the registry you should be that much more specific, because there are those like me when i and many others when we were

    first learning who are not scared to dive in and learn how to navigate the registry.

    All i am saying is that your entry:HKLM\SYSTEM\CurrentControlSet\Services\RpcSs is misleading to those less knowledgeable.


    Message Edited by whb on 04-25-2008 11:07 AM

    Message Edited by whb on 04-25-2008 11:14 AM

  6. #6
    whb Guest

    Default Re: ZoneAlarm Pro 7.0.362.000en (and newer) don't block port 135


    <blockquote><hr>WATCHER wrote:
    Dear hxllo:

    Port 135 is used by a vital Windows service, RPC, not ZAPRO. To close it, you must edit the Registry, specifically:

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSs

    Add this string Value Name:

    ListenOnInternet=N

    Reboot. I have performed this edit myself and it works.

    Hope this helps.

    WATCHER
    <hr></blockquote>


    I tried what you suggested and just as i said earlier &quot;you must be more specific&quot; because your registry entry does not work, and until

    you show a link to where your source is then and only then i will believe it works, you have got me thinking that you are leaving

    information out because of your wrong HKEY direction &quot;specifically:

    HKLM\SYSTEM\CurrentControlSet\Services\RpcSs&quot; it is

    incomplete but i know the location. YOU MUST BE SPECIFIC , and it would not hurt to add the link to where you got the information on

    this Registry hack which would further help in assisting others with this same question that hxllo asked.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •