none
Establish Local security policy in vain.

    Question

  • Dear all.

    I'm a faithful and candid private user of dozens of Microsoft products and paid every dollar I should to that company but still some disharmony exists between that company and me. 
    After collected some packets of my communication on the intnet by propriate tools available, assured there is someone eavesdrops or attacks me for sure. So I have to take measures to protect myself.

    The way is simple and direct but seems invalid due to not me. I construct local security policies as block those vulnerable ports as 137, 138, 139 etc. by first establish a new IP security policy, the in the ip filter list by adding those ports as 137, 138, 139 etc. both TCP and UDP and the source and destination address set to any address and those ports set to from and to respectively. Filter action set as block. Finally assign it. After my restart of computer, I found those ports are still being used by the System process through TCPView. 

    Can I regard these rejection of local security policy as the embedded defect as the backdoor used by windows and utilized by Microsoft to control the end user of windows system?

    My operating system is Windows 8 Professional.

    Thanks in advance.

    Best Regards.

    Friday, July 11, 2014 3:49 PM

Answers

  • OK.

    I seem to get the key idea now. If I'm not mistaken, the action layer of local security policty is just above inputs and outputs of windows' network lay and just below the layer controlled by the network monitor softwares. So while monitor softwares captured packets from the outside internet those blocked ports of the local computer did not respond at all. This perhaps the most resonable explanation.

    Thank you all the same!

    Best Regards

    • Marked as answer by geelpheels Tuesday, July 15, 2014 3:39 AM
    Tuesday, July 15, 2014 3:37 AM

All replies

  • If these ports are being used, what application or program is using them?

    You may try use Microsoft Message Analyzer to perform a deeper analyze:

    http://www.microsoft.com/en-us/download/details.aspx?id=40308

    Saturday, July 12, 2014 4:28 PM
  • You can also use command : netstat -ano

    and check the PID against the port # you want to track. Using PID you can check the application.


    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Saturday, July 12, 2014 4:34 PM
  • Thanks a lot.

    I found the port 135(RPC) is used by svchost.exe and 137,138,139(netbios related) is used by System process.

    And definitely, I have disabled NetBIOS over TCP/IP.

    Sunday, July 13, 2014 11:12 AM
  • Is this fixed now ? Or you still have more question here. :)

    Just checking if you need more support here.


    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Sunday, July 13, 2014 1:34 PM
  • OK.

    I seem to get the key idea now. If I'm not mistaken, the action layer of local security policty is just above inputs and outputs of windows' network lay and just below the layer controlled by the network monitor softwares. So while monitor softwares captured packets from the outside internet those blocked ports of the local computer did not respond at all. This perhaps the most resonable explanation.

    Thank you all the same!

    Best Regards

    • Marked as answer by geelpheels Tuesday, July 15, 2014 3:39 AM
    Tuesday, July 15, 2014 3:37 AM