I just ran Steve Gibson's "ShieldsUP!" app and get this notice: "Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet." How do I block this with McAfee FW/AV ??
See attached png file.
Thank you for your time.
is your firewall security level set to Stealth? If not, set it and run ShieldsUp again.
You may need to go into firewall settings to the Ports and System Services section to check Port 445. According to a note in Windows Firewall's ICMP Settings, pings are automatically allowed if Port 445 is open.
My firewall is indeed set to Stealth.
Port 445 is in stealth mode yet SheildsUp still says my computer is replying to the ping request. Now what?
Thanks for your time.
If you use a router ShieldsUp may be reading it and not your computer. Check its settings. Most routers have a hardware firewall which should be on with no exceptions allowing certain ports for anything.Message was edited by: Ex_Brit on 28/06/12 7:15:08 EDT AM
I've checked my Cisco E1000 router and the hardware firewall is indeed on with no exceptions.... yet something is still replying to ping requests. LOL... now what?
If you check the router and can't see the answer there go back to Security Center, Firewall settings, Ports & System Services and uncheck all ports except 123, 5357, and 443. Check ports 25/110 if you have a mail client on your system. 445 should be unchecked.
Then (this may be unnecessary, but it might make a difference) go into Windows Firewall settings and select the Advanced tab. Click on ICMP settings and uncheck the first four boxes ("Allow incoming ..... request"). The first of those is for "incoming echo request". If Windows Firewall is disabled (and it should be) it shouldn't make any difference .... but it might.
I'm going to rerun ShieldsUp on mine and see what it says. Last time I did this it found no weaknesses. Alternatively, there are free McAfee tools in the Download section (at http://www.mcafee.com/us/downloads/free-tools/index.aspx) - Fport, ScanLine, SuperScan - that might be useful for this.
If 445 is open then it's probably being used by System (TCP) or McSvHost (UDP). At least that's what FPort tells me. FPort is a bit outdated - it's a command-line tool - but all you need is a utility to map ports to processes and/or applications and you'll see which ports are in use, at least.
As to why ShieldsUp can only see that one port, which is accepting ping requests, I'm not sure. Stealth mode, port closed by default, ICMP settings cleared : I have that and ShieldsUp says I'm invisible. Perhaps you've got something running which is allowing access through the firewall. FPort (or whatever you decide to use) should tell you that. Check your running processes - use Process Explorer, which can give you detailed information for each process about threads, ports, and lots more.
According to the SecurityCenter itself port 445 is used by Microsoft Directory Services - does that give you a clue? However even if it was open in SecurityCenter ShieldsUp should still not detect it because it should be stealth.
Message was edited by: Ex_Brit on 29/06/12 8:23:01 EDT AM
..and another thought. Conficker uses port 445. Check for it using McAfee's detection tool: http://www.mcafee.com/us/downloads/free-tools/conficker-detection.aspx
Might also be an idea to run Stinger and Malwarebytes Free, both linked here: https://community.mcafee.com/docs/DOC-2168