4 Replies Latest reply on Apr 9, 2010 9:47 AM by rmetzger

    McAfee 8.7i and PC Ports

    scoutt

      What exactly does McAfee do when looking at ports, specifically 135.

       

      Does McAfee block any ports or does it just watch them? That port 135 gets used for terminal server and stuff. If we have a lot of traffic on tha tport will McAfee slow it down or bloack it?

       

      Thanks

        • 1. Re: McAfee 8.7i and PC Ports

          I am not a product expert but I have moved your post to the VirusScan Enterprise area. Hopefully answer your question soon.

          • 2. Re: McAfee 8.7i and PC Ports
            rmetzger

            Hi Scoutt,

            scoutt wrote:

             

            What exactly does McAfee do when looking at ports, specifically 135.

             

            Does McAfee block any ports or does it just watch them? That port 135 gets used for terminal server and stuff. If we have a lot of traffic on tha tport will McAfee slow it down or bloack it?

             

            Thanks

            Is this a VirusScan Enterprise Edition (VSE) question or a Host Intrusion Prevention (HIPs) question?

             

            If HIPS: can a forum moderator please relocate this question to the  HIPS forum?

             

            If VSE:


            Port 135 is not directly related to terminal services, but rather RPC Locator Service Port. For those who might be reading this: MS created this port.

            The Remote Procedure Call (RPC) Locator Service Port (135) maintains a list of networked services that support RPC and DCOM standards. This list holds information regarding which ports and IP addresses the services are currently running on or listening on. Other computers can query this service to find details needed to connect to a desired RPC service.

             

            Terminal Services usually use TCP ports 3389-3392 (RDP) or a custom port as desired.

             

            I have not found that VSE blocks either ports for RPC or RDP. Port 25 (email sending) is the most likely blocked port used to block possible spam-bots from successfully running. Many email packages are already excluded from blocking (meaning, allowed to send).

             

            So, by default, VSE does not block 135 to my knowledge. However, if you are configuring VSE for a higher level of security than the defaults, there may be some issues.

             

            I hope this is helpful.

            Ron Metzger

            • 3. Re: McAfee 8.7i and PC Ports
              scoutt

              Thanks Ron, it is a VSE question.

               

              We are runningit default so no advanced protection so all should be fine.

              • 4. Re: McAfee 8.7i and PC Ports
                rmetzger

                scoutt wrote:

                 

                Thanks Ron, it is a VSE question.

                 

                We are runningit default so no advanced protection so all should be fine.

                Great!

                Thanks for the reply.

                 

                It has been my experience that VSE's mini-firewall does not negatively impact Windows communications, though I have not scientifically measured any performance loss. As with any filtering there could be some losses. But I think the improved security outweighs the minimally perceived performance loss. Though, on high performance application servers, this could be an issue and should be measured by some kind soul (scientifically speaking that is).

                 

                Thanks,

                Ron Metzger