SUBSCRIBE via RSS

FAQ: Disable Port 135 (Disable DCOM)

"There’s No Such Thing As A Silly Question" -- does the cliche sound familiar? In this part of pimp-my-rig reloaded, technical questions are answered. Mail them to me and I will post the answers here. If you have a better answer, by all means share it with us.

FAQ: One of the questions thrown at me was about closing down port 135. This of course entails disabling the corresponding application using the port, which, in this case is DCOM. Thus this procedure is also for disabling DCOM.

NOTE: Remember, before making any changes backup the registry or export the branch for safekeeping. Simply merge the backup in case things don't go as smoothly.

[1] Start by launching the registry editor.

Start » Run » regedit.


[2] Navigate over to key: HKEY_LOCAL_MACHINE \ Software \ Microsoft \ OLE

At the right column, locate the value "EnableDCOM" and modify the value to "N".

[3] Navigate to this registry key: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ RPC

Right click on & Modify the value named "DCOM Protocols" Under the key "Value Data", you will see values like below (or something similar). These values keep port 135 open. Highlight everything listed and delete all existing data. Doing so gives "DCOM Protocols" blank data which will in turn close down port 135.



[4] It is now safe to disable the services related or tied to DCOM. Open Control Panel » Administrative Tools » Services. Disable the following services since DCOM has been disabled:
- COM+ Event System
- COM+ System Application
- System Event Notification


[5] Restart the computer after changes have been made. To verify, when your computer has restarted open a command terminal.

Type "netstat -an" and for certain you will no longer see port 135 -- meaning it has been closed. Hope this has helped you in finally closing down port 135, thereby eliminating a possible vulnerability.



In my experience, this has no impact on office applications or internet connectivity. If running other applications, consult with the vendor for requirements relating to port 135 (or DCOM) before closing it down.

Check with us again soon as we will outline how to close down port 137 (netbios-ns), port 138 (netbios-dgm) and port 139 (netbios-ssn).

You might also be interested in:

Feedback

We at pimp-my-rig strive to keep on improving, help us reach that goal by leaving comments or constructive criticisms. Don't miss out on our next feature -- subscribe via RSS (What is RSS?).

Share This

5 comments: