SYSTEM application safe?

I am using Kaspersky Anti-Hacker version 1.8.180.0 Windows XP Pro US One of the active network application is "SYSTEM". Process ID 4 UDP 445 TCP 445 TCP 1030 Manufacturer (no information)? The only rule I can create is to block those ports. Is there a way I can find more information about "SYSTEM" (Manufacturer information)? Where in the register I can find more information concerning this application and the ports in use? I want to check if this application is safe? Help appreciated! Greetings, Yves7

Reply to
Yves
Loading thread data ...

Just forget "Anti-Hacker" (what a ridiculous name is this anyways?!), and use the Windows-Firewall.

Those popups are completely useless you're facing.

Yours, VB.

Reply to
Volker Birk

Dude, it's the pseudo process associated with the kernel and the applications are obviously SMB and a random RPC service.

Why do you wonder? You packet filtering software is crap. Matching your almost non-existent knowledge about packet filter configuration and networking.

Reply to
Sebastian Gottschalk

SYSTEM means just that. It's a process running under the control of the Win XP Operating SYSTEM. You should leave it alone. You should get a XP Pro Resource Kit Book and understand the O/S, instead of hollering wolf. You should dump the snake-oil. It's got you all paranoid.

For a machine that is directly connected to the modem, then you should try to harden the O/S as much as possible to attack, like removing the Network for MS Network and MS File and Print Sharing off of the Network Interface Card - unbind them from the NIC, as the machine shouldn't be in any networking situation on the Internet, along with other things you should be doing to harden and protect the O/S.

formatting link
Duane :)

Reply to
Duane Arnold

445 (udp/tcp) is windows file sharing. if you restrict connections to your local LAN subnet, you'll be fine 1030 is also windows; see
formatting link
for details
Reply to
Jeff B

1030 can be almost anything, and it's actually pretty unlikely that random RPC services get assigned to 1030 without even taking 1025-1029 first xor releasing them all.

Well, what would we expect from GRC anyway? :-)

Reply to
Sebastian Gottschalk

Be careful with that statement. Any machine inside your local LAN can still be infected, and if that infection targets port 445 it will spread to the others.

Reply to
prophet

If you want to allow access to shares you don't have much of a choice but leaving at least 445/tcp open. If you don't want to allow access to shares then just disable file and printer sharing. If you have some boxes that need access to shares and others that don't it's best to have the second group in a separate subnet and do the firewalling on the router between those subnets.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

thank you. The LAN is inside the firewall an presumptively 'safe'. if you can't trust your brother/sisters/coworkers, you segregate yourself from them. if you need level C security, then no ports would be open in the first place and you would have ACLs to control everything. Jeff

Reply to
Jeff B

I just meant that even a trusted machine inside your local LAN can still be compromised, and pose a threat to the rest of the network.

Restricting port 445 to access only the local LAN but not the internet doesn't automatically make you 100% safe, that's all I'm trying to say.

Reply to
prophet

Very true. I've seen the damage done when someone unintentionally brings in from the outside a compromised laptop that begins spreading the problem throughout the network.

Reply to
optikl

While this is true it is also entirely pointless in this regard. Either you need 445/tcp open, then you cannot protect it with a packet filter, or you don't need 445/tcp open, then disable sharing so you won't need a packet filter. It's as simple as that.

Restricting access from the Internet to port 445/tcp of some host on your LAN is best done on the border router, not by idividual host-based packet filters.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Agreed. I was merely commenting on the "you'll be fine" statement. I found that to be a bit careless. If you need that port open, you have to make sure other security measures are correctly configured. Usernames with (preferably strong) passwords should be used, and make sure antivirus programs are up-to-date for any cases where a virus is spread via filesharing. And even then you need to be vigilant and don't execute untrustworthy programs (granted, that's user education and can never be 100% foolproof) because a virus may be undetected until the next update(s).

Oh, and of course anonymous access (via the "Guest" account for example) should be disabled.

Reply to
prophet

agreed

agreed again :)

Reply to
Jeff B

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.