We have a small office network (5 computers) and each has PC-cillin Internet Security 2006 installed. On 1 computer the firewall log is showing 4000 to 5000 entries every day. All of these are from the same computer on our network, all are directed to port 135. However, a virus scan of that computer comes up clean (with PC-cillin, McAfee's online scanner & MS's Malicious software tool). Can anyone tell me what is going on here? Is there anyway to stop it?
Some typical entries in the log are: Type Time Protocol Source IP Address Source Port Destination IP Address Destination Port Application Path Application Description Description Firewall 0:00:17 TCP 192.168.1.154 2630 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:00:20 TCP 192.168.1.154 2630 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:00:26 TCP 192.168.1.154 2630 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:01:11 TCP 192.168.1.154 2633 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:01:14 TCP 192.168.1.154 2633 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:01:20 TCP 192.168.1.154 2633 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:02:05 TCP 192.168.1.154 2634 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:02:08 TCP 192.168.1.154 2634 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:02:14 TCP 192.168.1.154 2634 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched Firewall 0:02:59 TCP 192.168.1.154 2635 192.168.1.100 135 C:\\WINDOWS\\SYSTEM32\\SVCHOST.EXE Generic Host Process for Win32 Services Security rule matched
Thanks for any help,
Pdarrah