Improve Windows Security By Closing Open Ports
A standard Windows operating system installation has a number of ports open right after installation. Some of the ports are needed for the system to function properly, while others may be used by specific programs or features that only some users may require.
These ports can pose a security risk as every open port on a system may be used as an entry point by attackers. If that port is not needed for functionality, it is recommended to close it to block any attacks targeting it.
A port allows communication to or from the device basically. Characteristics of it are a port number, an IP address and a protocol type.
This article will give you the tools at hand to identify and evaluate the open ports on your Windows system to make decisions in the end whether to keep them open or close them for good.
Software programs and tools that we will use:
- CurrPorts: Available for 32-bit and 64-bit editions of Windows. It is a port monitor that displays all open ports on a computer system. We will use it to identify the ports and the programs that are using them.
- Windows Task Manager: Also used to identify the programs and link some ports to programs.
- Search Engine: Searching for port information is necessary for some ports that cannot be identified that easily.
It would be an impossible task to go through all of the ports that are open, we will therefore use a few examples so that you understand how to check for open ports and find out whether they are required or not.
Fire up CurrPorts and take a look at the populated main area.
The program displays the process name and ID, local port, protocol and local port name among others.
The easiest ports to identify are those with a process name that corresponds to a running program like RSSOwl.exe with the process ID 3216 in the above example. The process is listing on the local ports 50847 and 52016. Those ports are usually closed when the program closes. You can verify that by terminating a program and refreshing the list of open ports in CurrPorts.
The more important ports are the ones that cannot be linked to a program right away like the System ports shown on the screenshot.
There are a few ways to identify the services and programs linked to those ports. There are other indicators that we can use to discover the services and applications besides the process name.
The most important information is the port number, the local port name and the process ID.
With the process ID we can take a look in the Windows Task Manager to try and link it to a process running on the system. To do that you need to start the task manager (press Ctrl Shift Esc).
Click on View, Select Columns and enable the PID (Process Identifier) to be shown. That's the process ID that is also shown in CurrPorts.
Note: If you use Windows 10, switch to the Details tab to display the information right away.
Now we can link process IDs in Currports to running processes in the Windows Task Manager.
Let us take a look at some examples:
ICSLAP, TCP Port 2869
Here we have a port that we cannot identify immediately. The local port name is icslap, the port number is 2869, it uses the TCP protocol, it has the process ID 4 and the process name "system".
It is usually a good idea to search for the local port name first if it cannot be identified right away. Fire up Google and search for icslap port 2869 or something similar.
Often there are several suggestions or possibilities. For Icslap they are Internet Connection Sharing, Windows Firewall or Local Network Sharing. It took some research to find out that in this case it was used by the Windows Media Player Network Sharing Service.
A good option to find out if this is indeed the case is to stop the service if it is running and refresh the port listing to see if the port does not appear anymore. In this case it was closed after stopping the Windows Media Player Network Sharing Service.
epmap, TCP port 135
Research shows that it is linked to the dcom server process launcher. Research also shows that it is not a good idea to disable the service. It is however possible to block the port in the firewall instead of closing it completely.
llmnr, UDP port 5355
If you look in Currports your notice that the local port name llmnr uses the UDP port 5355. PC Library has information on the service. It is referring to the Link Local Multicast Name Resolution protocol which is related to the DNS service. Windows users who do not need the DNS service can disable it in the Services Manager. This closes the ports from being open on the computer system.
Recap
You start the process by running the free portable program CurrPorts. It highlights all open ports on the system. A good practice is to close all programs that are open before you run CurrPorts to limit the number of open ports to Windows processes and background applications.
You may link some ports to processes right away, but need to look up the process ID displayed by CurrPorts in the Windows Task Manager or a third-party application like Process Explorer otherwise to identify it.
Once done, you may research the process name to find out if you need it, and whether it is possible to close it if you don't require it.
Conclusion
It is not always easy to identify ports and the services or applications they are linked to. Research on search engines usually provides enough information to find out which service is responsible with ways to disable it if it not needed.
A good first approach before starting to hunt down ports would be to take a close look at all started services in the Services Manager and stop and disable those that are necessary for the system. A good starting point to evaluate those is the services configuration page on the BlackViper website.
What mental age of reader are you targeting with the first sentence? 10?
Why not write an article on how to *avoid* upgrading from W10 to W11. Analogous to those like me who avoided upgrading from 7 to 10 for as long as possible.
If your paymaster Microsoft permits it, of course.
5. Rufus
6. Ventoy
PS. I hate reading these “SEO optimized” articles.
I used Rufus to create an installer for a 6th gen intel i5 that had MBR. It upgraded using Setup. No issues except for Win 11 always prompting me to replace my local account. Still using Win 10 Pro on all my other PCs to avoid the bullying.
bit pointless to upgrade for the sake of upgrading as you never know when you’ll get locked out because ms might suddenly not provide updates to unsupported systems.
ps…. time travelling?
written. Jan 15, 2023
Updated • Jan 13, 2023
This happens when you schedule a post in WordPress and update it before setting the publication date.
Anyone willing to downgrade to this awful OS must like inflicting themselves with harm.
I have become convinced now that anybody who has no qualms with using Windows 11/10 must fit into one of the following brackets:
1) Too young to remember a time before W10 and W11 (doesn’t know better)
2) Wants to play the latest games on their PC above anything else (or deeply needs some software which already dropped W7 support)
3) Doesn’t know too much about how computers work, worried that they’d be absolutely lost and in trouble without the “”latest security””
4) Microsoft apologist that tries to justify that the latest “features” and “changes” are actually a good thing, that improve Windows
5) Uses their computer to do a bare minimum of like 3 different things, browse web, check emails, etc, so really doesn’t fuss
Obviously that doesn’t cover everyone, there’s also the category that:
6) Actually liked W7 more than 10, and held out as long as possible before switching, begrudgingly uses 10 now
Have I missed any group off this list?
You have missed in this group just about any professional user that uses business software like CAD programs or ERP Programs which are 99% of all professional users from this list.
Linux doesn’t help anyone who is not a linux kid and apple is just a fancy facebook machine.
Microsoft has removed KB5029351 update
only from windows update though
KB5029351 is still available from the ms update catalog site
1. This update is labaled as PREVIEW if it causes issues to unintelligent people, then they shouldn’t have allowed Preview updates ot install.
2. I have installed it in a 11 years old computer, and no problems at all.
3. Making a big drama over a bluescreen for an updated labeled as preview is ridiculous.
This is probably another BS internet drama where people ran programs and scripts that modified the registry until they broke Windows, just for removing stuff that they weren’t even using just for the sake of it.
Maybe people should stop playing geeks and actually either use Windows 10 or Windows 11, but don’t try to modify things just for the sake of it.
Sometimes removing or stopping things (like defender is a perfect example) only need intelligence, not scripts or 3rd party programs that might mess with windows.
Windows 11 was a pointless release, it was just created because some of the Windows team wanted to boost sales with some sort of new and improved Windows 10. Instead, Microsoft cannot support one version well let alone two.
Windows 11 is the worst ugly shame by Microsoft ever. They should release with every new W11 version a complete free version of Starallback inside just to make this sh** OS functionally again.
motherboard maker MSI has recently released a statement regarding the “unsupported processor” blue screen error for their boards using Intel 600/700 series chipsets & to avoid the KB5029351 Win11 update:
https://www.msi.com/news/detail/MSI-On–UNSUPPORTED-PROCESSOR–Error-Message-of-Windows-11-Update-KB5029351-Preview-142215
check out the following recent articles:
Neowin – Microsoft puts little blame on its Windows update after UNSUPPORTED PROCESSOR BSOD bug:
https://www.neowin.net/news/microsoft-puts-little-blame-on-its-windows-update-after-unsupported-processor-bsod-bug/
BleepingComputer – Microsoft blames ‘unsupported processor’ blue screens on OEM vendors:
https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-unsupported-processor-blue-screens-on-oem-vendors/
While there may be changes or updates to the Windows 10 Store for Business and Education in the future, it is premature to conclude that it will be discontinued based solely on rumors.
My advice, I left win 15 years ago. Now I’m a happy linux user (linuxmint) but there is Centos, Fedora, Ubuntu depending on your needs.
motherboard maker MSI has recently released new BIOS/firmware updates for their Intel 600 & 700 series motherboards to fix the “UNSUPPORTED_PROCESSOR” problem (Sept. 6):
https://www.msi.com/news/detail/Updated-BIOS-fixes-Error-Message–UNSUPPORTED-PROCESSOR–caused-BSOD-on-MSI-s-Intel-700-and-600-Series-Motherboards-142277
I try to disable the Diagnostics Tracking Service (Connected Devices Platform User Services) but it wont let me disable it, any help will be greatly appreciated.
Tank you for your help