I recently upgraded my McAfee VShield to a 6.2 version and it is working overtime. I keep getting Firewall Violation Warnings sometimes repeatedly dispite the fact that I click Do Not Allow and then OK and sometimes Cancel but it keeps reappearing, usually on a different port number. I have also clicked Keep Learning and OK but the result is the same.
The program name is : Distributed COM Services v4.7
The path is C:\WINDOWS\SYSTEM\RPCSS.EXE
The rule violation given is : Incoming from TCP/IP protocol on port 4216
A comment is attached : McAfee Firewall has determined this application is trying to access a resource that is outside it's allowed boundaries
Any ideas or recomendations would be appreciated.
Regards, Paul
Firewall Violations
Moderator: Wiz Feinberg
-
Michael Garnett
- Posts: 972
- Joined: 21 Feb 2001 1:01 am
- Location: Seattle, WA
Paul-
The fact that you have a good piece of software is good. I have never used that particular software, I always used Zone Alarm. They pretty much work the same way. I would try to find something in the options that doesn't allow ANY outside access, without you having to click every time on "do not allow." The message and comment would suggest to me that no unauthorized contact has been made, and that your firewall is doing its job. The change in port numbers accessed is very common (called "port scanning"), many malicious programs will "jiggle" every doorknob on your computer trying to find a way in. With good software, properly configured, you can lock all those doors.
To rid your computer of the program, you might want to see if you can "uninstall" it from the registry, by going to your Control Panel and clicking on "add-remove programs." If you see that name there, uninstall it. If not, delete the .exe file. There's nothing on your computer that should EVER try to do what it's doing.
Drop me a line if you need anything else. If you're not happy with this firewall software, try another like ZoneAlarm. www.zonealarm.com
The fact that you have a good piece of software is good. I have never used that particular software, I always used Zone Alarm. They pretty much work the same way. I would try to find something in the options that doesn't allow ANY outside access, without you having to click every time on "do not allow." The message and comment would suggest to me that no unauthorized contact has been made, and that your firewall is doing its job. The change in port numbers accessed is very common (called "port scanning"), many malicious programs will "jiggle" every doorknob on your computer trying to find a way in. With good software, properly configured, you can lock all those doors.
To rid your computer of the program, you might want to see if you can "uninstall" it from the registry, by going to your Control Panel and clicking on "add-remove programs." If you see that name there, uninstall it. If not, delete the .exe file. There's nothing on your computer that should EVER try to do what it's doing.
Drop me a line if you need anything else. If you're not happy with this firewall software, try another like ZoneAlarm. www.zonealarm.com
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
Do not delete rpcss.exe. And you can't just uninstall it, it's part of Windows. If you're running anything but NT, there are ways to disable it but you should proceed with caution.
Also, if you're running 2000 or XP, you may be seeing effects from the Blaster worm. Run a scanning tool to be sure you're not infected.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 21 August 2003 at 04:28 AM.]</p></FONT>
Also, if you're running 2000 or XP, you may be seeing effects from the Blaster worm. Run a scanning tool to be sure you're not infected.<FONT SIZE=1 COLOR="#8e236b"><p align=CENTER>[This message was edited by Jeff Agnew on 21 August 2003 at 04:28 AM.]</p></FONT>