Default Block Web Services On Devices

Hi, there.

 

Still on NIS 2012.. just checking firewall activities and noticed alot of of instances saying:

 

Rule "Default Block Web Services on Devices" blocked communication.

 

Local address: All local network adapters (Port 5357)

 

Process name is System

 

I was just wondering if anyone could give me any information on these type of notifications.  Am curious, particularly, about Port 5357 as that is in a high range which could be 'suspicious'?   What do you think?

 

Ooh and blocking lots of other ports from System and svchost.exe ??  This is common?

Hi ghosty,

 

Port 5357 is used for Microsoft Network Discovery.  Web Services on Devices is similar to Plug 'n Play, allowing devices across a network to find each other.  If you have File and Printer Sharing enabled, Norton will allow this traffic as it is helpful, but if you do not share, Norton blocks it by default since it is not needed.  What you are seeing is Norton blocking the occasional communications that allow devices to find and work with each other.  Nothing to be concerned about - as mentioned, on a Shared network, these would be allowed.

Thank you very much! :)

You're welcome.