can pull uyp services by going through Task Manager and then clicking the services tab and then clicking the sercvices button
Under the list of services, I see:
Remote registry and that is NOT on
Calls wrote:Thanks Send of Jive
Actually, currently I still have the NAV2008 with the inbound "firewall" that is my firewall and not Vista Firewall
The port 3389 shows listening when the Terminal Services is enabled. When Terminal services is disabled, there is nothing listening on the port. That is what leads me to believ that Terminal Services is opening the port
HI Calls,
Can you please clarify? You have NIS 2010 yet you say you also have NAV 2008 and using its inbound firewall??
First NAV does not have a true firewall and what little it does is inbound only and is referred to as Internet Worm Protection. Secondly you should not have NAV and NIS installed on the same computer.
Best wishes.
Allen
yes, sorry. let me clarify
At this time, I still have NAV2008 installed. Have been told by numerous Norton staff/Customer support, that NAV2008 has an internet worm protection which acts as inbound firewall (their words, not min)
Quick background- have had problems with unsolicited connections to my computer via port 3389. This started near 2 years ago. To resolve that, I was guided here on the forums to block inbound connection to port 3389. Which I have done and which has worked well.
Now I am preparing to install NIS 2010 and was checking on if I created the block port 3389 rule on NIS 2010, will I have to recreate that rule when NIS 2010 gets a new build.
I found that when I disabled Terminal services, then nothing was listening on Port 3389 so I would not have to worry about recreating that rule. But then if Terminal Services needs to be enabled and on, then thsi is where I am stuck now.
Actually, what you can do is set the terminal services (remote desktop services) to manual. That way it only runs when needed and will stop next time you restart. That's what I've done with mine and did not encounter any problem with NIS11 or NIS10 chat (I had a few of these).
HI Calls,
Thanks for clarifying that. In some ways the Internet worm protection acts as an in-bound firewall but it does nothing for out-bound. Outbound protection is also very important for a firewall.
NIS will provide both and has a good two way firewall.
Thanks again.
Allen
Also when upgrading from NIS08 to NIS11 (or the latest version), it is best to run the Norton Removal Tool AFTER the conventational uninstallation & reboot. ALso make sure "LiveUpdate" and "LiveUpdate Notifications" Uninstalled. Please note, the instruction for backing up the identity safe data may differ with versions. Also, I don't think Norton AntiVirus have a identity safe.
Try reinstalling the software.
Follow the following steps:
- Download the Norton Internet Security 2011 and the Norton Removal Tool
- Back up your Norton Identity Safe data by going to settings-->Web settings-->Backup identity safe data-->Choose the file you want the file to be created-->Ok.
- After you have downloaded the NIS11 installation file and the Norton Removal Tool, physically disconnect yourself from the internet by yanking the LAN cable or turning off the wireless switch or router.
- Go to add or remove program and remove Norton Internet Security 2011 conventionally. Choose remove ALL data and settings. Reboot.
- After reboot, run the Norton removal tool. Reboot. Then run the tool again.
- After one last final reboot, run the Norton Internet Security Installation file you have downloaded. If you are using Windows Vista or above, right click the file and select run as adminstrator. Wait till the installation is complete.
- When installation is complete, connect to the internet
- Run the LiveUpdate several times till nothing appears.
- Create your identity safe and restore the old login data by going to settings-->web settings-->Restore identiy safa data. Browse to the .npm file you created and click ok.
Optional steps:
You may want turn off monthly report (located in miscellaneous settings), and special offer notification (also located in miscellaneous settings). Monthly report will launch a popup similiar to the below window once a month. I don't find it helpful so I turned it off. The choice is entirely up to you.
There that should do it... You may want to print the instructions as you should not connect to the internet before Norton Internet Security is installed. Please note, this is the ENGLISH version.
Hi Calls,
In your other thread (I do wish you would stay in one place) you said:
In my Vista though, I
right click computer>click properties>remote settings
The box for "allow remote connectins to this computer", the box is already UNCHECKED ( even logged on as admin avcoount and see the same thing)
There are actully two settings that you need to make there. Please confirm both settings are correct. The first should be unchecked, the second marked as shown.
Please see this article for instructions on making these configurations, if needed:
http://www.vistarevisited.com/2008/09/07/how-to-disable-remote-assistance-in-vista/
@SendofJives, in Windows 7, this is simplified :D. The below window is for Windows7 Home premium.
AllenM wrote:HI Calls,
Thanks for clarifying that. In some ways the Internet worm protection acts as an in-bound firewall but it does nothing for out-bound. Outbound protection is also very important for a firewall.
NIS will provide both and has a good two way firewall.
Thanks again.
Allen
Thanks Allen-
So are you saying that once I install 2010, the port 3389 will not be in a listening status?
SendOfJive wrote:Hi Calls,
In your other thread (I do wish you would stay in one place) you said:
In my Vista though, I
right click computer>click properties>remote settings
The box for "allow remote connectins to this computer", the box is already UNCHECKED ( even logged on as admin avcoount and see the same thing)
There are actully two settings that you need to make there. Please confirm both settings are correct. The first should be unchecked, the second marked as shown.
Please see this article for instructions on making these configurations, if needed:
http://www.vistarevisited.com/2008/09/07/how-to-disable-remote-assistance-in-vista/
Send of Jive, when I log on as admin on my computer and I go
right click on computers> click on properties>remoyes settings
I just have the one item visable for Remote Assistance
I use Vista Home premium 32 bit with Vista SP2
Calls wrote:
SendOfJive wrote:Hi Calls,
In your other thread (I do wish you would stay in one place) you said:
In my Vista though, I
right click computer>click properties>remote settings
The box for "allow remote connectins to this computer", the box is already UNCHECKED ( even logged on as admin avcoount and see the same thing)
Send of Jive, when I log on as admin on my computer and I go
right click on computers> click on properties>remoyes settings
I just have the one item visable for Remote Assistance
I use Vista Home premium 32 bit with Vista SP2
This is actually true, only the Business, Ultimate and Enterprise versions have the remote desktop section.
Allen
Calls:
Please also keep in mind that because a port is listening, it does not mean that it is answering. The last time this question came up, it was your ISP's range. This time it is an ISP in China. In both instances 0 bytes were transferred.
Are we sure the IP address was Chinese? What was the remote address? ShieldsUP! reported that unsolicted packets were not getting through.
AllenM wrote:This is actually true, only the Business, Ultimate and Enterprise versions have the remote desktop section.
Allen
Whew, thanks Allen. I thought I had even more going wrong
SendOfJive wrote:Are we sure the IP address was Chinese? What was the remote address? ShieldsUP! reported that unsolicted packets were not getting through.
Send- yes when I checked it against ARIN WHOIS
Hi Calls,
If you do a Windows search of your PC for any file with "Remote Desktop" in the name, what comes up?
Calls wrote:
SendOfJive wrote:Are we sure the IP address was Chinese? What was the remote address? ShieldsUP! reported that unsolicted packets were not getting through.
Send- yes when I checked it against ARIN WHOIS
If I had a dollar for every whois reported here that turned out not to be what was initially thought.... Can you provide the actual IP Address?
delphinium wrote:Calls:
Please also keep in mind that because a port is listening, it does not mean that it is answering. The last time this question came up, it was your ISP's range. This time it is an ISP in China. In both instances 0 bytes were transferred.
Thanks Delphinium
I know I have had this explained to me before, but obviously I'm a dufus because I don't recall
So the port can be open and a program ( in this case Terminal Services?) listening on that port.
Then when anothe computer sends out a request to see if a port is "listening" then the port on my PC lets the other computer know its there? But does not necessarily establish a connection to exchange data? Can it exchange a little data and still not be maliciously connected?
AbitCool, Inc, Bejing, China
http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=37292341
You can't check these on ARIN, it has to be through APNIC
SendOfJive wrote:
Calls wrote:
SendOfJive wrote:Are we sure the IP address was Chinese? What was the remote address? ShieldsUP! reported that unsolicted packets were not getting through.
Send- yes when I checked it against ARIN WHOIS
If I had a dollar for every whois reported here that turned out not to be what was initially thought.... Can you provide the actual IP Address?
yes here it is
Now I just looked at my internet connection log and I see this inbound connection on my machine (11:59am)
| Details: | Connection: 59.151.112.219: 51346. to MY-PC: ms-wbt-server(3389). 0 bytes sent. 0 bytes received. 0.000 elapsed time |