Microsoft.windows.security.FirewallOpenPorts -- what is it exactly? I scanned, but it had no info. Will spybot fully remove it? I dont want it coming back like virtumonde if its bad

This is Spybot's description for Microsoft.Windows.Security.FirewallOpenPorts:


Description=These entries will be shown if some ports for the Windows Firewall have been opened. Usually these ports are closed, or opened by user reference. Normally opening ports is not recommended, allowing applications is better suited for most users. Malware and trojan may open the ports to enable remote access to an infected computer.

So will spybot close them?

Yes,I assume it will close them if you allow Spybot to fix Microsoft.Windows.Security.FirewallOpenPorts after you run a scan.

I have had this come up the last 4-5 times I have run S&D. More specifically:

Microsoft.WindowsSecurity.FirewallOpenPorts: [SBI $9A7550B1] Settings (Registry value, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\12345:TCP

Every time I ask S&D to fix it, it says it does, then poof, there it is again!

After one instance I opened Windows Security and it showed that the Win firewall was on, which it should not have been as I use Comodo Firewall (v. 3.14.130099.587). I thought turning off the Windows Firewall would do the trick, but it hasn't. I did have issues with trying to update the Comodo to the new version 4 (said it couldn't complete installation) and went back to the version listed above. However, I think the first time I had this result come up in S&D was before I had to mess around with that; don't recall for sure. Anyway, the settings should be the same in the reinstallation of Comodo FW as I didn't do anything different. Any ideas what keeps causing this? Nothing else is found by S&D, just this.

oh, the OS is XP Home SP3, with all updates. Also, I use the latest free version of avast! AV and Malwarebytes and neither of these has found any malware, either.

Hello uzer5,


Every time I ask S&D to fix it, it says it does, then poof, there it is again!

After one instance I opened Windows Security and it showed that the Win firewall was on, which it should not have been as I use Comodo Firewall (v. 3.14.130099.587). I thought turning off the Windows Firewall would do the trick, but it hasn't. I did have issues with trying to update the Comodo to the new version 4 (said it couldn't complete installation) and went back to the version listed above. However, I think the first time I had this result come up in S&D was before I had to mess around with that; don't recall for sure. Anyway, the settings should be the same in the reinstallation of Comodo FW as I didn't do anything different. Any ideas what keeps causing this?

This is Spybot's description for Microsoft.Windows.Security.FirewallOpenPorts:
Quote:
Description=These entries will be shown if some ports for the Windows Firewall have been opened. Usually these ports are closed, or opened by user reference. Normally opening ports is not recommended, allowing applications is better suited for most users. Malware and trojan may open the ports to enable remote access to an infected computer.

It appears Spybot-S&D is trying to close a port that could be used by malware and then Comodo's Firewall may be re-opening for its own use.

Have you posted in the Comodo forums?

Best regards

OK, I think I've got it fixed. I may have somehow at one point accidentally set the firewall to custom policy mode instead of the usual safe mode. This set nearly all programs to outgoing only, any source, any port, any destination. After changing this, I didn't get the result in S&D again. However, now I have another issue after the latest update which I'll research here and post on separately if necessary.

Thanks for your reply.