Port 445 is opened on a Windows Server when using the Windows Event Collector (2024)

Port 445 is opened on a Windows Server when using the Windows Event Collector

book

Article ID: 177254

calendar_today

Updated On:

Issue/Introduction

Why does Symantec Security Information Manager v4.x using the Windows Event Collector (WEC) open up ports 445 and 139?

Symptoms
You are watching ports on the Windows Server that are sending events to Symantec Security Information Manager v4.x through the WEC collector and notice that port 445 and sometimes port 139 are opened.

Cause

This will happen if you use a hostname or IP address that is not resolvable in the WEC Sensor settings because the Windows Server is trying to resolve the host name with the IP address.

See Also
How to configure RPC to use certain ports and how to help secure those ports by using IPsec

Resolution

You will need to add the hostname to the host file on the machine with the WEC collector or change the Sensor settings to a hostname or IP address that is resolvable and restart both computers to clear this port.

According to Microsoft port 445 is the microsoft-ds (NetBios helper) port and also used for

    SMB Fax Service
    SMB Print Spooler
    SMB Server
    SMB Remote Procedure Call Locator
    SMB Distributed File System
    SMB Net Logon

You will need to change the Sensor settings to a hostname or IP address that is resolvable or add the hostname to the host file on the machine with the WEC collector and restart both computers to clear this port.

References
Microsoft has this document on the ports for Windows:

http://support.microsoft.com/kb/832017

Technical Information
TCP port 445 is used for direct TCP/IP MS Networking access without the need for a NetBIOS layer. This service is only implemented in the more recent verions Windows starting with Windows 2000 and Windows XP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2K/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP, ports 137, 139 and 138/udp). In Windows 2K/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.

Port 445 should be blocked at the firewall level. It can also be disabled by deleting the HKLM\System\CurrentControlSet\Services \NetBT\Parameters\TransportBindName (value only) in the Windows Registry.


Feedback

thumb_up Yes

thumb_down No

Port 445 is opened on a Windows Server when using the Windows Event Collector (2024)

FAQs

What is the port 445 for Windows Server? ›

What is the use of port 445? Port 445 is a Microsoft networking port which is also linked to the NetBIOS service present in earlier versions of Microsoft Operating Systems. It runs Server Message Block (SMB), which allows systems of the same network to share files and printers over TCP/IP.

Read On
How do I know if port 445 is open on Windows? ›

Answer: Open the Run command and type cmd to open the command prompt. Type: “netstat –na” and hit enter. Find port 445 under the Local Address and check the State. If it says Listening, your port is open.

Discover More Details
Should port 445 be open? ›

Is Port 445 Safe to Open? Port 445 is unsafe to open for traffic outside your network. If remote users need SMB access, you should provide this through a VPN. At the very least, you should implement SMB 3.0 or higher.

Continue Reading
How do I stop Windows from listening to 445? ›

Step 1: Open the Control Panel Step 2: Click on Windows Firewall/ Windows Defender firewall Step 3: Navigate to advanced settings. Step 4:Right click on inbound rules and click on new rule. Step 6:Select port and press next Step 7:Specify the port 445 under specific local ports, select TCP and press next.

See Details
Why is port 445 vulnerable? ›

Ports 139 and 445 are used for 'NetBIOS' communication between two Windows 2000 hosts. In the case of port 445 an attacker may use this to perform NetBIOS attacks as it would on port 139. Impact: All NetBIOS attacks are possible on this host.

Find Out More
What port does Windows server use? ›

Windows uses port 445 for file sharing across the network. From Windows 2000 onward, Microsoft changed SMB to use port 445. Microsoft directory services, often known as Microsoft-DS, use port 445. TCP and UDP protocols both use port 445 for numerous Microsoft services.

Tell Me More
How do you check what ports are open on a Windows server? ›

Press “Command Prompt”. Step 3: On the command prompt, type the command “telnet + IP address or hostname + port number” and check the status of the provided TCP port. Step 4: If only the blinking cursor is visible, then the port is open.

Show Me More
How to open port 445 in Windows Server 2012 R2? ›

How to open Firewall Ports on Windows Server 2012?
  1. Click on Windows Button.
  2. Hit on Windows Administrative Tools Button.
  3. Click on Windows Firewall With Advanced Security.
  4. At Windows Firewall With Advanced Security, click on Inbound Rules >> New Rule.
  5. At New Inbound Rule Wizard, Select thePort Radio button and click Next.

Explore More
How to secure port 445? ›

How To Keep These Ports Secure
  1. Enable a firewall or endpoint protection to protect these ports from attackers. ...
  2. Install a VPN to encrypt and protect network traffic.
  3. Implement VLANs to isolate internal network traffic.
  4. Use MAC address filtering to keep unknown systems from accessing the network.

Continue Reading
Is port 445 blocked by default? ›

The first thing to check is that there are no restrictions for port 445 on the firewall level, it's recommended to check with your IT regarding this as they would know best how the firewall is configured.

Show Me More

What happens if I close port 445? ›

about the port 445

I recommend blocking port 445 on internal firewall to segment your network. this will prevent internal spreading of the ransomware. Note that blocking TCP 445 will prevent file and printer sharing.

Read The Full Story
How to check SMB connection in Windows? ›

The Get-SmbConnection cmdlet retrieves the connections established from the Server Message Block (SMB) client to the SMB servers. Users can connect to an SMB share using credentials different than the associated logon credentials so that there will be a connection listed per share per user logon per credential used.

See Details
How to test if port 445 is open? ›

Port Test
  1. Go to the start menu and search for PowerShell. Click to open this.
  2. In the new PowerShell window paste in the following command: Test-NetConnection -ComputerName lephantaccbvtmtxiiueit.file.core.windows.net -Port 445. ...
  3. If the test fails it will come back with an error, otherwise the below image should appear.

Get More Info Here
What does port 445 do? ›

Port 445 is used by newer versions of SMB (after Windows 2000) on top of a TCP stack, allowing SMB to communicate over the Internet. This also means you can use IP addresses in order to use SMB like file sharing.

Continue Reading
What is the difference between port 139 and 445? ›

Port 139: SMB originally ran on top of NetBIOS using port 139. NetBIOS is an older transport layer that allows Windows computers to talk to each other on the same network. Port 445: Later versions of SMB (after Windows 2000) began to use port 445 on top of a TCP stack. Using TCP allows SMB to work over the internet.

View More
How to open port 445 in Windows server 2012 r2? ›

How to open Firewall Ports on Windows Server 2012?
  1. Click on Windows Button.
  2. Hit on Windows Administrative Tools Button.
  3. Click on Windows Firewall With Advanced Security.
  4. At Windows Firewall With Advanced Security, click on Inbound Rules >> New Rule.
  5. At New Inbound Rule Wizard, Select thePort Radio button and click Next.

View Details
What ports does Windows Activation server use? ›

For Windows Product Activation to succeed, configure firewalls or other devices that are between the client and the Internet to allow traffic to pass over ports 80, and 443. You can use Microsoft Internet Explorer or other Internet browsers to test connectivity through these ports.

See More
What is 445 port used for SQL Server? ›

Port 445 is used for SMB directly over TCP/IP and marks the start of the Named Pipes connection process. Also, pay attention to the ACK/RESET response from the server. If you look at the TimeDelta column, you'll see we very quickly get back the ACK/RESET response with the firewall off.

Learn More
Top Articles
AAAS Honors Outstanding Scientific Contributors as 2021 AAAS Fellows
The Basics about Cryptocurrency | CTS
Emerald Entries
5 Of The Highest User-Rated Air Compressors At Harbor Freight - SlashGear
Latest Posts
8 Top Crypto Picks For Huge 10x Growth in 2023
Red Flag Indicators to Detect Money Laundering in Crypto Industry [Guide]
Article information

Author: Jamar Nader

Last Updated:

Views: 6758

Rating: 4.4 / 5 (75 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Jamar Nader

Birthday: 1995-02-28

Address: Apt. 536 6162 Reichel Greens, Port Zackaryside, CT 22682-9804

Phone: +9958384818317

Job: IT Representative

Hobby: Scrapbooking, Hiking, Hunting, Kite flying, Blacksmithing, Video gaming, Foraging

Introduction: My name is Jamar Nader, I am a fine, shiny, colorful, bright, nice, perfect, curious person who loves writing and wants to share my knowledge and understanding with you.