taking care of your security
english deutsch français polski russian magyar
Products
Purchase
Support
Partners
News
About

Support

KB Article:

 
How do I close an open port?
KB ID: 1000096, Added: 16-06-2004, Last updated: 20-03-2014

Article language:



printable version
Outpost Firewall
Outpost Firewall 1.0
Outpost Firewall 2.0
Outpost Firewall 2.1
Outpost Firewall 2.5
Outpost Firewall 2.6
Outpost Firewall 2.7
Outpost Firewall 3.0
Outpost Firewall 3.5
Outpost Firewall 3.51
Outpost Firewall 4.0
Outpost Firewall Free
Outpost Office
Outpost Office 1.0
Outpost Firewall Pro 8.1
Outpost Firewall Pro 8.0
Outpost Firewall Pro 2008
Outpost Firewall Pro 2009
Outpost Firewall Pro 7.0 - 7.6
Outpost Firewall Pro 8.1.1
Outpost Firewall Pro 8.1.2
Outpost Firewall Pro 9.0
Outpost Firewall Pro 9.1
Outpost Security Suite Pro 8.0
Outpost Security Suite Pro 8.1
Outpost Security Suite Pro 2007
Outpost Security Suite Pro 2008
Outpost Security Suite Pro 2009
Outpost Security Suite Pro 7.0 - 7.6
Outpost Security Suite Pro 8.1.1
Outpost Security Suite Pro 8.1.2
Outpost Security Suite Pro 9.0
Outpost Security Suite Pro 9.1
Outpost Security Suite Free

Before closing any port make sure that it is really open. For details see How can I detect whether a port is open or closed?

Further on you should determine whether the port is used by an application or the system in order to select the appropriate way to close it. This information id displayed on the Open Ports (Used Ports) page of your Agnitum's security product.

If you see that an application is using the port and you want to block the connection of the application through this port, you need to create a rule for this particular application.

If the port is opened by the system or you cannot identify which application opened it, it is possible to close the port globally. However, you should remember that closing a port globally may lead to negative consequences, as far as legitimate network activity might be blocked as well.

To identify the application which uses the port, you can also look through the list of the most commonly used System and Trojan ports.

To close an open port for a specific application:

For Outpost Firewall Pro 8.0, 8.1 and Outpost Security Suite Pro 8.0, 8.1 users:

  1. Make sure Outpost is not running in Disabled or Allow Most mode.
  2. Open Outpost's main window and click Tools > Used Ports.
  3. Look down the Local port column of the information panel and search for the port number you want to close, for example "XYZ".
  4. Right-click the process using that port in the Process Name:Process ID column. Select Create Rule for Application to create a rule for the application that opens this port.

    Outpost fills in all the required data automatically; you only need to specify the action to be performed when the rule is triggered.

  5. In the Rule transcript field, click the keyword of the rule action and select Block. You can optionally select Report this activity in the Specify rule options field.
  6. Name the rule, so that you can remember it later (in the Rule name field) and click OK to save the rule.

    You should now see the new rule in the list of the application rules (Settings > Network Rules, double-click the application in the list).

  7. Important: If there are other rules for the same application, select the rule you have created and click the Move up button until the rule appears at the top of the list. Click OK and then Apply.

  8. Verify that the port scanner can now detect the port.

Outpost Firewall Pro 2008, Outpost Firewall Pro 7.0 - 7.6 and Outpost Security Suite Pro 2008, Outpost Security Suite Pro 7.0 - 7.6 users follow another instruction:

Show/Hide
To view the video version of the instructions, click here.
  1. Make sure Outpost is not running in Disabled or Allow Most mode.
  2. Open Outpost's main window and click Used Ports in the left panel.
  3. Look down the Local port column of the information panel and search for the port number you want to close, for example "XYZ".
  4. Right-click the process using that port in the Process Name:Process ID column. Select Create Rule for Application to create a rule for the application that opens this port.

    Outpost fills in all the required data automatically; you only need to specify the action to be performed when the rule is triggered.

  5. In the Rule transcript field, click the keyword of the rule action and select Block. You can optionally select Report this activity in the Specify rule options field.
  6. Name the rule, so that you can remember it later (in the Rule name field) and click OK to save the rule.

    You should now see the new rule in the list of the application rules (Settings > Network Rules, double-click the application in the list).

  7. Important: If there are other rules for the same application, select the rule you have created and click the Move up button until the rule appears at the top of the list. Click OK and then Apply.

  8. Verify that the port scanner can now detect the port.

Outpost Firewall Pro all versions up to and including 4.0 and Outpost Security Suite Pro 2007 users follow another instruction:

Show/Hide
  1. Make sure Outpost is not running in Disabled or Allow Most mode.
  2. Open Outpost's main window and select View > Layout. Make sure that Open Ports check box is selected. Click OK.
  3. Select View > Advanced and select Number under Display port as.
  4. Expand the Open ports category in the left panel to display the applications that are listed there.
  5. Follow down the Local port column of the information panel and search for the port number you want to close, for example "XYZ".
  6. Right-click the line and select Create Rule on the shortcut menu to create the rule for the application that 'owns' the port (the one in the Process Name column on the same line).

    Outpost fills in all the required data automatically; you only need to specify the connection direction and the action to be performed when the rule is triggered.

  7. In the Rule description field click the Undefined keyword next to Where the direction is and specify the Inbound connection direction.
  8. In the Select Actions with which the rule will respond field, select Block it (and optionally Report it).
  9. Give the rule a name you'll recognize later (in the Rule name field) and click OK to save it.

    You should now see the new rule in the list of the application rules (Options > Application, double-click the application in the list).

  10. Important: If there are other rules for the same application, select the rule you have created and click the Move up button until the rule appears at the top of the list. Click OK and then Apply.

  11. Verify that the port scanner can now detect the port.

To close an open port for the whole system:

To view the video version of the instructions, click here.
  1. Make sure Outpost is not running in Disabled or Allow Most mode.
  2. Click Settings > Advanced settings > Network Rules > System-Wide Rules > Low-Level Rules*.
  3. Click Add to create a new rule.
  4. In the Rule transcript field click the IP keyword in the Where the protocol is line and specify the TCP protocol.
  5. In the Select the event the rule will handle field select the Where direction is and Where local port is events.
  6. In the Rule transcript field click the Undefined keyword next to and direction is and specify the Inbound connection direction.
  7. In the Rule transcript field click the Undefined keyword next to and local port is and specify the port number.
  8. In the Rule transcript field click the keyword of the rule action and select Block.
  9. In the Specify rule options field select Mark rule as High Priority. You can optionally select Report this activity as well.
  10. Name the rule, so you can recognize it later, (in the Rule name field) and click OK to save the rule.
  11. You should now see the new rule in the list of low-level rules.
  12. Verify that the port scanner can now detect the port.

* This instruction is suitable for Outpost Firewall Pro 8.0, 8.1 and Outpost Security Suite Pro 8.0, 8.1 users. Another path is suitable for those, who use earlier versions, as follows: Settings > Network Rules > System-Wide Rules > Low-Level Rules.

For Outpost Firewall Pro versions up to and including 4.0 and Outpost Security Suite Pro 2007 another instruction is used:

Show/Hide
  1. Make sure Outpost is not running in Disabled or Allow Most mode.
  2. Click Options > System > Rules under Global rules and rawsocket access.
  3. Click Add to create a new global rule.
  4. Select the Where the specified protocol is, Where the specified direction is, and Where the specified local port is events.
  5. In the Rule description field click the Undefined keyword next to Where the protocol is and specify the TCP protocol.
  6. In the Rule description field click the Undefined keyword next to Where the direction is and specify the Inbound connection direction.
  7. In the Rule description field click the Undefined keyword next to Where the local port is and specify the port number.
  8. In the Select Actions with which the rule will respond field, select Block it, Mark rule as High Priority, and Ignore Component Control actions (and optionally Report it action).

    Note: Mark rule as High Priority is available only since version 2.5.

  9. Name the rule, so you can remember it later (in the Rule name field) and click OK to save it.
  10. You should now see the new rule in the list of global rules.
  11. Verify that the port scanner can now detect the port.

Note: A port should not always be blocked. For example, if you are operating a web/FTP server for public usage, the ports used by the server need to be open, so your server can be accessed and a port scanner will (and should) detect these ports as open. If these ports are closed, your users will not be able to "see" your web/FTP server. Also, be aware that some ports can be blocked by your Internet provider (for example, 139, 137, 135, 80) which may cause incorrect results of an online scan of those ports.


New Search




This material provides me with the information I need:
 strongly agree   agree   neutral   disagree   strongly disagree 
Please provide comments to help us improve this material:*

If you need assistance regarding this article or have any unsolved questions, please feel free to contact our technical support service. We will be glad to help you.
* your comments will be visible to Agnitum staff only
Type in the number shown in the picture:
Terms of use   Search   Site map   Contact Us   Privacy Policy   PR Contacts   
Outpost Security Suite Pro   Outpost Firewall Pro   Outpost Antivirus Pro   Outpost Network Security
All rights reserved © 1999–2014, Agnitum Ltd.