Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

there are a lot of policy changes when I connect to internet

Created: 10 Jul 2011 • Updated: 10 Jul 2011 | 2 comments
ayman1988's picture
1 Agree
1 Disagree
0 2 Votes
Login to vote

I have sep 12 .. and when I connect to the internet I see a lot of local policy changes in event viewer..

 

this is some changes of a local policy :

Allow outgoing TCP from PeerDistSvc
Allow outgoing TCP from PeerDistSvc
Allow outgoing WSD from PeerDistSvc
Allow PNRP to send to port 3540
Allow PNRP to send from port 3540
Allow Grouping to send to port 3587
Allow incoming WSD to PeerDistSvc
Allow outgoing WSD from PeerDistSvc
Allow Grouping to receive from port 3587
Block all outbound traffic from SearchFilterHost
Block all inbound traffic to SearchFilterHost
Allow inbound UDP traffic to SNMPTRAP service
NetBIOSHelperFirewallPolicy
Allow RPC/TCP traffic to EventLog
IPsec Policy Agent service hardening - LDAP/TCP
IPsec Policy Agent service hardening - LDAP/UDP
IPsec Policy Agent service hardening - Remote Management
DhcpFirewallPolicy
AxInstSV_Out_Allow
WSH Default Inbound Block
WSH Default Outbound Block
DhcpFirewallPolicy

 

MPSSVC rule-level policy change
rule-id : PeerDist Allow WSD In    /  PeerDist Allow WSD Out   /   PeerDist Allow WSD Out 2
rule-name : Allow incoming WSD to PeerDistSvc  // Outgoing
RuleAttr : Remote Addresses

 

so I suggest to make symantec endpoint protection .. to protect a local policy changes in the computer

I also wanna ask you how to solve this problems .. because I get a lot of tamper security attempts in my computer and I also get a lot of mac spoofing ..

but the bad thing that my computer is vulenrable and there is someone watching my computer even though my sep works alright

 

Comments 2 CommentsJump to latest comment

ayman1988's picture

there is a rpc-dcom open ports on my computer even though I disabled the dcom from dcomcnfg , but the ports are still opened .. and there is a teredo tunneling Psedo-Interface device in my device manager ..

and there is

Bluetooth Device ( RFCOMM Protocol TDI )

Bluetooth Device ( Personal Area Network )

 

 

0
Login to vote
ayman1988's picture

I uploaded a rar file that includes an events for event viewer ...

thanks

AttachmentSize
policy-change.rar 500.9 KB
0
Login to vote