Share via

why are Windows firewall ports still open when they are explictly closed in Defender Firewall.

Anonymous
2024-11-20T16:44:20+00:00

Hi,

I have a webhosting server running Windows 2022 Version 21H2.

  • In the early hours of 2024/11/14 it went offline.
  • When I discovered it at approximately 6am I restarted the VPS
  • I then discovered it could not communicate with the clients wishing to view their websites or send & receive email.
  • The DNS service was restarted, and the websites became visible but not the email - still no send or receive
  • I then discovered that the web hosting software - Plesk - had lost its firewall rules, they were simply not there.  Note: Plesk Firewall is a front end for Windows Defender.
  • In addition, there was a new IP address added to the Plesk control panel, beginning with 169.254 which I subsequently learnt is for APIPA, added in the event DHCP is not working.
  • I removed the APIPA address and reinstated the Plesk firewall rules.  Email started flowing once again.
  • I then turned off the insecure protocols and ports I do not wish exposed, namely: 110, 143, 1433 and 3306.
  • I confirmed they were also off in Windows Defender firewall and have subsequently explicitly blocked them for all three profiles.
  • However, using Nmap, I see they are still open.

        Can you please advise how I ensure these ports are turned off? 

TIA

Terry

Windows for business | Windows Server | Networking | Software-defined networking

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments
Accepted answer
  1. Anonymous
    2024-12-18T04:28:37+00:00

    Hi,

    Thanks for the response but I was only notified about it yesterday.

    I had tried your option 1 but not 2. To be honest,

    Because it was time sensitive, I ended up restoring the previous day's backup which took place before the event happened. Not ideal, but it fixed the issue.

    Terry.

    0 comments
Accepted answer
  1. Anonymous
    2024-11-21T13:49:27+00:00

    Hello,

    To ensure that the ports 110, 143, 1433, and 3306 are turned off, you can follow these steps:

    1. Check Windows Defender Firewall Rules: Open Windows Defender Firewall with Advanced Security. Go to Inbound Rules and Outbound Rules. Ensure that there are rules explicitly blocking ports 110, 143, 1433, and 3306 for all profiles (Domain, Private, and Public).
    2. Use netsh Command: Open Command Prompt as an administrator. Run the following commands to block the ports: netsh advfirewall firewall add rule name="Block Port 110" protocol=TCP dir=in localport=110 action=block netsh advfirewall firewall add rule name="Block Port 143" protocol=TCP dir=in localport=143 action=block netsh advfirewall firewall add rule name="Block Port 1433" protocol=TCP dir=in localport=1433 action=block netsh advfirewall firewall add rule name="Block Port 3306" protocol=TCP dir=in localport=3306 action=block

    Best Regards

    Zunhui

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest