Defender reports ports opened on firewall

[Guest]

Getting warnings about open firewall ports:

Windows Defender Real-Time Protection agent has detected changes. Microsoft
recommends you analyze the software that made these changes for potential
risks. You can use information about how these programs operate to choose
whether to allow them to run or remove them from your computer. Allow
changes only if you trust the program or the software publisher. Windows
Defender can't undo changes that you allow.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
Scan ID: {61E71C72-99A6-4879-8E0F-65DB35C67222}
User: BITBOY-C2D\Andrew Solmssen
Name: Unknown
ID:
Severity: Not Yet Classified
Category: Not Yet Classified
Path Found:
firewallport:HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2560:UDP
Alert Type: Unclassified software
Detection Type:

This was repeated three more times for ports 2561, 2598, and 2599. When I
check this list in the registry, those ports are not on it, and TCP View
finds no processes using those ports. What happened here? Should I be
worried? It looks to me like something opened UDP ports on my machine for a
while and then deleted the entries in the firewall list, cause they ain't
there now, eh? Is there a way to see what process opened the ports?

 

[Guest]

Hello Andrew,

Some application you ran--not a malicious one--opened a port in the Windows
Firewall. You don't need to worry about it, most likely. Chances are the
application removed the port exception when it exited.

If you want more information, turn on unknown notification: go to Options
and select "Software that has not yet been classified for risks, but I would
recommend that most folks not do this--the alerts are more likely to confuse
than enlighten.

I hope this post is helpful.

Let us know how it works ºut.

Еиçεl

 

[Guest]

Thanks for your answer - I agree, it was probably not malicious, but it still
seems bad form to open a firewall port without letting me know. I tried
Defender with advanced notification for a while and found myself buried in
alerts, but now that my system is changing less day-to-day maybe I'll turn it

 

[Bill Sanderson MVP]

Check the events log--I think the application event log, but maybe the
system event log--and see if there is more detail there--perhaps a path to
an executable.

--

 

[Guest]

yeah - actually the original thing I copied and pasted was from the system
event log. There's no indication what was going on - no executable path or
name, not even a PID. It's all just the tiniest bit fishy which is why I'm
even following up on it at all. What even opens four UDP ports? and I'm
behind a NAT router, so it would have to open UPNP ports on the router, too,
wouldn't it? Hmmm.

 

[Bill Sanderson MVP]

When I've seen this kind of message it has usually been when installing,
updating, or using for the first time--a messenger app, or, perhaps, a
music-related player of some kind that does sharing across a network.

--