Blocking WIndows Messenger using Nod 32

Hi;

What is the most secure and simplest way to block MSN Messenger and for that matter any other messenger using Nod 32 Firewall.

I read that messenger uses dynamic ports so that will make it difficult to block a simple port.

Please assist.
mavcomAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kyleiorioCommented:
Here are all the ports MS Messenger uses:

http://support.microsoft.com/kb/927847

Feature      Port that is used
Sign in to the Messenger service      TCP 80, 443, 1863
Network Detection      TCP 7001
UDP 9, 7001
Audio      TCP 80, 443, 1863
TCP/UDP 30000 - 65535
Audio (Legacy) *      UDP 5004 – 65535
Webcam and Video Conversations      TCP 80
TCP/UDP 5000 - 65535
File Transfer      TCP 443, 1863
TCP/UDP 1025 - 65535
File Transfer (Legacy) *      TCP 6891 - 6900
Sharing Folders      TCP 1863
TCP/UDP 1025 – 65535
Whiteboard and Application Sharing      TCP 1503
Remote Assistance      TCP 3389
TCP/UDP 49152 – 65535
Windows Live Call      TCP 443, 5061
UDP 5004 - 65525
Games      TCP 80, 443, 1863
TCP/UDP 1025 - 65535
0
kyleiorioCommented:
I'm pretty sure if you just block 1863 that nukes MSN Messenger from working.
0
mavcomAuthor Commented:
Hi Kyle

Sorry but I blocked the 1863 as you suggested but even with that it comes up requesting permission for the other ports and if I manually allow then messenger starts.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

mavcomAuthor Commented:
Also Kyle

If I block the others then won't that also affect my ability to share and move other files across the network. What I want to do is to effectively shut down MSN messenger and other messenger programs from running on the individual units. However, I must allow remote desktop for NComputing devices.
0
kyleiorioCommented:
Yeah, just remembered it checks port 80 if 1863 is no joy.

I'm not sure I would tackle this at the workstation level, personally.  I would kill IM traffic at the network's firewall if given a choice.  Is that an option here?

Or alternatively - I'm guessing stripping local admin rights from users isn't an option, so they just can't install MSN, AIM, etc on their own?
0
kyleiorioCommented:
Yeah you don't want to get into blocking port 80 or 443.  
0
mavcomAuthor Commented:
Issue with the user rights issue is that I have to give management administrative access and not sure I can trust them not to make a mistake and leak to other workers.
0
kyleiorioCommented:
Well I guess the answer is - I don't think there is good way to block IM programs at the local workstation level with NOD32 when the user has local admin rights.

I would explore doing so on the network firewall and/or limiting local user rights.  

The bottom line is, anything you do on the workstation with NOD32, clever users can just undo if they have the rights to.  

0
mavcomAuthor Commented:
OK

Will let you know what I decide to do.
 
0
mavcomAuthor Commented:
Can't I just disable the service
0
kyleiorioCommented:
Yes you can try that -

Log on as:

This account:   (youraccount@yourdomain.com)
password   *********
confirm password  *********

I don't have time to test it, but a local admin might be able to change that - but I doubt the average end user would be clever enough to figure that out.



0
mavcomAuthor Commented:
Hi;

Do you have any idea what the service is called. I have checked but can't seem to find the service.
0
kyleiorioCommented:
0
mavcomAuthor Commented:
Hi Kyle;

Thanks for the info but this service is for a different messaging services not the Windows Live Messenger.
0
Blue Street TechLast KnightCommented:
why not just disable it in services? simple and effective!
0
mavcomAuthor Commented:
DIversit;

If you can identify the service I will block it.
0
Blue Street TechLast KnightCommented:
yeah! go to Start >> Run... >> type in services.msc.
Find Messenger disable. Done!
0
Blue Street TechLast KnightCommented:
omgosh...hahah
sorry the service is called "messenger"
0
mavcomAuthor Commented:
Hi Diverse;

Thanks for your assistance but to the best of my knowledge and confirmed by link posted by Kyle above the messenger service in service.msc has nothing to do with the Windows Live IM program.

If this is incorrect please clarify for me.
0
kyleiorioCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
If you have SonicWALL applicance you can get CGSS and block all IM apps! (http://www.sonicwall.com/downloads/DS_CSM_US.pdf)
RE: blocking it with NOD32, are you using it with ERAC and are you using Smart Security or STD?
FYI: Even if the user has admin rights they will not be able to alter the setup of NOD32 if you configure it correctly.
0
Blue Street TechLast KnightCommented:
Your best bet is SonicWALL w/CGSS or something like it so you can block not only the IM apps but also web based versions, which almost every IM mfg makes an online version as well. CGSS will give you the control to do both effectively and lock it down at the gateway level.
0
Blue Street TechLast KnightCommented:
you can also diable the service as i stated before, here are the instructions:
Start >> Open the “Run…” utility if you are using XP. If you are using Windows Vista/7, use the quick search to search for the “Run” utility and open it.
In the “Open” textbox, type “services.msc”.
Click “OK” or press Enter on your keyboard.
In the list that appears, locate “Windows Live Messenger” (or “Windows Messenger”) and double-click it.
Select “Disabled” when prompted to change the Startup Type.
Click “Stop.”
 
But again if they have admin rights they can re-install or use web based version of IM.
0
Blue Street TechLast KnightCommented:
did my solutions work?
0
mavcomAuthor Commented:
Diverseit

To be sure I tried your suggestion. And there is no service called Windows Live Messenger or Windows Messenger.
0
mavcomAuthor Commented:
Hi Kyle;

That was so simple I don't know why I took so long to try it.

Thanks a million
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.