This is not for you who hope to catch a virus :)
This is win8.1 x64 pro and we are establishing a firewall policy. We discovered a system that has port 80 open for no apparent reason and hesitate to let the firewall close it. We might finally do it but first I'd like to know how I could determine what service or process opens that port. [opening http:/localhost:80
will not amount to anything, but indeed from remote I can successfully "telnet client 80"]
netstat -ano shows, the PID of the process that is listening on 80 is 4 and the process name is "system". In taskmanager, I rightclick system (which indeed has PID=4) and select "open file location" which leads me to C:\Windows\System32\ntoskr
I have no idea why ntoskrnl.exe would want to open port 80.
Process Explorer cannot tell me anything about which subthread of ntoskrnl.exe opens that port.
->who can tell me how to further investigate?
->who has seen the same?