Tomcat
Professional
- Messages
- 2,689
- Reaction score
- 922
- Points
- 113
The list of services that are most often exposed to external attacks and which it is best to disable everything:
Remote Registry (RemoteRegistry) - allows remote users to change the registry settings on your computer; if you stop this service, the registry can only be changed by local users running on the computer.
Terminal Services (TermService) - designed to remotely connect to your machine over the network with the ability to manage it. It allows multiple users to interactively connect to a computer and displays the desktop and applications on remote computers.
SSDP Discovery Service (SSDPSRV) - Enables discovery of UPnP devices on your home network. UPnP, or Universal Plug and Play, is a universal automatic configuration and connection of network devices to each other, as a result of which a network (for example, a home one) can become available to more people.
Messenger - The service sends administrative alerts to selected users and computers. In the absence of a network (and, accordingly, an administrator), it is absolutely useless. Disable in order to prohibit net send messages to hide your computer from automated spam mailings.
Scheduler tasks (Shedule) - allows you to configure the schedule for the automatic execution of tasks on the computer. Automatically launches various applications, programs, scripts, backup function at your scheduled time. In addition, the vulnerability of this service is exploited by some viruses for startup. But you need to be aware that some antiviruses, such as Symantec or McAfee, use this service to update at specific times and scheduled system scans. So in this case, you should not disable the task scheduler.
Telnet (Telnet) - Allows a remote user to log in and run programs, supports a variety of TCP / IP Telnet clients, including computers with UNIX and Windows operating systems. If this service is stopped, then the remote user will not be able to run programs.
NetMeeting Remote Desktop Sharing (mnmsrvc) - Allows authenticated users to access the Windows desktop over the corporate intranet using NetMeeting.
Remote Desktop Help Session Manager - Manages Remote Assistance capabilities.
Computer browser - translate manually if you don't have a local network.
Remote Access Automatic Connection Manager - Disable
Distributed Transaction Coordinator - Disable
NetBIOS support module - Disable
Remote Desktop Server Configuration - Disable
Windows Image Download Service (WIA) - if you have a scanner or digital camera connected to your computer, then we do not touch anything, if not, then we turn it off
Bluetooth support service - if we don't use a tooth, then turn it off
Windows Remote Control Service - Disable
Remote Desktop Service - Disable
Smartcard - Disable
Fax - if we don't use it, we also disable it.
IF YOU DON'T KNOW WHERE THESE SERVICES ARE:
Start => Run => write the following on the command line: services.msc => click OK
or
Control Panel => System and Security => Administrative Tools => Services
There is also a list of services that slow down Windows:
Automatic Updates - includes downloading and installing Windows updates). Disable if you are not using this service.
Secondary Login - Allows you to run processes as a different user. If the system only has your account (not counting the administrator's account), you can also disable it.
Print Spooler - Responsible for processing, scheduling and distributing documents to be printed. Unplug if you don't have a printer.
Help and Support - If you are not using the Windows Help menu, disable.
Computer Browser - maintains a list of computers on the network and issues it to programs upon request. If you do not have a local network, then disable this service.
Uninterruptible Power Supply - If you do not have an uninterruptible power supply, you can disable this service as well.
