Why are there many similar firewall rules with "RPC-EPMAP" suffix?

Question

On Windows8.1, there are many advfirewall rules named ... (RPC-EPMAP) with:

same Local port: RPC Endpoint Mapper
same Program: svchost.exe
same Service: RPCSS

and I didn't find any difference between these rule definitions.

Why are there those similar rules?

grawity_u1686 · Accepted Answer · 2016-05-09 13:55:55Z

2

RPC-EPMAP is the RPC "endpoint mapper", which multiplexes several different MSRPC-based services over a single port. (Similar to HTTP vhosts, I guess.)

Windows Firewall knows more than just TCP ports – AFAIK, it can block and allow individual MSRPC services. So my first guess would be that these rules have hidden parameters which select a specific service.

(The other guess is that the rules are duplicates, but needed for Windows Firewall's "simple mode" rule-groups to work.)

answered May 9, 2016 at 13:55

grawity_u1686

466k66 gold badges978 silver badges1.1k bronze badges

Add a comment |

Stack Exchange Network

Why are there many similar firewall rules with "RPC-EPMAP" suffix?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
windows-firewall
.

Hot Network Questions

Why are there many similar firewall rules with "RPC-EPMAP" suffix?

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged windows-firewall.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
windows-firewall
.