Is Dcom Server Process Launcher Service Necessary

Thread Status:

Non open for further replies.

1. Hello;
   Merry Christmas to everyone.

   Could anyone tell me if the xpSP2 service "DCOM server processes launcher" is to exist assault "automated"? If so, why?

   Asking this because I fix information technology on "disabled" and can't see whatever problem on my system right now, but I'thou agape perchance I set something bad in motion by disabling it !?

   Thank you

2. 

   emir Registered Member

   Joined:

   Dec 21, 2005

   Posts:

   61

   Bart Fan, I am not avant-garde user but I can tell yous that they have a plan fabricated just to disable DCOM considering of information technology's security risk, information technology is called Dcombobulator. Go to theeldergeek.com, information technology will give you a thorough rundown of services you lot don't need running. I'm sorry I tin can't retrieve where the article is just in that location is an article that dicusses how dcom is just something useless that microsoft has simply to say they take it, something forth those lines. If you search you will discover this article, but whatever you do make sure you go to theeldergeek.com, they will assist you be certain well-nigh all your services likewise equally many other articles that might be helpful. Just look for the xp services section.

3. Just to avert any confusion.....the Dcombobulator is available from Steve Gibson's site:-

   http://world wide web.grc.com/dcom/

   Regards optics-open up

   http://smilies.sofrayt.com/%5E/i/santa2.gif

4. Hello guys

   Thanks for your answers.

   In fact, I already have Gibson's DCOMbobulator installed and running, and also WWDC, and also safeXP. With all these ["cross-layered defence !? ], the DCOM was already deactivated.

   But: to my swell surprise, I institute in the Services list that the "DCOM server process launcher" was still activated and running. So my gauge is that these are two unlike processes: "DCOM" is different from "DCOM server process launcher".

   And I obviously don't know why Steve Gibson'south soft, for example, would take care deactivating DCOM while leaving DCOM server process launcher alive and running.

   So I deactivated DCOM server process launcher past manus, which led to my question in the previous BartFan post.

   Any ideas?

5. I think Diskeeper v10 NEEDS DCOM

6. I also institute this:
   http://www.theeldergeek.com/dcom_server_process_launcher.htm
   which states that the DCOM launcher should exist kept on automatic, but I can't find any understandable reason why, nor does my reckoner seem to suffer for now...

   What to do, since I do like to boost as few running services as possible, provided my machine is in proficient shape and secure...?

   But I ain't sure nearly that one.

   Helllllpppppp

   Thanks

7. 

   emir Registered Fellow member

   Joined:

   Dec 21, 2005

   Posts:

   61

   Bart Fan,
   DCOM and DCOM server process launcher are supposed to be the same thing, if yous accept two dissimilar DCOM services running so I am unfamiliar with this and I practise not believe this should even exist and should exist thoroughly investigated. As for software y'all bought to disable DCOM, why send a boy to do a man'due south task if you are able to do it, you are. I know you can go to control panel/administrative tools/services and disable DCOM, and server,and last services,and remote desktop(netmeeting too), and tcp/ip over cyberspace bios, and distributed link transaction(both of them). Does theeldergeek say to exit DCOM on automatic? Dude said diskeeper uses DCOM, if y'all don't have that program and you run through everything and find that you aren't kept from doing annihilation that you could do earlier then forget about leaving DCOM enabled every bit information technology has been labeled past many professionals on another level we haven't reached withal to be a security vulnerability. I am sorry for the original incorrect information regarding theeldergeek's stand on DCOM simply it is possible that I took the opinion on DCOM from an even amend "services running on xp" site which was called "Black Viper", I don't believe this site still exists though or I would have pointed you in this management.

8. I concur this is foreign, especially since my system has been built stride by step from a fresh install, meaning I always brand an image of my system, and merely sparely add anything earlier doing another prototype... Aye, I run across the indicate Merely I didn't buy anything:Windows Worm Doors Cleaner, SafeXP and DCOMbobulator are all freeware. Yes, I hear you... Hmmm, interesting...
   Thanks for your advice

   Cheers

9. Foreign...
   I completely trust Steve Gibson and his tools, amidst which DCOMbobulator.

   Running DCOMbobulator on my arrangement works, as well: if I enable the service and do the local test, I'k found vulnerable. If I activate DCOmbobulator again, I'thousand labeled "safe". Only all this doesn't have any effect on the DCOM launcher in the services list, which stays as I mitt-put information technology !

10. BartFan,

    Excuse the lack of detail'south here because I'm not exactly certain how closely the launcher itself is intertwined within the main DCOM architecture, but am enlightened there were significant changes implemented to admission permission'southward and launch right's with the deployment of SP2. The service yous question may be prepare to transmission until required for XP's own defragmentation feature, started manually earlier use. The 1 other area in which you may experience trouble's on SP2 is with the Windows Firewall Service.

    GF

11. GF, Its important to note that some programs i.east AV, Firewall may need Dcom to work correctly or other 3rd party system components, so check first before disabling this service, T

12. See this link:
    http://www.experts-commutation.com/Security/Q_21590673.html

    "shutdown the DCOM Server process launcher under services"

    You think that'southward a expert idea?

    Read this: http://support.microsoft.com/default.aspx?scid=kb;en-us;892504

    "If this service is not started, any DCOM-related services cannot start. Therefore, the Windows Firewall Service cannot start if the DCOM Server Process Launcher service is not started. This is because the Windows Firewall Service requires the DCOM component. Other services such as the Network Connections service and the COM+ Effect System service are also dependent on the DCOM component."

    and this: http://www.greatis.com/appdata/due north/d/dcom server process launcher service (dcomlaunch).htm

    "DCOM Server Process Launcher service (DCOMLAUNCH) - Necessary"

    Necessary, it seems!

    And hither'due south another important fact: http://forums.pcworld.co.nz/archive/index.php/t-55370.html
    "In SP2, the service "DCOM Server Procedure Launcher" must exist running if you lot wish to use to utilise the defragger. If non, it will outset, but when you click analyse or defragment, naught will happen. So yous must either leave this service prepare to automatic, or set it to manual and start information technology yourself when you wish to defrag. Notation, running the defragger won't get-go it in manual style."

    Whew! Ameliorate go out everything as it is, particularly if you are not ane of those network freaks who know everything ;-)

13. 

    Brinn Registered Fellow member

    Joined:

    Aug 5, 2004

    Posts:

    181

    Location:

    Canada

    I accept both the windows firewall and COM+ event system disabled. I don't see DCOM server procedure launcher listed as a service that Network Connections service is dependent on. Simply the prerequisite services are non e'er listed.
    If that's the case, you lot tin can set DCOM to transmission and information technology should turn on the occasions you desire to exercise a defrag.

    I nevertheless accept my DCOM server process launcher set to Automatic just one of these days, I'll turn it off to encounter if it does impact the Network Connections service. The worst that can happen is that I'll demand to turn the service back on and reboot.

14. 

    emir Registered Member

    Joined:

    Dec 21, 2005

    Posts:

    61

    Brinn,
    Microsoft says DCOM could effect network connectivity because they want you to have port 135 open up to circulate yourself on the network(it even states that is how you close port 135 on the link yous refer to{experts exchange}, information technology in no way furnishings your connectivity. If you want to pariicipate in dissemination your presence online, go ahead, I'll pass and I try to keep other people with the same security awareness I take. Too, I don't consider built in windows firewall something to even be concerned nigh, in my opinion if yous want to exist secure why would you depend on something that just blocks incoming and part of it's name even says internet-connection-sharing. In instance yous oasis't noticed Bill Gates makes everything for convenience to newbies, he's in no way concerned about security when he puts out products, microsoft leaves 0days unpatched for weeks even months, and only when pressured do they release a patch that usually requires a patch for that patch. I'yard not saying don't listen to microsoft, no, acquire everything you lot can about windows from their site, but check everything on your own with security experts exterior microsoft, don't be a duck. Every bit for defragmentation I will admit yous are probably right, thing is I don't go long enough without Darik's Kick and Nuke to take to touch any defrag process. Y'all should read links thoroughly when posting though, like I said earlier it clearly states that disabling DCOM volition close port 135, in turn helping to prevent it showing up on port scan. So if you desire to let your arrangement go built upward with plenty junk to fifty-fifty have to defrag and so get out DCOM on it'due south all you, I'thousand going to share what I think will go along folks one step ahead of a cracker.

15. @emir & BartFan

    Here's a link to the archived page of

    http://spider web.archive.org/web/20041128084144/http://www.blackviper.com/WinXP/servicecfg.htm

    If you are running XP(SP2) other than on a 'Bare Bones' system basis, he was recommending the service be assail Automatic.

    PS. Note the links on the folio aren't active due to the archive nature of the page.

16. 

    emir Registered Member

    Joined:

    Dec 21, 2005

    Posts:

    61

    http://world wide web.symantec.com/avcenter/venc/data/w32.bobax.c.html

    When W32.Bobax.C is executed, information technology performs the following actions:

    Creates a mutex "06:08:07:<random numbers>", where <random numbers> is a series of random numbers based on the book series number of the infected system. This mutex ensures that just a single copy of the worm is present in retentiveness.

    Copies itself every bit %System%\<random_characters>.exe, where <random_characters> is a random number of random characters.

    Note: %Arrangement% is a variable. The worm locates the Arrangement folder and copies itself to that location. Past default, this is C:\Windows\Arrangement (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

    Adds the value

    "<random_characters>" = "%Organization%\<random_characters>.exe"

    to the following registry keys:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    RunServices

    Attempts to delete all files in %temp% that begin with "~".

    Drops a randomly named .tmp file into the %Temp% folder. This file is actually a .dll file that contains the worm's principal functionality.

    Note: %Temp% is a variable. The worm locates the temporary folder and copies itself to that location. By default, this is C:\Windows\TEMP (Windows 95/98/Me/XP) or C:\WINNT\Temp (Windows NT/2000).

    Injects the .dll file into Explorer.exe so ends its ain <random_characters>.exe process. This may cause Windows Explorer to end working.

    Attempts to download 1 of several files from various Spider web sites to estimate the speed of the net connexion of the host computer.

    Attempts to contact a remote Web server with a unique ID code, and some information about the infected host, as notification of infection. The worm parses the response for commands to activate, which include the following:
    Sending spam postal service
    Sending arrangement information to the author
    Stopping and restarting scanning
    Downloading and running a specified executable
    Updating itself

    Scans randomly generated IP addresses, attempting to connect to them on TCP port 5000. This will decide whether the system is a Windows XP-based system (see Microsoft Security Bulletin MS01-059). The worm and then probes port 135 of the remote computer to verify that the RPC DCOM interface is available.

    If the worm determines that the remote arrangement is running Windows XP, it performs the following operations:
    Sends crush code to the host on TCP port 445, attempting to exploit the Microsoft Windows LSASS Buffer Overrun Vulnerability, which is described in Microsoft Security Bulletin MS04-011.
    If this exploit does not succeed, the worm sends data to TCP port 135 in an attempt to exploit the DCOM RPC vulnerability.
    If either exploit is successful, the lawmaking that is executed on the remote computer uses HTTP to force a connection to the host figurer on a random port.
    Downloads the worm from the host computer and saves it on the remote computer equally Svc.exe or as an executable file with a .gif extension.
    The worm is executed on the remote computer.

    If the worm determined the remote calculator was running Windows 2000, information technology would just attempt to exploit the DCOM RPC vulnerability, equally in steps b through due east.

    Notes:
    A side upshot of this exploit is that information technology eventually crashes the LSASS procedure, forcing the computer to restart. This is similar to the effect of W32.Sasser.Worm.

    Due to the random nature of how the worm constructs the exploit data, this may crusade the RPC service to crash if it receives incorrect data. This may manifest equally Svchost.exe, generating errors every bit a result of the incorrect data. If the RPC service crashes, the default procedure under Windows XP and Windows Server 2003 is to restart the computer. To disable this feature, see step ane of the Removal Instructions.
    10. Opens a number of randomly selected ports and awaits incoming connections. The worm runs its own SMTP server routine on these ports, leaving the infected computer open to be used as a spam relay.

    Symantec Security Response encourages all users and administrators to attach to the post-obit basic security "best practices":
    Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services are avenues of assail. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
    If a blended threat exploits one or more network services, disable, or block admission to, those services until a patch is practical.

    http://grc.com/dcom/

    The foreign history of DCOM
    Many years agone, Microsoft began modularizing Windows and their Windows applications past breaking them into functional components with well-defined, "version rubber" interfaces. The thought was to allow pieces of Windows and applications to inter-operate.

    The name first given to this effort was "OLE", which stood for Object Linking and Embedding. OLE suffered nigh terminal birthing pains and developed a reputation for being a bad idea. Undaunted, Microsoft renamed information technology COM for "Component Object Model". This was however the same old OLE, but Microsoft appeared to hope no 1 would observe. COM fared somewhat meliorate, just information technology wasn't until Microsoft gave it the sexy name "ActiveX", and built information technology into nigh everything, that developers finally gave up trying non to employ it.

    What does all this accept to do with you?

    Absolutely nothing . . . and that'southward the point. Somewhere along the bumpy road from OLE through COM to ActiveX, Microsoft's industry competitors began working on a distributed object system called CORBA. Microsoft's object organisation was not distributed, simply as we know, if anyone else has one, Microsoft does too. So Microsoft looked effectually and quickly stuck a "D" (for Distributed) in forepart of COM to create DCOM, their Distributed Component Object Model. And then they crammed it into every version of Windows starting with Windows 98, even though no one needed it, wanted information technology, or was using it. That style they could say Windows already had a distributed component organisation congenital in.

    What does DCOM do for yous?

    Well let'southward see . . . information technology attracts Net worms and permits your system to be remotely compromised by malicious hackers. Other than that, it's of admittedly no practical apply other than to adorn Microsoft'due south "We Have That Too" chart. There may be some custom corporate awarding developers who have managed to make some apply of it, merely mostly no one ever has. However, information technology'southward there in Windows so that the competitors' CORBA isn't.

    http://www.computerworld.com/securitytopics/security/holes/story/0,10801,83619,00.html

    Although the original DCOM RPC exploit code worked only on machines running English-language versions of Windows 2000, recent modifications show that the lawmaking has been modified to exploit the same vulnerability on French, Chinese, Polish, High german and Japanese versions of Windows 2000, XP and NT.

    RPC is at a phase like to that of a widespread Microsoft SQL vulnerability after exploit code for that vulnerability was published in August 2002 by David Litchfield, a security researcher at U.Thousand.-based Next Generation Security Software Ltd., according to Ullrich. That exploit code was later modified to create Slammer, i of the most widespread worms to exploit disclosed vulnerabilities.

    In its present form, the DCOM RPC exploit lawmaking probably isn't ready for broad distribution as a worm, according to Ostwald. The code isn't fully adult and often relies on variables such as the presence of particular versions of Windows to work, he said.

    In contrast, Final Stage of Delirium developed so-called proof-of-concept code for employ internally that works against a broad diversity of Windows platforms and requires only the Internet Protocol address of the vulnerable motorcar to create a buffer overflow, Ostwald said. Such lawmaking would be "very useful" to worm writers, making it easy for a worm to spread from machine to machine, he said.

    Hackers are also working on shrinking the exploit code, narrowing the exploit to work on a small set of sytems that will internet the most compromised machines, Ullrich said.

17. 

    Brinn Registered Member

    Joined:

    Aug 5, 2004

    Posts:

    181

    Location:

    Canada

    I'll probably shut it downwards. I've run Steve Gibson'southward DCOMbobulator and my firewall blocks admission to and from it. I've just never dealt with that item service earlier.

18. 

    Brinn Registered Member

    Joined:

    Aug 5, 2004

    Posts:

    181

    Location:

    Canada

    Okay, I have the service set up to manual and nil'south blown up notwithstanding. As expected, Windows defrag isn't functional with information technology off. I hoped DCOM launcher would turn on like another services could when needed just information technology didn't. So I took this time to download a 3rd party defrag app. I chose Diskeeper 7 after a short search (it's free). Curious matter, though. Information technology needed DCOM launcher active to install but not to run.

19. Microsoft Security Bulletin MS01-059 - Dec 20, 2001
    Microsoft Security Bulletin MS04-011 - April xiii, 2004​

    To BartFan/other'due south,

    I'll endeavour to keep all boosted info surrounding DCOM relevant, current, and as it applies to XPSP2 .

    Hey, nada's perfect!

    *1 annotate I'd like to correct/modify is that leaving DCOM Launch ready automatic should work fine for the bulk of average user's under SP2. If, like BV and other service guru's around state, ability user's should have no trouble running a minimal, *bare bone'due south* services configuration.

    GF

20. Hey Brinn, did you lot make out alright firing up that service again? COM permission'due south?

    GF

21. 

    Brinn Registered Fellow member

    Joined:

    Aug v, 2004

    Posts:

    181

    Location:

    Canada

    Okay, I've figured information technology out. When I installed Diskeeper, information technology needed DCOM launcher to run initially. After that, it ran its own service, dkservice.exe, to supercede the role of DCOM launcher. Basically, there's no net proceeds in terms of shutting down unneeded services. I've traded one for one (I've disabled DCOM later the install). I'll accept it, though. Diskeeper 7 is a overnice little defrag app.

22. 

    Brinn Registered Member

    Joined:

    Aug five, 2004

    Posts:

    181

    Location:

    Canada

    As a further update, having the DCOM service shut down caused a pop up whenever a Word document is opened which says, "This certificate could not be register. It will not be possible to create links from other documents to this certificate." I'chiliad not sure what this means but if it becomes necessary, all yous have to do is set the service to Automatic and reboot.

    I as well wrote a little .bat that starts up dkservice.exe along with diskeeper then that the service is not running when I don't need to do a defrag. That'due south ane less service I have running.

23. I don´t know why but I have information technology ready to "automatic", if it doesn´t give any problems I will disable it. And btw, in Samurai I accept enabled the setting "Disable RPC based DCOM", and so far without whatever problems.

    More info:

Thread Status:

Not open for farther replies.

Is Dcom Server Process Launcher Service Necessary,

Source: https://www.wilderssecurity.com/threads/xp-dcom-launcher-useful-or-not.112663/

Posted by: shoemakerwarl1992.blogspot.com

Share this post