No announcement yet.

NTBackup and ports 139 & 445

  • Filter
  • Time
  • Show
Clear All
new posts

  • NTBackup and ports 139 & 445

    I am running a peer-to-peer with all 3 PCs running XP Pro with Norton SystemWorks Premier Edition 2005/2006. I have used NTBackup.exe successfully for backups for several years now. Computers A & B backup to a drive (D on computer C.

    About 6 weeks ago, probably after a Norton AntiVirus (NAV) update, backups started failing. I say probably because Norton Internet Worm Protection (IWP) is sensing a worm on either port 139 or 445. The backups from A or B run for about 35 to 45 minutes before failing. It took a while to connect that event to NAV, but I now see where IWP sees an intrusion from either A or B into C, where the backup drive is located, and shuts down communication with the sending PC for 30 minutes, thereby disrupting the backup. I have made Symantec aware of this issue and the tech said he "thought" they had a fix and to run Live Update; no success.

    What I need to be able to do is prevent port 139 & 445 traffic from coming from PCs A & B so that IWP will not be triggered, but I still need to be able to see shared files and drives in both directions. Is this possible?

    BTW, I am new to forums and I could not find the introductory one to introduce myself. My name is Richard and I am an IT tech. I am an old guy, but I have a passion for knowledge and do IT for a living and I love it!

  • #2
    Re: NTBackup and ports 139 & 445

    I had exactly the same problem. Here's how I fixed it ( I have NAV 2006 Home Edition )

    Open NAV.
    Select Options/Norton AntiVirus
    In the left column, click "Internet Worm Protection"
    Click "Configure Exclusions" button
    Scroll down until you see the "Invalid ICMP code" button
    Uncheck it.

    Or you can just turn of NAV worm protection altogether

    Hope this helps

    - JD


    • #3
      Re: NTBackup and ports 139 & 445

      Hi RWDunn. Welcome! You'll find the introduction thread here

      As for your question, I'd see if there's a way to exclude specific computers or a subnet from the IWP. Call up Symantec and ask them about it. Otherwise, until they come out with a fix, you'll have to disabled IWP.

      The ports you listed are the ports used for SMB. These are the ports the computers are using to transfer the files to the backup drive. Even if the communication was taking place on other ports NAV would give you the same error and just list different ports.

      Network Consultant/Engineer
      Baltimore - Washington area and beyond