TUTORIAL

How to Close Used Port in Windows

by Erik Mikac

Welcome to a tutorial on closing ports. Before diving in, make sure you have admin privileges on your Windows machine. Many steps require elevated access. For instance, you'll need to run tools like the Command Prompt as an administrator. To do so, right-click the CMD.exe executable and select "Run as administrator." 

Project Overview

EXPERIENCE LEVEL: Intermediate

TIME TO COMPLETE: 30 - 60 minutes

ESTIMATED COST: $0. All tools are built into Windows or free online.

Skills Needed

A basic understanding of networking concepts, such as ports, processes, and firewalls, would be helpful. Familiarity with Windows Command Prompt and Task Manager. Lastly, being comfortable with command-line interfaces and knowing basic system administration will help.

Tools and Materials Needed

  • A Windows computer (Windows 10 or later recommended) with administrative access.

  • Built-in Windows tools: Command Prompt (cmd.exe), PowerShell, Task Manager (taskmgr.exe), Resource Monitor (resmon.exe), Services Manager (services.msc), and Windows Defender Firewall.

  • Optional free tools: PortQry (download from Microsoft), or online port scanners like ShieldsUP! from grc.com for external verification.

  • Notepad or a simple text editor for documenting changes.

Be cautious. Closing ports can affect applications or services. Only proceed if you're sure the port isn't needed for essential functions. Also, back up your system or create a restore point via System Properties > System Protection. If you're on a domain-joined machine, check with your IT admin to avoid policy conflicts. Lastly, understand that some ports are used by system processes. With that said, closing them improperly could cause instability.

How to Close a Used Port in Windows in Seven Steps

Open ports on your Windows system can be a security risk. They can expose your machine to unauthorized access or vulnerabilities. Whether it's an unused service listening for connections or a suspicious process hogging a port, closing them hardens your defenses. 

Think of ports as virtual doors. TCP ports offer reliable, connection-oriented traffic for things like web servers. While UDP offers quick and connectionless communication for activities like streaming.

This tutorial will walk you through identifying, verifying, and closing ports on Windows. We'll use built-in tools for most steps, with exact commands and visuals to make it straightforward. By the end, you'll have closed a port and put monitoring in place to prevent any issues from popping back up. The first step is figuring out which ports are even open.

Step 1: Identify the Open Port

Start by listing all active ports to pinpoint the one you want to close. This gives you the port number and the process ID (PID) tied to it. 

First, open Command Prompt as administrator. Then, type netstat -ano and press Enter. This command displays active connections: look for the Local Address column (e.g., 0.0.0.0:8080) where the number after the colon is the port. Focus on entries in LISTENING or ESTABLISHED states, as this implies they are open and active.

Step 1_Identify the Open Port

Alternatively, you can use PowerShell. Open PowerShell as admin and run Get-NetTCPConnection | Select-Object LocalAddress, LocalPort, State, OwningProcess. This lists ports, states (like Listen or Established), and PIDs. Note the PID for the target port. 

To match the PID to a process, open Task Manager (Ctrl+Shift+Esc), go to the Details tab, and find the PID column. Or, in Command Prompt, type tasklist /svc to list processes with PIDs. If you spot a port like 3389 (Remote Desktop) in LISTENING, that's expected; but an unfamiliar one like 12345 might need investigation. 

This step usually takes 5-10 minutes and sets the stage for confirmation.

Step 2: Confirm the Process

Now that you have the PID, verify what application or service is using it to ensure you're not closing a critical application. In Task Manager, switch to the Details tab, locate the PID, and note the process name. Right-click and select "Open file location" to see the executable's path. The actual system files will be in C:\Windows\System32. 

For deeper inspection, open Resource Monitor: Search for "resmon" (short for “resource monitor”) in the Start menu and launch it. Go to the Network tab, then TCP Connections or Listening Ports sections. Here, you'll see the port, PID, process name, and even firewall status. Look for details like the module (DLL) involved.

Step 2_Confirm the Process

Verify if the process is expected. Cross-reference with known ports (e.g., 80 for HTTP, 443 for HTTPS, etc). If it's suspicious (like an unknown exe in your Downloads folder), it could be malware. Use Windows Security to scan the file. If it's a service like SQL Server on port 1433, decide if it's needed. This confirmation prevents accidental disruptions and takes about 10 minutes.

Step 3: End the Process (If Safe)

If the process isn't essential, terminate it to free the port temporarily. Always double-check to avoid crashing important apps. In Task Manager, find the process by PID or name in the Details tab. Right-click and select "End task." If it prompts, confirm. 

For stubborn processes, use Command Prompt: Type taskkill /PID <pid> /F (replace <pid> with the actual number, e.g., taskkill /PID 1234 /F). The /F flag forces termination.

Step 3_ End the Process (If Safe)

Be cautious: Don't kill system processes like explorer.exe or critical services like those tied to antivirus software. If it's a background service, it might restart automatically (We'll address that next). After ending the process, re-run netstat -ano to check if the port is still LISTENING. If it closes, great; if not, proceed to disable the service. This step is quick, around 5 minutes, but test affected apps afterward.

Step 4: Disable the Service Permanently (Optional)

For processes that auto-restart, like Windows services, disable them to prevent the port from reopening on boot. Press Win+R, type services.msc, and hit Enter to open Services Manager. Scroll to find the service (for instance, "Remote Desktop Services" for port 3389). Right-click, select Properties, and under the General tab, set Startup type to "Disabled." Click Stop if it's running, then OK.

Step 4_Disable the Service Permanently (Optional)

Document this step. Note the service name, original startup type, and reason in a text file—this is useful for audits or reversals. If it's not a service (e.g., a user app), uninstall it via Settings > Apps. Avoid disabling core services like Windows Defender. Restart your computer and verify with netstat that the port stays closed.

This optional step adds permanence and takes 5-10 minutes.

Step 5: Block the Port with Windows Defender Firewall

The best thing is to block the port at the firewall level to ensure that no process can use it. Search for "Windows Defender Firewall with Advanced Security" in the Start menu and open it. 

In the left pane, right-click Inbound Rules (for incoming traffic) or Outbound Rules (for outgoing), and select New Rule. Choose Port, then TCP or UDP based on the port's protocol (netstat shows this). Enter the specific port number (e.g., 8080). Select Block the connection. Apply to all profiles (Domain, Private, Public) unless specified. Name the rule (e.g., "Block Port 8080") and finish.

Step 5_Block the Port with Windows Defender Firewall

For UDP, repeat if needed. Test by trying to access the port locally (For example, telnet localhost:8080 in CMD. It should fail). This step enforces closure system-wide and typically takes 10 minutes.

Step 6: Verify the Port is Closed

Double-check your work to confirm the port is truly inaccessible. Re-run netstat -ano in Command Prompt or Test-NetConnection -ComputerName localhost -Port 1234 in PowerShell. The port should no longer appear in LISTENING or ESTABLISHED states. 

Step 6_Verify the Port is Closed.

For external validation, visit grc.com/shieldsup and scan the port; it should display as "Stealth" or closed. If it's still open, revisit previous steps. This verification ensures success and wraps up in 5-10 minutes.

Step 7: Monitor for Recurrence

Ports can reopen due to updates or new apps, so set up ongoing checks.

We can monitor this by creating a simple PowerShell script. Open Notepad, paste in Get-NetTCPConnection | Where-Object {$_.State -eq 'Listen'} | Select LocalPort, OwningProcess > ports_log.txt. and save as monitor.ps1

Next, search for "Task Scheduler," create a new task, set a daily trigger, and point to the script with -ExecutionPolicy Bypass. Next, review firewall logs. Check for blocked attempts in Windows Defender Firewall > Advanced Settings > Monitoring > Firewall.

Below is a list of ports opening from running the script.

Step 7_Monitor for Recurrence

Use Event Viewer (eventvwr.msc) > Windows Logs > Security for network-related entries. Run weekly scans with tools like Nmap (nmap -p <port> localhost) from an external machine if possible. The great thing about proactive monitoring is that it stops surprises. To boot, it takes about 10-15 minutes to set up. After that, it requires very little effort.

Closing Thoughts

By following these seven steps, you've learned how to securely close a used port on Windows, reducing your attack surface and boosting system stability. Starting with identification and ending with monitoring, this method ensures thoroughness. 

Remember, port management is a continuous process. For more in-depth training, check out our CompTIA Security+ course to master network security essentials. Dive into additional guides on our main tutorials page or explore our common ports hub for quick references. 

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

Follow us

Let's chat!

Sales | Support | General
© 2025 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522