Internet-Security.com TCP port 135 details

TCP/135 is the Microsoft RPC Endpoint Mapper (EPM) for DCE/RPC, primarily on Windows systems.
Windows components like DCOM, WMI-based management (including PowerShell when using DCOM/WMI), the Service Control Manager (sc.exe), Remote Registry, and the Event Log service contact 135 to discover dynamic RPC ports.
Active Directory domain controllers use 135 to map endpoints for NetLogon, AD replication, File Replication Service/DFS‑R, and related directory services.
Microsoft Exchange Server (notably pre‑2013 MAPI/RPC) and Outlook clients use 135 to locate the RPC ports for MAPI and system services.
The Print Spooler (spoolss), Certificate Services (AD CS enrollment/autoenrollment), and many MMC snap-ins (e.g., Computer Management, Services) rely on 135 to reach remote RPC servers.
Samba on Unix/Linux that provides Windows‑style RPC services (e.g., Samba AD DC or winbind) also listens on TCP/135 for the RPC endpoint mapper.
Security note: TCP/135 has been a frequent target—e.g., the Blaster worm (MS03‑026) exploited an RPC DCOM flaw on this port—and attackers often probe 135 to enumerate RPC endpoints or pivot via DCOM/WMI, so it’s commonly blocked at firewalls.

TCP 135