Persistent "allow 9009" listed in Windows Firewall


Catnip

Forum Nitwit
Member
VIP
Local time
11:43 AM
Posts
265
OS
Win 11 Pro 23H2
So I happened to look at my firewall today when setting up a NAS unit. I found about 60 entries of "Allow 9009" in it, each one of them both public and private. Confused by this I deleted them all and then rebooted. Checking again, one had come back. I rebooted again, and now I had two of them...

A little online research led me to Gigabyte's GCloud software using port 9009 in the PC. Having a Gigabyte motherboard with the Gigabyte App package installed, I uninstalled it, thinking that my problem would go away. No dice. "Allow 9009" came back into the firewall as soon as I rebooted.

A little sleuthing on the internet led me to a program called Pichat, which is a text messaging platform of which there is almost no information on the internet. Suspicious, I ran every port scanner, process explorer etc. I had at my disposal to try and find out where this thing lived. After an exhaustive search, I could not find it, so I thought that it must have come bundled in an application. The only app that I had loaded in the last two months was the new WinAmp release. I uninstalled it and rebooted and lo and behold, the "Allow 9009" did not come back. This leads me to believe that Winamp is also using port 9009 in the PC, but very suspiciously. Whatever is loading "Allow 9009" into the firewall exceptions list is doing it by subverting the usual UAC safeguards. I have never received a notice from the firewall that something was added or wanted to be added.

So at this point, I am suspicious of Winamp using this port and automagically adding port 9009 at every boot, bypassing UAC. I like Winamp and I would like to be proven wrong. Perhaps the new Winamp uses Pichat, I don't know. In any case, it's unfortunately going to stay off my system for now.

Which leads me to ask a favour from anyone using the new Winamp: Could you check your firewall and see if you have multiple instances of "Allow 9009" in your exceptions list? I would like to confirm that what I have done to my machine is correct, and that I am concerned about the right software package. I would like not to point fingers, but the evidence at hand sort of supports my position.

Thank you for reading this far.
 
Windows Build/Version
Win 11 22H2

My Computer

System One

  • OS
    Win 11 Pro 23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self build
    CPU
    Ryzen 5800X
    Motherboard
    Gigabyte x570 Aorus Elite Wifi
    Memory
    32 GB GSkill Trident Neo with pretty LED lights
    Graphics Card(s)
    ASUS TUF GAMING RTX 3070 Ti
    Sound Card
    On board Realtek
    Monitor(s) Displays
    2 x Samsung 32 inch curved - one 4K, one 1080p
    Screen Resolution
    4K, 1920 x 1080
    Hard Drives
    1 TB Samsung 980 Pro Nvme, 1 TB Samsung 970 EVO Nvme, 2 x Samsung 970 2TB SSD SATA
    PSU
    EVGA 1000Q
    Case
    Rosewill something or other
    Cooling
    Noctua NH-D15. A whole schwak of Noctua case fans. $$$
    Keyboard
    Logitech G815
    Mouse
    Logitech G502 Hero
    Internet Speed
    700 up, 600 down
    Browser
    Firefox
    Antivirus
    MalwareBytes
Hi Catnip,

I also found this in my firewall settings
Screenshot_20221112_093847.png
I am not running Winamp but I do have Gigabyte's GCloud running.
gcloud.jpg
Using the power of google I was able to confirm that it was a Gygibyte app causing the entries to the firewall.
I ran Powershell as admin and first ran this command:-
Get-Process -Id (Get-NetTCPConnection -LocalPort 9009 ).OwningProcess
and then this:-
netsh http show servicestate
and amounghts other things returned this:-

Code:
Request queue name: Request queue is unnamed.
        Version: 2.0
        State: Active
        Request queue 503 verbosity level: Basic
        Max requests: 1000
        Number of active processes attached: 1
        Processes:
            ID: 16576, image: C:\Program Files (x86)\Gigabyte\GService\GCloud.exe
        Registered URLs:
            HTTP://192.168.182.1:9009:192.168.182.1/
            HTTP://192.168.4.2:9009:192.168.4.2/
            HTTP://127.0.0.1:9009:127.0.0.1/
            HTTP://192.168.229.1:9009:192.168.229.1/
I dont know if it is worth posting on Gygibyte's forum but it looks like GCloud is the culprit.
 

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Build
    CPU
    AMD Ryzen 5 5600X, 4775 MHz
    Motherboard
    Gigabyte X570 Aorus Pro
    Memory
    Corsair Vengeance LPX CMK16GX4M2Z3600C18 32 GB DDR4-3600
    Graphics Card(s)
    AMD Radeon RX 6800 (16GB)
    Sound Card
    USB FiiO DAC-E10
    Monitor(s) Displays
    Gigabyte M32QC, Iiyama ProLite 2481H Series
    Screen Resolution
    2560 x 1440
    Hard Drives
    Samsung SSD 980 PRO 500GB (500 GB, PCI-E 4.0 x4) system drive
    Samsung SSD 980 1TB (1000 GB, PCI-E 3.0 x4)
    Samsung SSD 850 EVO 250GB (250 GB, SATA-III)
    Samsung SSD 850 EVO 250GB (250 GB, SATA-III)
    SAMSUNG HD753LJ (750 GB, 7200 RPM, SATA-II)
    SAMSUNG HD753LJ (750 GB, 7200 RPM, SATA-II)
    PSU
    NZXT C-Series 850 Watt 80+ Gold Fully Modular PSU/Power
    Case
    Cooler Master Cosmos S
    Cooling
    CPU Custom liquid loop, GPU Air
    Keyboard
    GigaByte AiVia
    Mouse
    Logitec G9
    Internet Speed
    76/20 mbit
    Browser
    Chrome
    Antivirus
    Defender
    Other Info
    Oculus Rift 2 VR headset + 3rd party USB link (Siwket Quest 2 Link Cable 5M)
    Fanatec CSL Elite wheelbase
    Fanatec Club Sport steering wheel Formula v2
    Fanatec CSL Elite Pedals + Load Cell Kit
I don't have such port open. I do however have all ports(TCP and UDP) open for WinAmp which I think I accepted at first run years ago. Not sure what WinAmp is needing this for though...
Also looking at any app or service that uses this specific port (9009), I get nothing. 😄
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card
Further investigation reveals that there are multiple reports of Gigabytes GCloud module opening up port 9009 multiple times without UAC prompt. I don't have any Gigabyte products, so this is most likely why I don't see these FW entries.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card

Latest Support Threads

Back
Top Bottom