First off, check out "What is RPCSS.EXE?" (Guest) for the most comprehensive description of RPCSS I've seen. According to this information, RPC is no more than a glorified port mapper.
There is also
page explaining MDM in detail and how to remove it.
RjN sheds some light on the RPCSS process:
The RPCSS program ... is the Microsoft Remote Procedure Call Service.
It facilitates the development and debugging of distributed applications, apps that are resident on machines other than the local one. While I’m unaware of any current exploits the software is designed to make it easier for “nonresident,” i.e. non-local applications to run on your machine, and vice versa.
The RPCSS program is installed by certain Microsoft products such as MS Visual Studio and Visual C++, Visual Basic, Interdev, and J++. I actually had this on my own system for some time--since its appearance seemed to coincide with my installation of the Microsoft "Evil Movie Player" (necessary for playing all those .ASF files college people on networks insist on passing around), I assumed it was some kind of multimedia handler a la MPREXE and MMTASK.
RPCSS opens ports on your machine (usually 135 as well as some "random" ports in the low 1000s) and proceeds to try and access the Internet, setting off programs such as Zone Alarm and firewalls with its suspicious activity. While the RPCSS program is probably supposed to serve some kind of legitimate purpose, it has nonetheless been cited for numerous
problems as well as security concerns. (Not to mention the unverified,
but fairly wide-spread, other
The Microsoft Machine Debug
Manager (mdm.exe), to my knowledge, does not connect to the Internet itself.
However, it is still a
ill-behaved program that leaves scads of temporary files on the hard
drive that it never
deletes, and fails to unload properly (on shared computers, when a
user logs on a new instance of mdm.exe may start, but it won't necessarily
exit when the user logs off. Depending on how many users have used the
PC since the last reboot, dozens of copies of this program could be simultaneously
running, eating up CPU and memory!).
While privacy implications of these programs have yet to be established, the RPCSS program is known to cause crashes and fatal errors on some PCs using Dial-Up Networking, as described
The program doesn't seem to do anything useful for most people, and several
users have reported deleting it without any ill effects. (Note:
RPCSS appears to be critical to Windows NT operation--see warning below.)
The Debug Manager may be useful to power users and software developers,
but for the majority of users it is probably just wasting memory. My recommendation
for Windows 95 users is to rename these files (rpcss.exe ->
rpcss.ex_, mdm.exe ->
mdm.ex_) if you are concerned about them, or if they cause problems on
your system. The RPCSS file is normally located in C:\Windows\System and
the MDM.EXE file may be located either there or C:\Windows -- but for best
results, use Windows' Find to locate all copies. Renaming the files allows
you to restore them later if you ever need to.
Note: Microsoft suggests that users can safely remove mdm.exe without ill effects. See
for more information.
Warning: Do not tamper with RPCSS.EXE on Windows NT: I have received a report that removing RPCSS on a Windows NT system severely crippled it (to almost non-functional status); apparently many of the NT Services require it. See description below:
Microsoft tech support suggests an alternate solution to RPCSS issues which does not involve removing the RPCSS.exe file:"NT 4.0 Sp6
rpcss.exe size 53kb
Results of rename: Found many associated NT services required rpcss.exe to be present to load at start up. NT OS crippled with out rpcss.exe to (almost) not functional status.
Work around to 'recover' NT OS: My system would not allow 'vga mode' on start up, possible due to lack of rpcss.exe. Opened task manager (Cntl-Alt-Del) to 'selectively' end all non essential tasks to get extremely slow functioning on OS. Used 'file find' to rename rpcss.ex_ back to rpcss.exe.
I can't tell you what the results are on win95/98, but the results of renaming rpcss.exe on NT are *NOT* fun!"
SYMPTOMSThanks M@X/B@R@K@ for alerting me to the RPCSS program and its Internet connection activities.
When you start Windows 95, Windows 98 or applications (including Visual Basic 6.0, Visual C++ 6.0, and so forth), the Internet Connection dialog box appears.
If you have enabled remote connections in Windows 95 or Windows 98, your system might try to initiate an Internet connection at Windows 95 or Windows 98 startup or at the start of some applications. This behavior is often referred to as AutoDial or AutoConnect.
To turn off remote connections in Windows 95 or Windows 98, set the registry key EnableRemoteConnect to "N". You can do this by running DCOMCNFG, clicking the Default Security tab, and clearing the Enable remote connection check box. If DCOMCNFG fails to run, try the steps below, which describe creating REG files that modify the EnableRemoteConnect setting directly.
Your normal Internet activities should not be affected by changing this setting to disable remote connections. This setting is the default for most systems. However, enabling remote connections is necessary for some features of DCOM.
For additional information on this setting, please see the following article in the Microsoft Knowledge Base:
Q177394 Troubleshoot Run-Time Error '429' in DCOM Applications
Q175312 Modem Attempts to Dial When Windows Starts
Power! DCOM and SOAP
Knowledge Base: Mdm.exe leaving temporary files in \Windows directory
- Info re: Machine Debug Manager
"All trademarks are hereby
acknowledged as the property of their respective owners." So don't even
THINK about suing me :)