Personally, I'm more interested in closing the port then knowing exactly what it's doing. I'm fairly sure that MS Office opened it, and I've read somewhere that it checks your local network for copies of Office with identical serial numbers, so could it be possible that this is the method it uses to do this?
Either way, I just want 445 closed. Scruffy, you seem to be of the unixy persuasion, so how do I close a port? I'm reasonably competent in Terminal and not afraid to muck around in the system.