Why is the 'System' process listening on port 443?

I bet it's Skype. Uncheck the checkbox shown below if you have it installed.

First off, I will answer this question directly and anyone reading this can ignore any answers talking about 3rd-party, non-Microsoft applications using the System Process.

1. The System process is listed as PID 4 on every modern-day Windows system. It is for kernel-mode access. This rules out most 3rd-party web products like Apache.

2. Since the inception of WinRM (Windows Remote Management), the HTTP service (%SystemRoot%\system32\drivers\http.sys) has been a standard part of Windows (Vista and later / Server 2008 and later). http.sys runs under the System process (PID 4).

3. Other Microsoft-developed software may also use the %SystemRoot%\system32\drivers\http.sys under the System process like IIS, SQL Reporting Services, and Microsoft Web Deployment Service (http://support.microsoft.com/kb/2597817)...

4. WinRM 1.0 default ports were:
   HTTP = 80
   HTTPS = 443
   WinRM 2.0 and greater default ports are:
   HTTP = 5985
   HTTPS = 5986
   Check with the following commands:
   Winrm enumerate winrm/config/listener
   Winrm get http://schemas.microsoft.com/wbem/wsman/1/config
   

Troubleshooting steps:

Get the process number of the port that you are looking for (443 in this case):

...from a non-mapped drive of Windows to avoid "Access Denied":
netstat -aon | find ":443"
Output should look like the following for the System process:
C:>netstat -ano |find ":443"
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP [::]:443 [::]:0 LISTENING 4
The last column is the PID (4).

5. Running tasklist to find out what is running in the process proves unhelpful:
   tasklist /SVC /FI "PID eq 4"
   tasklist /m /FI "PID eq 4"
   

6. Look in the registry for the HTTP service: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\UrlAclInfo
   There will be a list of URLs (with the port numbers) which can lead you to which application is running and holding which ports:
   http:// +:5985/wsman/ --> WinRM
   https:// +:5986/wsman/ --> WinRM
   http:// +:80/Reports/ --> SQL Reporting Server
   http:// +:80/ReportServer/ --> SQL Reporting Server
   https:// server_fqdn:443/Reports/ --> SQL Reporting Server
   https:// server_fqdn:443/ReportsServer/ --> SQL Reporting Server
   http://* :2869/ --> Simple Service Discovery Protocol service (SSDPSRV)
   http://* :5357/ --> Web Services Dynamic Discovery (WS-Discovery)
   https://* :5358/ --> Web Services Dynamic Discovery (WS-Discovery)
   

You can then find the corresponding service on the system and stop it and see that wanted port is released by confirming with another netstat -aon | find ":443" command.

Run the following from an elevated command prompt:

netstat -ab