avast reporting dcom exploit

I didn’t use windows firewall for long (maybe a day or two). Before that i used sygate. I happily changed to comodo.

But here is something strange, with comodo as a firewall, i get avast anti virus (free version) warnings about it having to prevent Dcom exploits. I have used xpy and safexp to apply security settings, and also disabled most of the services i don’t need, so i do believe to have a rather more secure than average system,
so this strikes me as odd. Either a conflict between avast and comodo (like the one that currently exists between avast and zonealarm) , or, comodo has opened an exploit in the system.

We are unaware of any conflict between avast and CPF. And CPF has nothing to do with DCOM. It may either be a false alarm or something other than CPF.


I’ve been using CPF with avast 4.7 HE and I’ve not seen anything like that… yet. But, I’ve only been running the combination for few days. I’ll post again if I do encounter it.

Hi , this warning comes from the avast network monitor, although you should not be getting these messages if CPF is stealthing your ports. Have you changed your network rules in CPF? Just a suggestion if not already done so; do a search at avast forum on this exploit.Hope this helps

This is detected by avast Network Shield, a module that checks internet traffic on TCP level inspecting it for known exploits used by Sasser or for example MSBlaster. It’s acting similar to IDS system.

i did a search on the avast foruns. Too many threads on this. No relevant ones. Apparently it protects you from the exploit, even before it checks if your computer is vulnerable.

Weird, it shouldn’t have to protect an exploit that isn’t there. Specially because since i’m being targeted, i should probably be labeled vulnerable somehow. Perhaps because i was responding to ping requests…? (see my other thread Comodo Forum for info on this)

I updated comodo perfectly. Everything works great, it’s perfect.
I don’t know why but I activated the avast’s network shield and I see he blocks all the DCOM exploits from a range of IP’s that belong to the same ISP as mine, on the same 135 port.
I had even a LSASS Exploit on 445 port.
I am not saying that this has anything to do with Comodo or anything, I am just trying to understand what and why is happening.
The thing is that even if I disable avast’s network shield and do a grc port scan I still have passed the test with true stealth.
Now, I read on sygate forum and someone says that the same packets are received the same time by firewall and avast’s network shield so they block it the same time. Is this true?
Does comodo already blocking this stuff so is no need for avast’s network shield or I have to do a network control rule?
Thanks for your time.