Windows XP Pro SP2
CFP 3.0.16.295
Avast 4.7 Home Edition
I in the past had already reported something like this, but not so accurate as now.
What I need is a proper solution to this problem.
The PC is clean, CFP 3.0.16.295 brand new installation and I start to configure some rules.
Then it comes svchost.exe …
“Svchost.exe is considered a safe application by Comodo Firewall Pro”
… so for me it’s a trusted application.
Later on, I get warnings about DCOM exploit and LSASS exploit.
This is detected by Avast Network Shield, a module that checks internet traffic on TCP level inspecting it for known exploits used by Sasser and MSBlaster.
If I change Svchost.exe application rule, in the firewall network security policy list to blocked application or outgoing only, I will stop getting the warnings from Avast Network Shield.
But …
Service Host (Svchost.exe) is a core piece of Windows XP code that collects a number of lower-level system-critical services and runs them in a common environment. By gathering multiple functions together, we can reduces boot time and system overhead and eliminate the need to run dozens of separate low-level services.... since this is a core piece of Windows XP code, this shouldn't be blocked, right???
Svchost.exe -» trusted application = Not protected
Svchost.exe -» blocked application = Protected
Svchost.exe -» outgoing only = Protected
This is the problem, how to properly configure the rule for Svchost.exe ?