CFP and Avast Antivirus - DCOM exploit & LSASS exploit

Windows XP Pro SP2
Avast 4.7 Home Edition

I in the past had already reported something like this, but not so accurate as now.
What I need is a proper solution to this problem.

The PC is clean, CFP brand new installation and I start to configure some rules.

Then it comes svchost.exe …

“Svchost.exe is considered a safe application by Comodo Firewall Pro”

… so for me it’s a trusted application.

Later on, I get warnings about DCOM exploit and LSASS exploit.
This is detected by Avast Network Shield, a module that checks internet traffic on TCP level inspecting it for known exploits used by Sasser and MSBlaster.

If I change Svchost.exe application rule, in the firewall network security policy list to blocked application or outgoing only, I will stop getting the warnings from Avast Network Shield.

But …

Service Host (Svchost.exe) is a core piece of Windows XP code that collects a number of lower-level system-critical services and runs them in a common environment. By gathering multiple functions together, we can reduces boot time and system overhead and eliminate the need to run dozens of separate low-level services.
... since this is a core piece of Windows XP code, this shouldn't be blocked, right???

Svchost.exe -» trusted application = Not protected
Svchost.exe -» blocked application = Protected
Svchost.exe -» outgoing only = Protected

This is the problem, how to properly configure the rule for Svchost.exe ?

You should allow svchost to do outgoing only. Direct attempts for inbound connections are characteristic of some malware. Svchost is a safe application, but the program trying to connect to it may not be. Are you behind a router?

Yes, router in briged mode.

OK, you have no NAT and are directly connected to the internet then? Don’t allow anything inbound connection access other than by exception. Avast! seems to be doing the right thing for you.

Yes, NAT disabled.
I will leave the rule as outgoing only.

Svchost.exe -» outgoing only = Protected

Thank you. (:CLP)