I’ve Recently I changed my internet service provider to Optusnet and I was given a new IP address and wireless connection. Ever since then I keep getting alerts from the Avast Network shield: DCOM Exploit attacks from 114.73.34.69:135, 122.110.103.38:135, 122.110.59.7:135 and so on. I scanned my using Avast home, Superantispyware and threatfire and none detected any malware in my PC. So I decided to reinstall Comodo and I went to the stealth port wizard and clicked ‘‘block all incoming connections and stealth my ports to everyone’’ to see if it will stop the Dcom exploit attacks but it didn’t work and I still kept getting the alerts from the Avast network shield. How to resolve this problem.
Try setting CIS to Proactive mode. Go to Miscellaneous → Manage my configuration → Select → Proactive Security.
Iirc DCOM should be protected now by default; bu to be absolutely sure check under D+ —> Advanced → Defense + settings → Monitor settings.
Hello,
I’ve recently been getting these “DCOM Exploit” attack warning messages from Avast! AV. Coincidentally, only since I’ve been using a ‘3(mobile) USB Modem’ to connect to the web (when I’m at my own home, I surf wirelessly through a Netgear firewall router: no DCOM Exploit warnings there).
I’ve tried the above mentioned Proactive Security activation, but it didn’t stop the Avast! alarms, and now I’m getting an annoying amount of Comodo alerts.
How do I reverse the activation? There’s no Deactivate option in the Manage My Configuration settings. I’m concerned that if I hit the Remove button, that configuration line will disappear.
[attachment deleted by admin]
Can you show a screenshot of the Defense + logs? They can be found under Defense + → Common Tasks → View Defense + events.
[attachment deleted by admin]
This is most probably caused by the order the inspection takes place.
IF your firewall blocks these incoming requests then the Avast engine is inspecting before CIS firewall driver, that’s the reason Avast can alert, CIS firewall won’t alert you on this “attack” it can only allow or deny traffic to TCP port 135, it cannot inspect the traffic that is send to it, that’s where D+ should come in to place.
So please check your global rules, and/or run a GRC shields up scan:
https://www.grc.com/x/ne.dll?bh0bkyd2
And see if that turns up stealth.
Considering that this issue isn’t necessarily a COMODO problem (other than the fact that Avast! v4.8 is picking it up before CFP v3.10 has a chance to spot it), I’d like to thank you for the prompt replies. :-TU
As I hinted in my original post, in my case I think this issue is down to the lack of hardware firewall in my ‘3[mobile] USB Modem’ (as I’ve never had this problem when surfing from my Netgear wireless home network).
However, I would still like to know how to switch off Proactive Security mode in Miscellaneous → Manage My Configurations settings - The excessive CFP warning dialogs are becoming a tad tedious. The only button options are: Activate, Remove, Import… and Export… If I ‘remove’ the now Active, Proactive Security line, will it disappear forever?
Or could you tell me the default configuration for Defense+ → Advanced → Defense+ Settings → Monitor Settings? All the options are checked at the moment.
P.S.
Not sure how to check global rules but GRC ShieldsUP! scan showed full stealth mode (apart from port 135).
Correct, your previous Netgear had a build in NAT and Firewall in it’s setup, that blocks by default all incoming traffic.
However, I would still like to know how to switch off Proactive Security mode in Miscellaneous --> Manage My Configurations settings - The excessive CFP warning dialogs are becoming a tad tedious. The only button options are: Activate, Remove, Import... and Export... If I 'remove' the now Active, Proactive Security line, will it disappear forever?I'm not sure what you are trying to reach here, if you need to get rid of the excessive logging in firewall you can setup global rules that drop this traffic and don't log it.
Or could you tell me the default configuration for Defense+ --> Advanced --> Defense+ Settings --> Monitor Settings? All the options are checked at the moment.Default has a few settings unticked, you can check them [url=https://forums.comodo.com/install_setup_configuration_help/what_are_the_defaults_for_comodo_internet_security_cis_3864739471-t35033.0.html]here:[/url] It's for 3.8 but monitor settings have not changed since.
[b]P.S.[/b]Not sure how to check global rules but GRC ShieldsUP! scan showed full stealth mode (apart from port 135).Well that's probably because Avast has to accept this connection to inspect the packets in it, therefore it will show as open, if you suspend the network shield and rerun a scan it should turn up full stealth.
Thanks for your time, Ronny.
I’m back at home, surfing wirelessly through the house Netgear router, so that has cleared up all the Avast! “DCOM Exploit” attack alerts I was receiving when using the ‘3[mobile] USB Modem.’
I’ve also uninstalled CFP v3.10 and installed v3.11 - so that’s reset all firewall settings to factory default.
GRC SheildsUP! test now shows port 135, along with all other tested ports, in stealth. The only thing my PC fails on now is the Ping Test, but I guess I can take this gripe over to the How Can I Block Pings And Leaks? thread.
If I’m correct you already found out that that is caused by the Netgear settings, you can change the netgear firewall to not respond to ICMP echo requests…