why is it always avast, who is involved in detecting DCOM EXPLOITS ? (look in other forums)
when i look at the results of avasts internet suite (3%), i think it cries so loud for catching an “exploit” to show the customer how good it works.
in the comodo event list its not saying “wow exploit was blocked”, it just says “tcp in was blocked”. thats the only difference.
----if you use an antivirus with “webguard” or something, maybe your traffic will be lead through its proxy. then you would bypass your regular firewall YOURSELF.--------
all people who dont use avast are in danger? i think not
use avast as an antivirus and switch off its “firewall” part. one firewall at a time is better then 2.
sometimes 2 firewalls at a time can be more worse, than to have no firewall at all. see above.
and look if you have set comodo to block IP IN ANY, which means, that comodo would block all unrequested ingoing connection attempts. under global rules.
use the stealth port wizard to reach easily this goal. “hide me from everyone”, setting 3.
look in the event list of comodo if comodo has blocked this ip in that moment too (unspectular: blocked protocoll TCP in, source adress … , destination adress “your ip”.) the avast notification is too much spectaculum, for such an normal blocking event. i would be sceptic.
i give an example: if spybot search&destroy finds a trojan, it could happen that your antivirus says: I FOUND A VIRUS, location spybot quarantine folder . i think thats the same situation in a way.
and look if avast uses proxy technologie to “be a webshield” antivirus program.
well, then there is something wrong.
i would really suggest to use only ONE firewall, and NOT a webshield antivirus.
in the comodo settings make sure that you have a “block ip in any” rule in global rules. then will any unrequested connecting be blocked.
use the stealth port wizard under firewall----common. choose setting 3 , the last one there. this will generate a similar ruleset in global rules…
avast is your antivirus, let “a firewall” be your firewall
avasts results as firewall are very bad! if it uses the proxyversion to “protect” you, you made a bad choose, because comodo cant work for you like it could. (3% contra 100% test results)
“It is able to monitor and filter all HTTP traffic coming from the Web sites on the Internet. It’s implemented as a HTTP proxy running on your PC.
Connections from your Web browser are redirected to the Web Shield module.”
I believe the Network Shield is alerting to connection attempts that the firewall on it’s own would otherwise just block/drop.
IMO Solution - Set up Firewall properly, Run Stealth ports Wizard.
Disable File sharing in your Internet Connection properties.
Check that the firewall is blocking strangers from unsolicited connections/working.
PS: I’m trying to make this happen on a 32bit XP Pro box and the CIS Firewall seems to work fine with the Avast Network Shield enabled. So no obvious problem between them.
Double Triple check your Firewall rules.
Check for open ports. At GRC. GRC | Gibson Research Corporation Home Page Select Services > Shields Up.
I’ll stay on this box for a while and see if I can get any sort of Avast alert.
[b]clockwork:[/b] why is it always avast, who is involved in detecting DCOM EXPLOITS ?
Well, some Windows viruses (Blaster/Sasser) use DCOM/LSASS exploits to get into your system, that's why avast! antivirus (not firewall) detects these exploits. Not all our users use firewall.
[b]Nosnibor:[/b] I have been getting a lot of "DCOM Exploit" attacks for the last week which are by passing COMODO but thankfully avast is blocking the attack.
It depends which product is installed sooner. Each packet is proceed by all network drivers - one after another. If the first driver blocks the packet (avast or comodo) then the 2nd driver (avast or comodo) won't receive it. That's why this DCOM exploit will be blocked either avast or comodo driver, but not both.