Defense+ has the possibility to monitor (and then allow/block) usage of Microsoft DNS client service.
To my knowledge, this service allows to cache the domain-name / IP-address matching table provided by the DNS server itself.
Let’s assume a malware is running on my computer.
This malware uses DNS client service. So what?
Anyway useful (from malware standpoint) internet access will be blocked/allowed by the firewall part of Comodo.
Is there any risk to allow any process to use DNS client service?
Is there any need for Defense+ to monitor DNS client service access? ???
So no one knows why the Comodo developers spent time to code this feature?
He’s what CIS’s Help says about this setting…
[li]DNS/RPC Client Service - This setting alerts you if an application attempts to access the ‘Windows DNS service’ - possibly in order to launch a DNS recursion attack. A DNS recursion attack is a type of Distributed Denial of Service attack whereby an malicious entity sends several thousand spoofed requests to a DNS server. The requests are spoofed in that they appear to come from the target or ‘victim’ server but in fact come from different sources - often a network of ‘zombie’ PC’s which are sending out these requests without the owners knowledge. The DNS servers are tricked into sending all their replies to the victim server - overwhelming it with requests and causing it to crash. Leaving this setting enabled prevents malware from using the DNS Client Service to launch such an attack (Default = Enabled).
Does this answer you question?
Very clear. Thanks.
Sorry for not having read help. My fault.
There is no need to apologise, there’s a lot of information in CIS’s help.