A pop up window appeared showing ‘avast network shield has blocked a harmful site’(117.104.9.76:135/tcp, DCOM Exploit) while i m browsing, a few hours before(6.0.1125 free & latest db, updated from 1091). But the network shield log shows connections blocked :0, Why(is this due to some bug in network shield)?. I experienced the same with 1091 also. Pls reply… :
Because that site is infected
Hi, how do I make my own post?
DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren’t vulnerable to the exploit. That doesn’t stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn’t know about it, but for whatever reason avast is first in line over your firewall.
What is your firewall ?
By going to this link, http://forum.avast.com/index.php?board=2.0 (if it is related to an avast! Free/Pro/Suite issue) and click the ‘New Topic’ button at the top of the page.
Hi David,
My firewall is windows 7 firewall. Actually my question is , if avast network shield blocked that malicious site before windows FW can detect it, then why its network shield log shows connections blocked :0 instead of connections blocked :1.
Also, do i need to change some settings in my firewall…?
Thanks for ur informative reply (I m not a computer expert :o)
Well I would have hoped that the win7 firewall would have got a look in first, I don’t know if there is any way to ensure that it does. But essentially avast’s network shield is only monitoring those ports that are commonly used for exploits and not a full firewall.
I don’t know if you have restarted avast or the network shield as that would effectively zero the counts. If you are looking at the physical log file, C:\ProgramData\AVAST Software\Avast\report\NetworkShield.txt ?
That has been a bone of contention for some time as there doesn’t seem to be much in there other than the start Date Time Group.
Because there weren’t conection attemp for you computer
No…I haven’t restarted avast or network shield; I checked the log soon after the pop up window disappeared… ???
Thanks David
You’re welcome.
Today also I got a message from avast that its network shield blocked a harmful site(something like LSASS Exploit, i don’t remember correctly). But there is no indication in the shield log about the blocked site. I think there is some problem(bug) with the shield log… ???
Not so much a problem/bug, but the fact that its logging is woefully inadequate in comparison to other shield logs.
But I would have thought that this would have been included.
Oh…David…! You came back again for me… I worth your help very much…
Thanks.............