comodo firewall

General Topics
1

Hi all! :slight_smile:
I just decided to give comodo firewall a try because i have read many good thing about it in this forum.
It’s very light on resources and it’s working fine.But today avast reported this:
21.07.2006 21:38:27 DCOM Exploit attack
from 10.30.2.98:135
24.07.2006 15:40:05 DCOM Exploit attack
from 10.30.2.211:135
this is the log.
So this makes me think the firewall isn’t doing ti’s job…
Can you please give me an advise what to do.Are there any setting i should make or anything else
Thank you very much! :wink:

2

It could be that the Network Shield is getting loaded before the firewall but once running I would have though it should assume this function. Comodo is still relatively young (version 1.1.005) by comparison to other firewalls. Effectively this is a first release version after beta.

It also doesn’t do too well in the firewall leak tests and is ranked ‘Medium’ out of Advanced+, Advanced, High, Medium and Low. Jetco does very well in these tests even though it is also a 1.0.1.61 build.

See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php. Also see http://www.thefreecountry.com/security/firewalls.shtml

Note all of the above relate to outbound protection and not inbound protection or stealthing, for that you should check out Shields Up at http://www.grc.com/default.htm

3

Hello Neron,

We don’t know what OS you’re on (in his signature, now I see it).
Consider the following information to patch XP2: http://www2.montana.edu/desktop/rpc.htm

DCOM runs from your machine via port 135 and is blocked.
Get your system fully patched to prevent DCOM-exploit runs.
If not this it could b a Spybot FP.

polonus

4
We don't know what OS you're on.
In his signature:
Celeron 633Mhz;256Mb RAM;40Gb HDD;[b]Windows XP Pro SP2[/b];Avast4.6;Bitdefender 8 free;Ad-aware;Spybot S&D;Spywareblaster;Microsoft Antispyware;ZoneAlarm firewall;Mozilla firefox;
:)
5

Patching your system so it isn’t vulnerable to this exploit (very old patch) is advisable if you haven’t already got your OS up to date (looks like you have). Unfortunately this won’t stop the attempts to exploit it (the attempted infiltration doesn’t know if you are vulnerable or not), avast is currently doing that, where your firewall really should, but obviously not.

6

Comodo firewall is at version 2.2.0.11 now and has been for a while. Passes all leak tests. It has no BSODS anymore and a new version is out soon.

Disable DCOM and others services that are attacked with http://www.firewallleaktester.com/wwdc.htm

7

Exactly what I needed for my brother’s PC! Thanks, stevejrc :slight_smile:

8

Version 2.3.1.20 Beta is available now also.

9

yes I am using version 2.2.0.11
My system is fully updated (my signature is not…)
So are you saying that the firewall is not doing it’s job because if so i think i should remove it and search for something else.
I’ve tried ZA-good but too heavy for my system.
Jetico -so many warnings…
Sygate-the best i’ve tried but not updated any more
Kerio-too complicated for me…
Outpost(and Lavasoft’s firewall)
Comodo is not that bad but as i can see it’s not doing it’s job.
The only reason i can imagine is that avast is blocking these attempts before they reach the firewall or something…
Anyway if this can’t be fixed(comodo loads first on startup) i will have to change the firewall(i think…).What to do now?
:stuck_out_tongue: :-\

10

Well your version is certainly newer that the one tested by firewall leak test so that review may not be valid any longer, but I never see any RPC exploit notices from network shield, so I only assume that Outpost pro is blocking them or my system is stealthed so doesn’t attract this attention. Have you tried the shields up test at grc.com I gave the link in a previous post ?

Outpost(and Lavasoft's firewall)
The only thing in this it isn't and Lavasoft's firewall, the anti-spyware plug-in is based on Lavasoft's AdAware, so the don't have anything to do with the firewall function. I've had that plug-in disabled since it was introduced, it slows boot as it scans (on my system) hundreds of files and these and these file accesses are also pre scanned by avast. Since I have adaware and other anti-spyware installed I have no need of this plug-in.
Jetico -so many warnings...
What do you man by this ? If you mean it continually challenges you, then this should slow and almost stop as it remembers your answers when things happen for the first time. Outpost and many other firewalls are the same when you first install until they learn your usage.