Hello All

I am using Sygate as my Firewall. I noticed that if I allow access for the application “Generic Host Process for Win 32 services”, I will get frequent messages from avast on-access scanner warning me about a “DCOM Exploit” being blocked by Network shield. If I disallow access for this application, I will not get these messages.

What’s going on ? Is this a frewall problem ???

Please read this links below:

http://forum.avast.com/index.php?topic=9163.0
http://forum.avast.com/index.php?board=2;action=display;threadid=8639

Hope this helps.

–lee

When you scan with “SpyBot” ; “DSO exploit” is always listed as a threat. Info here:
http://www.greymagic.com/security/advisories/gm001-ie/
It’s a security vulnerability in Microsoft Internet Explorer .

I realise these two " exploits "are different, but the additional info at greymagic .com will further your understanding of what issues are prevelant .

My system is already updated. No more critical updates from windows website.

So am I suppose to allow access for “Generic Host process for Win32 services” or block it ?

What are the implications ? Please note I have to allow access for this application in order to retrieve the windows updates/patches (if any).

Abraxas,

DSO exploit is a hole in Microsoft’s security that can be exploited, and Network Shield is a sort of lightweight firewall that monitors a couple of known ports to be used by Interent Worms. It displays DCOM Exploit when it picks up worm activity on these ports i believe ( as explained in the links above).

There not the same really

pacman2004,

I to use Sygate, and allow ‘Generic Host process for Win32 services’ to access the internet (as it is needed), but i never receive the ‘DCOM Exploit’ message.

What are the implications ?

Im not sure what you mean by this

–lee

lee16

I mean if I use Sygate to block the application “Generic Host process”, I will not get to see the DCOM Exploit message.

However does this mean that everything is allright ? Maybe somebody is trying to do something and there is no warning because I have not allowed access for Generic Host process.

BTW I am getting the DCOM message at very frequent intervals…

Im not sure why your receiving this message, as sygate should block this activity before it gets to Avast network shield.
Maybe alowing the ‘Generic Host process’ to access the internet with sygate and checking the rember choice box will help.
Also, are you using the latest version of sygate firewall? (5.6.2808)

–lee

lee16 :

Abraxas,

DSO exploit is a hole in Microsoft’s security that can be exploited, and Network Shield is a sort of lightweight firewall that monitors a couple of known ports to be used by Interent Worms. It displays DCOM Exploit when it picks up worm activity on these ports i believe ( as explained in the links above).