First, thank you to the Alwil SW Co for developing and distributing Avast AV for free to the millions of Home Users like me around the world. I have been using AVAST! since the version number was 4 (had a Music Player like interface) and I was really happy to find the huge improvements in AVAST! 5.
The only problem that I face is with the TCP/IP related notification- an example in the form of a screen shot is attached. I clicked the check-box so that it is blocked silently, but I find as the IP displayed in the warning varies always, I am constantly bothered with the notification. As this notification appears quite frequently is there any way to hide this notification and let Avast!5 block the threat silently?
It’s a Network Shield message. It filters traffic coming from all applications (not only browsers), and on all ports. For performance reasons, though, it tries a bit harder in case of the well-known HTTP ports.
Messages like:
Network Shield: blocked “DCOM Exploit” - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.
Which firewall do you use?
And, most important, is your operational system updated?
Generally, the firewall blocks this attack before the antivirus.
Thank you Tech for your reply.
I should have mentioned earlier that my OS is XP pro with SP3 and it is updated to the latest patches available through the Automatic Update feature.
I use Comodo Firewall Pro- latest version.
Curiously, this issue was not there with AVAST! 4.8 and earlier. As I can remember one of the settings which blocked all these type of attacks silently without “bothering” the user.
Strange… CIS should have been blocking it before avast.
Are you using CIS in “Safe Mode” state? Did you change its settings?
Maybe you could ask for help also in Comodo forum.
Sorry there are no user settings for the Network Shield, other than unchecking the Show warning messages. But that in my mind is a bad decision as it would be across all network shield warning messages including malicious site blocking.
Yes you can but the OP is asking specifically about the Network Shield DCOM alerts, whilst my suggestion could well kill all the network shield alerts and not just DCOM/Exploit alert. The suggestion to use Silent/Gaming mode would be even worse as it would be effective over all shields.
Thanks for your suggestions and inputs.
Well I am not interested in using the Gaming mode as David has rightly pointed it shall stop all the warning messages, not exactly what I desire to achieve. Instead I just would like to the DCOM attacks notification. I must also point out that I have never received any other Network Shield attack notification since the day I have installed it, which if I remember correctly was as soon as AVAST! 5 was officially released and the previous version notified me to update. So will it be safe to turn off all the Network Shield messages?
BTW, what exactly are these attacks? My internet connection does not use Static IPs, but dynamic ones and the IPs displayed are all from my country. And should CIS have stopped these before the “attacks”? Well CIS never failed me, as AVAST! .
DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren’t vulnerable to the exploit. That doesn’t stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn’t know about it, but for whatever reason avast is first in line over your firewall.
Just to update on the situation, with reference to the suggestion of David (thanks again) I did uncheck the notification box, but sadly the Network DCOM notifications are still displayed, its very annoying. I expected it to stop once I uncheck the box. please find the enclosed screen shot for clarification.
Thanks for the reply. I have followed your suggestion and restarted the machine, let me check for some time whether any more Network Shield notification is displayed. I shall update this thread accordingly.