Worrying pop up

I keep getting the following pop up:

Network Shield: blocked “DCOM Exploit”- attack from …( dont’ know if it is safe to put the end in).

As i was typing this the pop up came up about 4 times.

You are correct in not putting the end part in if it was a clickable link.

What is your firewall ?
The network shield should be very quiet with a competent firewall installed and running, it only monitors common exploit and worm routes of entry and you firewall should also be doing that.

I use comodo Firewall.

I don’t use comodo firewall so I can offer any help of personal experience but I believe there was something in the forums about its settings. So it would be worth checking that it is A. enabled and running on start-up, etc. as that should really get in on the act before the network shield.

However, there is nothing to worry about (other than the comodo firewall should really have caught that) as the attempt has been blocked. You can if you wish disable the display of these alerts in the Customize… section of the network shield, personally I would prefer to leave things as they are so you are aware of what it going on with your system.

Did you change Comodo firewall settings?
And most important, is your Windows fully updated? Do you use XP SP2?

J J,

You could get this free program from Steve Gibson’s site. This small program will test your PC to see if it’s vulnerable. The link below also explains what DCOM is all about.

Microsoft’s DCOM security patch leaves DCOM running…
http://www.grc.com/freeware/dcom.htm

It will also shut down any further occurrence.

Well comodo doesn’t run at start up. in fact it’s the last program to initialize. how do i get it to run at start up and initialize first if possible?

Tech, i haven’t changed any settings. My windows is fully updated and i do use XP service pack 2.

Rick F i’ll have a look at your info and report back.

I would be surprised if it weren’t running at start-up, but as a service and not a run entry in msconfig, startup tab.

What does the comodo service say, Windows Start, Run, type services.msc and click OK. This will present the list of services, find the one for comodo, I would think it is Automatic and already should be started ?

The low level driver is started before the icon on system tray.
You can use Startup Delayer to delay ‘other’ applications and make the way free for the antivirus and the firewall to load.

Hmmm… very strange. This way we won’t see DCOM exploit messages…

Re comodo and startup…I use Comodo Firewall, and was concerned that it was the last item to load. However, after asking at the forums, am reassured that the connection is actually blocked while the firewall module is loading.
The only time I’ve seen Avast block an exploit as you describe was when I had the firewall turned off.

Edit…If you right click on the firewall icon, then left click on “security level”, what does it say? Should be “learning”.
It’s possible you’ve clicked “allow” in the past to a firewall alert that really should have been blocked, but how to fix that I’m not sure. When I did that I ended up uninstalling it, cleaning the remnants, and performing a full reinstall.

That is interesting as it could effectively block avast.setup and may be responsible for some Red update errors as the connection (broadband) may be present and avast detects that there is a connection and attempt to check for updates.

So if comodo is a bit slow in getting loaded, avast.setup may trip over this block.

Another reason to change (or add) AlwaysConnectedWaitSeconds value into the [InetWD] section of avast4.ini file 8)

I just mentioned it because when we ask the usual question, what is your firewall we now know a little more about comodo.

Almost any firewall do the same: block the connections before fully loaded. It’s a boot/logon time protection… One could load faster than other, just this.

Just for info, Comodo config options. Try ticking the checkbox indicated.
To get there, open program, click Security", “advanced attack detection and prevention”, and click “configure”.

Rick F your link was very helpful, i think i have got it disabled now.

Yes DavidR the status is on started and the start up type is automatic.

Tarq57 I think you mean the component monitor. If yes then yes it is set to learning. and i didn’t have the block all outgoing connections while booting on. thanks for that.

Recently i haven’t been getting the pop up so hopefully i won’t get it again. if i do I’ll post back here.

Thanks for all the input.

Disabling the DCOM, shouldn’t have any effect on whether or not you get the pop-ups.

The attempts are speculative and don’t know or care if your system is up to date and not vulnerable to these DCOM attacks. So the attack doesn’t know from the outside of your system DCOM is disabled.

They have stopped as quickly as they appeared, perhaps because none got through (no point in sending more) or Comodo finally came to the fore and is blocking them, so the Network Shield isn’t getting in on the action.

My guesses are on this way…