Author Topic: "DCOM Exploit" attack (Read 11434 times)

pacman2004 · « **on:** January 20, 2005, 02:54:20 PM »

Hello All

I am using Sygate as my Firewall. I noticed that if I allow access for the application "Generic Host Process for Win 32 services", I will get frequent messages from avast on-access scanner warning me about a "DCOM Exploit" being blocked by Network shield. If I disallow access for this application, I will not get these messages.

What's going on ? Is this a frewall problem

lee16 · « **Reply #1 on:** January 20, 2005, 03:01:29 PM »

Please read this links below:

http://forum.avast.com/index.php?topic=9163.0
http://forum.avast.com/index.php?board=2;action=display;threadid=8639

Hope this helps.

--lee

Abraxas · « **Reply #2 on:** January 20, 2005, 03:14:53 PM »

When you scan with "SpyBot" ; "DSO exploit" is always listed as a threat. Info here:
http://www.greymagic.com/security/advisories/gm001-ie/
It's a security vulnerability in Microsoft Internet Explorer .

I realise these two " exploits "are different, but the additional info at greymagic .com will further your understanding of what issues are prevelant .

pacman2004 · « **Reply #3 on:** January 20, 2005, 03:23:39 PM »

My system is already updated. No more critical updates from windows website.

So am I suppose to allow access for "Generic Host process for Win32 services" or block it ?

What are the implications ? Please note I have to allow access for this application in order to retrieve the windows updates/patches (if any).

lee16 · « **Reply #4 on:** January 20, 2005, 03:29:03 PM »

Abraxas,

DSO exploit is a hole in Microsoft's security that can be exploited, and Network Shield is a sort of lightweight firewall that monitors a couple of known ports to be used by Interent Worms. It displays DCOM Exploit when it picks up worm activity on these ports i believe ( as explained in the links above).

There not the same really

pacman2004,

I to use Sygate, and allow 'Generic Host process for Win32 services' to access the internet (as it is needed), but i never receive the 'DCOM Exploit' message.

Quote

What are the implications ?

Im not sure what you mean by this

--lee

pacman2004 · « **Reply #5 on:** January 20, 2005, 03:38:13 PM »

lee16

I mean if I use Sygate to block the application "Generic Host process", I will not get to see the DCOM Exploit message.

However does this mean that everything is allright ? Maybe somebody is trying to do something and there is no warning because I have not allowed access for Generic Host process.

BTW I am getting the DCOM message at very frequent intervals...

lee16 · « **Reply #6 on:** January 20, 2005, 03:48:34 PM »

Im not sure why your receiving this message, as sygate should block this activity before it gets to Avast network shield.
Maybe alowing the 'Generic Host process' to access the internet with sygate and checking the rember choice box will help.
Also, are you using the latest version of sygate firewall? (5.6.2808)

--lee

Abraxas · « **Reply #7 on:** January 20, 2005, 04:09:06 PM »

lee16 :

Quote

Abraxas,

DSO exploit is a hole in Microsoft's security that can be exploited, and Network Shield is a sort of lightweight firewall that monitors a couple of known ports to be used by Interent Worms. It displays DCOM Exploit when it picks up worm activity on these ports i believe ( as explained in the links above).

Thanks lee, your right, I was being confusing rather than helpful. Sorry pacman2004 !

Author Topic: "DCOM Exploit" attack (Read 11434 times)

pacman2004

"DCOM Exploit" attack

lee16

Re: "DCOM Exploit" attack

Abraxas

Re: "DCOM Exploit" attack

pacman2004

Re: "DCOM Exploit" attack

lee16

Re: "DCOM Exploit" attack

pacman2004

Re: "DCOM Exploit" attack

lee16

Re: "DCOM Exploit" attack

Abraxas

Re: "DCOM Exploit" attack