DCOM Exploit attack

[Mommykat]

DCOM Exploit attack.

I am getting this message. Can someone tell me what it is?

Thanks,
Mommykat

[FreewheelinFrank]

Hi Mommykat,

A forum search will bring up some answers.

Hit the search button and enter DCOM Exploit attack.

[DavidR]

I assume this is the Network Shield warning which has detected this and stopped it, check this to be certain.

Extract from the avast help file, Resident Protection, Network Shield.

Resident Protection: Network Shield - Last attacks

This page displays the list of the last ten attacks of network worms (if you turned on this feature on the "Settings" page). For each attack, you can see the date and time, its type and IP address and port where the attack came from.

If it was you have nothing to worry about as the attempt was blocked.

Also the DCOM exploit was patched a long time ago by MS but it doesn't stop these '*#~^*#! trying to use the exploit and catch those who don't keep their OS up to date.

Do you have a firewall - if so what?

[Jarmo P]

That warning should not come if you have a properly configured and working firewall. I think so atleast. Correct me someone if i am wrong?

[Eddy]

Depends if Avast is in front of the firewall or after it.

[Jarmo P]

You mean FW is late starting Eddy? In my mind it is not working good then?
What do you think?

[DavidR]

avast beat my firewall (Outpost Pro 3.0) to the boot and as a result slows my boot by scanning all the files outpost accesses.

But this question is always going to be the chicken and egg, which came first or rather which should come first. I believe the AV should be first to stop viruses getting into memory/established, it is possible to block internet access, but if a virus does get established it could disable both the firewall and AV.

So it is difficult for me to plum for a firewall first policy in my opinion, but I have been wrong before. I have my firewall totally disabled at boot (no real issue on dial-up) and start it with a batch file after boot because it slows the boot otherwise.

[polonus]

Hi DavidR,

First things first. I like the opinion of the experts on the following. What comes first the AV scan or the FW action. I like to hear a fist rule here of you guys? Also if you install what are you putting on the comp first FW or AV? Comments!

greets,

polonus

[DavidR]

This still won't resolve the what loads first issue as application programmers will want their program to load early to provide protection, so the AV programmers designs his app to load early and along comes the firewall application programmer who wants his program to load first. There will always be this problem of what loads first as application programmers will be trying to get ahead of the other applications.

I don't know if it would be as simple as (if every thing were equal with application priorities) which program you installed first, the firewall or the AV?

[polonus]

Hi DavidR,

My common sense would tell me that the Firewall should be coming first because this should make the decision if the AV program should come up and connect. With System Monitoring this comes even before FW and AV. The normal way of doing it is that the Firewall authorized the AV program which then can act, but in other respects the sequence can be reversed. You could see with TDIMON what happens and analyze the behavior of your FW and AV. Do this and comment then. Download from here:
http://www.sysinternals.com/Utilities/TdiMon.html

polonus

[Mommykat]

Thanks for all the replies. Yes, it is the Network Shield warning. Also, I have a lot of files that cannot be checked, when I do a thorough scan. What can I do about this?

Thanks in advance,
Mommykat

[Jarmo P]

My common sense is, no matter who comes first, or who is the chicken or egg. They should come pretty fast both .

My answer was to the person who started this thread was if he/she really had a properly configured firewall???

There are firewalls like my current Kerio 4.2.2 that "Block all incoming during boot and shut down of operating system".
And many others that start fast. So a normal thing is to never see prompts from Avast while not covered by firewall.

I did see one time running Sygate latest 5.6 free when it was really late starting, thx to my good avast, a warning from network shield.

[Jarmo P]

You did not reply David R's message if you have a working firewall?

[DavidR]

Thanks for all the replies. Yes, it is the Network Shield warning. Also, I have a lot of files that cannot be checked, when I do a thorough scan. What can I do about this?

Many programs (usually security based ones) password protect their files for legitimate reasons such as AdAware and Spybot Search & Destroy, there are others (and avast doesn't know the password or have any way of using it even if it did know it).

When you run scans with the above programs and you delete harmful entries that they detect, a copy is kept (in quarantine/restore/backup) in case you need to reverse what you did. These are usually password protected, you should do some housekeeping and delete old backup/recovery/quarantine entries (older than two weeks or so), this will reduce the numbers of files that can't be scanned.

By examining 1) the reason given by avast! for not being able to scan the files, 2) the location of the files, you can get an idea of what program they relate to.

Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

Are you using a firewall and if so what?

[Lisandro]

Also if you install what are you putting on the comp first FW or AV? Comments!

Polonus, I've read that firewall security should come first...