Author Topic: (Solution Found) DCOM Exploit getting through COMODO Firewall. Blocked by !avast  (Read 11676 times)

0 Members and 1 Guest are viewing this topic.

Nosnibor

  • Guest
Hello. I have Comodo firewall W D+ and avast antivirus. I have been getting a lot  of "DCOM Exploit"  attacks for the last week which are by passing COMODO  but thankfully avast is blocking the attack.

What and who may be attacking my computer and why isn't comodo blocking it?

P.S. If it helps us all figure this out i also posted on COMODO forum (including many screen shots)about this problem linking the 2 together. Here is the link https://forums.comodo.com/firewall-help/dcom-exploit-getting-through-comodo-firewall-blocked-by-avast-t52004.0.html;msg370961
« Last Edit: February 23, 2010, 08:21:00 PM by Nosnibor »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87280
  • No support PMs thanks
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #1 on: February 23, 2010, 04:59:11 AM »
Do you happen to have file and printer sharing enabled as that may open port 135 as that is the port normally used for the DCOM exploit attempts.

Why comodo isn't catching this before avast is beyond me.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Nosnibor

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #2 on: February 23, 2010, 05:06:49 AM »
Do you happen to have file and printer sharing enabled as that may open port 135 as that is the port normally used for the DCOM exploit attempts.

Why comodo isn't catching this before avast is beyond me.

er....um....er....I'm not sure

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87280
  • No support PMs thanks
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #3 on: February 23, 2010, 04:51:23 PM »
Check the windows help and support on your OS and search for file and printer sharing, that should point you to the area where it can be set or disabled. I believe that by default it may be enabled.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Hermite15

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #4 on: February 23, 2010, 05:12:25 PM »
@ the OP: just don't take into account all the bs they told you on Comodo forums about "two firewalls", ie, neither the Network shield not the Web shield are firewalls, and they do not conflict with any firewall  ::) my god seems these guys there have absolutely no idea about avast "free" components  ;D I've used Avast 4 & 5 a long time together with Comodo firewall&def+...no issue whatsoever.

 As to your DCOM exploit issue, it could be FPs from the network shield, you need to give more details about the sites you visit when the avast alerts come. As to why Comodo Internet security doesn't stop those, it's their problem. But again, if you got FPs, that's another story.

Nosnibor

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #5 on: February 23, 2010, 05:25:02 PM »
@ "DavidR" -- I checked "Windows Firewall" which is off. Under "Exceptions" it indicates that "File and Printer sharing" is Disabled. I didn't turn it off. It was already off.

@"Logos" -- What is FPs  ???  As to details "about the sites you visit when the avast alerts come"  there are none ???  The alert happens even when i dont have a web page open ???  "As to why Comodo Internet security doesn't stop those, it's their problem"  Well right now there problem is affecting MY COMPUTER   ::)
« Last Edit: February 23, 2010, 05:27:50 PM by Nosnibor »

Hermite15

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #6 on: February 23, 2010, 05:30:19 PM »
@"Logos" -- What is FPs  ???  As to details "about the sites you visit when the avast alerts come"  there are none ???  The alert happens even when i dont have a web page open ???

"FP" =  false positive (a wrongly detected threat), as to the sites, the IP mentioned there (in your own pic) at least triggered the network shield alert:

https://forums.comodo.com/firewall-help/dcom-exploit-getting-through-comodo-firewall-blocked-by-avast-t52004.0.html;msg370985#msg370985


and again, "As to why Comodo Internet security doesn't stop those, it's their problem" , because you've been asking here why Comodo didn't stop the threat am I right ?  ::)
Quote
What and who may be attacking my computer and why isn't comodo blocking it?
« Last Edit: February 23, 2010, 05:35:23 PM by Logos »

Nosnibor

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #7 on: February 23, 2010, 05:48:00 PM »
O I'M SO CONFUSED  As i'm not sure if this problem is avast FP  or a COMODO leak

Offline patrice58

  • Advanced Poster
  • **
  • Posts: 684
  • I'm a llama!
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #8 on: February 23, 2010, 06:58:16 PM »
It's not a Comodo leak I don't think. Go to this link press continue then select all service ports and let and scan it should take only a minute and a half at most. https://www.grc.com/x/ne.dll?bh0bkyd2 report back if everything is green or not and if one block is red tell us what the port is.
Vista Home Premium 32 bit (user account) CISC 4.1.150349.920 + CAV (On Access) + Sandbox,V-Engine 2.7.0.37, SpywareBlaster 4.3, SAS (free), a-squared (free) MBAM (free) Finjan Secure Browsing, Windows Defender (scanner only), Zemana AntiLogger 1.9.2.206,

Nosnibor

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #9 on: February 23, 2010, 07:31:08 PM »

Nosnibor

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #10 on: February 23, 2010, 07:32:00 PM »
It's not a Comodo leak I don't think. Go to this link press continue then select all service ports and let and scan it should take only a minute and a half at most. https://www.grc.com/x/ne.dll?bh0bkyd2 report back if everything is green or not and if one block is red tell us what the port is.

:( i failed the test badly

Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2248
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #11 on: February 23, 2010, 07:45:44 PM »
I haven't seen any of those in ages, but at one time I was getting occasional (supposed) DCOMs blocked by the network shield which had slipped past the firewall -- ZA, then Comodo.  Don't remember seeing any since I switched to the PC Tools firewall.

Generally the advice here was that if it had been detected and blocked by avast, don't worry about it.
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Nosnibor

  • Guest
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #12 on: February 23, 2010, 08:10:53 PM »
Generally the advice here was that if it had been detected and blocked by avast, don't worry about it.

lol thats like saying "the water tap isn't leaking, it's just dripping. Don't worry about it till it's gushing"

Poor advise dont you think

P.S.  The problem at hand has been solved (thank you COMODO Forum)  so i'll end this thread

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87280
  • No support PMs thanks
Re: DCOM Exploit getting through COMODO Firewall. Blocked by !avast
« Reply #13 on: February 23, 2010, 08:35:31 PM »
Your analogy doesn't hold water (sorry couldn't help myself), what does it matter if your firewall blocks it (which it should) and doesn't raise a pop-up or the network shield does alert because the avast network shield happens to be intercepting the traffic before your firewall.

So it wouldn't matter if it were a drip or a flood, if your firewall was blocking it you would be none the wiser as it doesn't notify you.
« Last Edit: February 23, 2010, 08:42:58 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Nosnibor

  • Guest
So it wouldn't matter if it were a drip or a flood, if your firewall was blocking it you would be none the wiser as it doesn't notify you.

Correct!  But my firewall was not blocking it and avast was blocking it but.....with avast blocking it i was getting lots and Lots and LOTS of avast warning pop ups which were VERY anoing.

Problem now fixed. No more pop ups. No problem with avast. It was a setting in COMODO

*END*