Author Topic: Repeated notofication  (Read 6502 times)

0 Members and 1 Guest are viewing this topic.

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Repeated notofication
« on: July 23, 2010, 01:14:51 PM »
Hello

First, thank you to the Alwil SW Co for developing and distributing Avast AV for free to the millions of Home Users like me around the world. I have been using AVAST! since the version number was 4 (had a Music Player like interface) and I was really happy to find the huge improvements in AVAST! 5.
The only problem that I face is with the TCP/IP related notification- an example in the form of a screen shot is attached. I clicked the check-box so that it is blocked silently, but I find as the IP displayed in the warning varies always, I am constantly bothered with the notification. As this notification appears quite frequently is there any way to hide this notification and let Avast!5 block the threat silently?

Please help me out.
Thank you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Repeated notofication
« Reply #1 on: July 23, 2010, 01:34:38 PM »
It's a Network Shield message. It filters traffic coming from all applications (not only browsers), and on all ports. For performance reasons, though, it tries a bit harder in case of the well-known HTTP ports.

Messages like:
Network Shield: blocked "DCOM Exploit" - attack from 81.178.115.162:135/tcp
are due to the RPC/DCOM exploit, which is a vulnerability that allows an attacker to gain access to the destination machine by sending a malformed packet to the DCOM service. It uses the RPC TCP port 135.

Which firewall do you use?
And, most important, is your operational system updated?

Generally, the firewall blocks this attack before the antivirus.
The best things in life are free.

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Repeated notofication
« Reply #2 on: July 24, 2010, 06:02:56 AM »
Thank you Tech for your reply.
I should have mentioned earlier that my OS is XP pro with SP3 and it is updated to the latest patches available through the Automatic Update feature.
I use Comodo Firewall Pro- latest version.

Curiously, this issue was not there with AVAST! 4.8 and earlier. As I can remember one of the settings which blocked all these type of attacks silently without "bothering" the user. :(

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Repeated notofication
« Reply #3 on: July 24, 2010, 03:14:47 PM »
Strange... CIS should have been blocking it before avast.
Are you using CIS in "Safe Mode" state? Did you change its settings?
Maybe you could ask for help also in Comodo forum.
The best things in life are free.

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Repeated notofication
« Reply #4 on: July 27, 2010, 03:21:17 AM »
Thanks Tech for your reply. I need to check but I am out of station at the moment.

I understand that CIS should have blocked but still is it possible to make AVAST! 5 block it without notifying me?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84778
  • No support PMs thanks
Re: Repeated notofication
« Reply #5 on: July 27, 2010, 03:48:30 AM »
Sorry there are no user settings for the Network Shield, other than unchecking the Show warning messages. But that in my mind is a bad decision as it would be across all network shield warning messages including malicious site blocking.

Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Repeated notofication
« Reply #6 on: July 27, 2010, 04:02:01 AM »
Is it possible to make AVAST! 5 block it without notifying me?
You can use the silent/game mode in the Status page of avast interface.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84778
  • No support PMs thanks
Re: Repeated notofication
« Reply #7 on: July 27, 2010, 04:58:46 AM »
Is it possible to make AVAST! 5 block it without notifying me?
You can use the silent/game mode in the Status page of avast interface.

Yes you can but the OP is asking specifically about the Network Shield DCOM alerts, whilst my suggestion could well kill all the network shield alerts and not just DCOM/Exploit alert. The suggestion to use Silent/Gaming mode would be even worse as it would be effective over all shields.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re: Repeated notofication
« Reply #8 on: July 27, 2010, 01:38:26 PM »
Yes you can but the OP is asking specifically about the Network Shield DCOM alerts, whilst my suggestion could well kill all the network shield alerts and not just DCOM/Exploit alert. The suggestion to use Silent/Gaming mode would be even worse as it would be effective over all shields.
If the user do not want to receive messages at all... it's up to him...
The best things in life are free.

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Repeated notofication
« Reply #9 on: July 27, 2010, 03:18:53 PM »
Hello David and Tech

Thanks for your suggestions and inputs.
Well I am not interested in using the Gaming mode as David has rightly pointed it shall stop all the warning messages, not exactly what I desire to achieve. Instead I just would like to the DCOM attacks notification. I must also point out that I have never received any other Network Shield attack notification since the day I have installed it, which if I remember correctly was as soon as AVAST! 5 was officially released and the previous version notified me to update. So will it be safe to turn off all the Network Shield messages?

BTW, what exactly are these attacks? My internet connection does not use Static IPs, but dynamic ones and the IPs displayed are all from my country. And should CIS have stopped these before the "attacks"? Well CIS never failed me, as AVAST! .

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84778
  • No support PMs thanks
Re: Repeated notofication
« Reply #10 on: July 27, 2010, 04:34:20 PM »
You're welcome.

DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline ravisunny2

  • Newbie
  • *
  • Posts: 2
Re: Repeated notofication
« Reply #11 on: July 27, 2010, 05:16:29 PM »
I am having the same problem with popups.

With Avast 4.8 we had the option to not display the dcom attacks.

Avast 5.0 also has the same option in the Display Box, but the option doesn’t seem to work.

So I’ve just turned the sound off, but the continual popups are distracting.

I too use Comodo firewall, and had that with Avast 4.8 too.

The os in xp-sp3 fully patched, and both Comodo and Avast are updated.

The Comodo setting are in Safe Mode. Should I put it in some other mode ?

Incidentally, we can check where the exploit is originating from using

http://whatismyip.com/tools/ip-address-lookup.asp

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Repeated notofication
« Reply #12 on: September 11, 2010, 05:32:39 PM »
Hello everyone

Just to update on the situation, with reference to the suggestion of David (thanks again) I did uncheck the notification box, but sadly the Network DCOM notifications are still displayed, its very annoying. I expected it to stop once I uncheck the box. please find the enclosed screen shot for clarification.

« Last Edit: September 11, 2010, 05:34:31 PM by RoyC »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9360
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Repeated notofication
« Reply #13 on: September 11, 2010, 05:37:21 PM »
Either it's a bug or you have to log off and log on Windows for this setting to become active. Give it a try.
Visit my webpage Angry Sheep Blog

Offline RoyC

  • Newbie
  • *
  • Posts: 19
Re: Repeated notofication
« Reply #14 on: September 11, 2010, 06:17:46 PM »
Either it's a bug or you have to log off and log on Windows for this setting to become active. Give it a try.

Thanks for the reply. I have followed your suggestion and restarted the machine, let me check for some time whether any more Network Shield notification is displayed. I shall update this thread accordingly.