Author Topic: DCOM exploit  (Read 10815 times)

0 Members and 1 Guest are viewing this topic.

Offline Mark2234

  • Newbie
  • *
  • Posts: 4
Re: DCOM exploit
« Reply #15 on: September 01, 2010, 07:06:25 AM »
Do you use a router w/firewall, or are you hooked directly to cable modem?

An external firewall might help, provided you don't already have one.

Direct into the cable modem. I had used a router with FW in the past, but not right now. I will get hold of one and see if it makes any difference. Will it interfer with Online Armor? Or visa-versa?

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: DCOM exploit
« Reply #16 on: September 01, 2010, 09:58:59 AM »
Everything is right here. You can get DCOM popups even with FW installed.

I'll shortly descibe how it's possible: avast (in all versions Free/Pro/IS) contains a network driver module which detects network exploits (Blaster/Sasser/... viruses). This module behaves like a firewall (it scans some incoming network packets, blocks all dangerous packets or pass them to the system) - see, behavior is the same as the most firewalls behave. Now if you install a software firewall, you have two drivers which scan network traffic - and now it depends how both applications are installed, because of one them will scan network packets sooner. If avast -> you'll receive a DCOM popup, otherwise installed FW will block it anyway.

Network traffic path can be described as follows: [Internet] -> computer's network card -> avast driver -> firewall driver -> [Web browser in Windows].

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84896
  • No support PMs thanks
Re: DCOM exploit
« Reply #17 on: September 01, 2010, 04:05:50 PM »
@ pk
Whilst your comment "Everything is right here. You can get DCOM popups even with FW installed." is entirely correct. It is a pain in the rear and scares the horses when it is fired, where a standard firewall wouldn't trigger an alarming alert message.

Is there any way to reverse this order if in the case of a third party firewall driver ending up behind the network shield driver ?

Either that or don't display the DCOM exploits, etc. in the network shied or give the use the option (as was in avast 4.8) for the network shield to be silent. Though obviously not for all alerts, such as the malicious url alert.

This would be the same way as a software firewall doesn't display any pop-up unless you put it into to some sort of paranoid mode.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re: DCOM exploit
« Reply #18 on: September 01, 2010, 04:30:39 PM »
Is there any way to reverse this order if in the case of a third party firewall driver ending up behind the network shield driver?
yes, it's possible, but it's quite complex and there're some interop issues with other network applications (ad blockers, etc)

Quote
Either that or don't display the DCOM exploits, etc. in the network shied or give the use the option (as was in avast 4.8 ) for the network shield to be silent.
There should be a checkbox to suppress showing that exploit popup window next time.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84896
  • No support PMs thanks
Re: DCOM exploit
« Reply #19 on: September 01, 2010, 04:45:44 PM »
Thanks pk, does that stick after a reboot ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security