Author Topic: What are LSASS and DCOM Exploits?  (Read 6950 times)

0 Members and 1 Guest are viewing this topic.

Xtreeme2

  • Guest
What are LSASS and DCOM Exploits?
« on: December 04, 2010, 05:10:12 PM »
Hi, people.
After changing my isp, I noticed that my ip addres is dynamic.
Every hour I get message from avast
-Dcom Exploit Blocked, or Lsass Exploit Blocked.
Dcom Exploit message i get every hour, but lsass exploit message I get now.
Can someone explain me what is dcom and lsass exploits.
P.S Sorry for my english
« Last Edit: December 04, 2010, 11:53:53 PM by Sukhoi »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What is LSASS and DCOM Exploit
« Reply #1 on: December 04, 2010, 05:12:25 PM »
DCOM Attacks are speculative, not targeted and tries to exploit a vulnerability in out of date OS, if your OS is up to date then you aren't vulnerable to the exploit. That doesn't stop them (usually someone from the same ISP with an infected computer) trying to see if it can infect others.
 
Your firewall should be the first line of defence in this, but avast also monitors common attack ports using the Network Shield, ideally the firewall should block it and avast wouldn't know about it, but for whatever reason avast is first in line over your firewall.

What is your firewall ?

LSASS exploits are basically the same.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Xtreeme2

  • Guest
Re: What is LSASS and DCOM Exploit
« Reply #2 on: December 04, 2010, 06:09:05 PM »
Avast firewall. I use avast internet security.  ;)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What is LSASS and DCOM Exploit
« Reply #3 on: December 04, 2010, 06:26:13 PM »
Now that really is strange, I would certainly have expected the avast firewall to block this silently and not have the Network Shield get in there first.

You can use the Profile tab to create a signature outlining your system spec and software, this saves us having to ask the same questions when seeking help.

I don't use the AIS version, so I don't know if in changing the firewall settings/security level that would get in any earlier, see image.

What security level do you have it set to now ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Xtreeme2

  • Guest
Re: What is LSASS and DCOM Exploit
« Reply #4 on: December 04, 2010, 11:42:01 PM »
I'm using work-medium risk zone. This is set by default. I didn't touch firewall settings, because I think that work-medium risk zone is good choice. Is something wrong with these settings or?

ace11

  • Guest
Re: What is LSASS and DCOM Exploit
« Reply #5 on: December 04, 2010, 11:46:13 PM »
me having the same problem as Sukhoi

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What are LSASS and DCOM Exploits?
« Reply #6 on: December 05, 2010, 12:03:55 AM »
I'm using work-medium risk zone. This is set by default. I didn't touch firewall settings, because I think that work-medium risk zone is good choice. Is something wrong with these settings or?

Try taking it up a level, I don't know if that will silently block these attacks before the network shield gets in first, but it is the only thing that I can suggest.

These random attack attempts could disappear as quickly as they arrived as they aren't targeted directly at you. They are targeted at randomly selected IP addresses and your ISP would be assigning you a dynamic IP address, which changes when you reconnect.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

ayeshaf

  • Guest
Re: What are LSASS and DCOM Exploits?
« Reply #7 on: December 05, 2010, 01:18:46 AM »
I have the same problem, but I am using Vista + Windows Firewall.

I've noticed this problem has been mentioned heaps in the forums but I haven't noticed it happening to anyone with Vista+Windows Firewall before. Please help me! :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: What are LSASS and DCOM Exploits?
« Reply #8 on: December 05, 2010, 02:02:00 AM »
It can happen with any firewall, it is just that the avast network shield happens to get in there before the firewall, why that happens and what you can do about that I honestly don't know.

The main thing is that it doesn't get through, not that it should be a problem as your OS isn't vulnerable to that exploit.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security