Network Shield message

[Vlk]

Gillie, if our driver is loaded before the firewall's we see the exploit first and thus display these warning messages. You can switch them off in Network Shield provider.  In all cases it when you see it, the possible attack is detected and stopped. So there's no need to be nervous.

Hmmm - do you think so?

I mean, the firewall should have closed the port in the first place (unless inbound RPC is allowed which is rarely the case).

[lukor]

Gillie, if our driver is loaded before the firewall's we see the exploit first and thus display these warning messages. You can switch them off in Network Shield provider.  In all cases it when you see it, the possible attack is detected and stopped. So there's no need to be nervous.

Hmmm - do you think so?

I mean, the firewall should have closed the port in the first place (unless inbound RPC is allowed which is rarely the case).

yes thats true. Just wanted to say that seeing this message does not necessary mean the firewall is not working and that it's IDS features wouldn't catch the attack later.

But you are right, having RPC (port 135) port opened on internet interface is considered dangerous.

Lukas.

[Gillie2tat]

OK I'll try and find out how you close off ports and see if I can close this one on Kerio tonight that's not a problem:)

[Lisandro]

But you are right, having RPC (port 135) port opened on internet interface is considered dangerous.

More information about the 135: http://www.grc.com/port_135.htm

[Gillie2tat]

Thanks for that resource.

I just realised - I am using Avast 4 Professional at the moment and there is a version of Avast designed specially to work with the Kerio firewall.  I'll download the Kerio version of Avast tonight and let you know how things go.

[Vlk]

No, avast for Kerio is for Kerio MailServer or Winroute. It doesn't make any sense to install it on your machine...

[Gillie2tat]

OK Vlk thanks.  I am going to have to do something about this because I just phoned my ISP and they told me "we don't block any ports on our server because it causes problems with our customers".  So Port 135 must be wide open.  And I'm running Windows XP so a lot of these fixes won't work and I don't want to go fiddling with the registry unless it's essential.  A lot of that Microsoft page was way over my head and I only understood the bit about editing the registry.

Looks as if blocking it is something I should do with the registry rather than the Kerio firewall but I still need to know how to add these things to the Kerio firewall settings and see if that fixes it.  Off to Kerio now and if anyone here has the answer to that one, I'd very much appreciate your assistance:)

[Gillie2tat]

Found this at the Kerio forum:-

http://forums.kerio.com/index.php?t=msg&goto=4190&S=57567ebfaa0646e48243ee6fce468b26#msg_4190

Will try that and let you know how I get on:)

[Gillie2tat]

OK I figured out how to block ports for Kerio and for good measure added Ports 137-139 to the list - I just blocked incoming for the moment and we'll see what happens.  If necessary I can block incoming and outgoing.

I've reset Avast to produce alerts so I will know if this is working or not.

Thanks guys!

[tjmateo]

Sygate Firewall worked for me...

I stopped getting that kind of messages and closed two ports that were open.

[Gillie2tat]

All fixed and no more alerts.  Thanks everyone!

Might be useful to  know what Avast is blocking in the Network Shield that it doesn't protect you from in the standard virus protection, so that potential problems can be ruled out in future. - I mean it might be helpful to know what it's blocking so that you have some idea what you haven't got!

Also I thought it wasn't a good idea to run two firewalls at once?  I know that's not what you're suggesting Tulio, I'm concerned at the idea of a second firewall within Avast.  If it's here to stay you guys will presumably be enhancing it in future and in that case are there likely to be potential conflicts with the main firewalls?

[Lisandro]

Might be useful to  know what Avast is blocking in the Network Shield.

Can you see? http://forum.avast.com/index.php?board=1;action=display;threadid=8831;start=msg73303#msg73303

Also I thought it wasn't a good idea to run two firewalls at once?  I know that's not what you're suggesting Tulio, I'm concerned at the idea of a second firewall within Avast.  If it's here to stay you guys will presumably be enhancing it in future and in that case are there likely to be potential conflicts with the main firewalls?

Network Shield is not a firewall and won't conflict with Windows internal firewall and/or thirdy party ones.

[Gillie2tat]

OK thanks!

[Stromb]

r,click on blue ball then on access protection control then double click on network sheild   That works for me  

thx for the tip, i'd search where was the option for disabling this, but without success; i had the same problem, since the last avast update (1 hour ago), and all those infos were becomming annoying (considering that my system seems safe and that i check various things frequently)


As a sidenote, since i've discovered avast home ed. a few months ago, i've installed it on many computers, and would like to thank the people here who have made / contributed to such a good product.

[Gillie2tat]

Your regular firewall should have the option to add ports you want blocked to its list of protections.  That's what I did and it worked a treat.

I've actually left the alerts back on now so that if something starts coming through that I need to block certain ports I can do so quickly:) frankly I'd rather know about these things than not.