DCOM Exploit - more info, logging, etc.

[trejder]

Hello!

Where can I find more info about sources that cause / use DCOM Exploit vunerablity?

Searching avast.com gave me only info that Blaster uses this. All users in my network are warned that they _must_ install anti-Blaster patch and they do so (let's be honest, computer is useless with this vunerablity not patched)! But this does not change the fact, that I keep being warned by avast! That it stoped this kind of exploit.

Once again - to make clear - I DON't want to know how to turn off these warns - cause I alredy know this :) I only want to know if someone can paste me some links where I can find more info about DCOM Exploit: what is it, what use it, how to patch this, how to prevent attacks using it, etc.

And another thing. How can I access log, where avast! store information about blocked DCOM Exploits - i.e. IP address that cause it? Is logging such a log turned on by default?

Is there a way to make such a reports stayed a few seconds longer, when the pops, than they do it now?

Is avast! protects any other kind of exploits / security leaks / attacks with Network Shield? I'm using it for two weeks and keeps getting warns only about DCOM Exploit. Want to know if my network is so secure (ha, ha, ha) that other kind of leaks does not exist in it or if avast! simply don't reports any other things like he reports DCOM Exploit.

Regard!
Tom

[Eddy]

All users in my network are warned that they _must_ install anti-Blaster patch

MS has released a patch for the SCOM exploit a long time ago. Only thing you have to do is making sure you have installed ALL security patches/updates for Windows.

But this does not change the fact, that I keep being warned by avast! That it stoped this kind of exploit.

So? It only means that Avast is doing its job well.

I only want to know if someone can paste me some links where I can find more info about DCOM Exploit:

Use GOOGLE and the MS knowledgebase to find everything there is to know about it.

Is avast! protects any other kind of exploits / security leaks / attacks with Network Shield?

Read what the Network Shield is doing here

Don't you have a firewall or router with build in one?

[MikeBCda]

Hi Tom,

I can only answer the part of your question(s) relating to avast, and in particular to viewing attack history.

If you go into Resident Protection settings for the Network Shield and hit Customize, you'll see there's only two options -- turn warnings on or off, and turn logging on or off.  If logging's on (I think that's the default), the "View latest attacks" (or very similar wording) tab will show you the info you're looking for.

Best,
Mike

[trejder]

Don't you have a firewall or router with build in one?

Yes! I do have. Forgot to mention it. I use ZoneLabs' ZoneAlarm Free with autoupdate option, so I do have most recent version.

It does not reports anything about DCOM Exploits but I don't know if it does it because it simple does not detects them or because avast! stops them earlier - before ZA can find it.

Regard!
Tom

[trejder]

I can only answer the part of your question(s) relating to avast, and in particular to viewing attack history.

Thanks alot MikeBCda! It certainly does helped me!

Tom

[Eddy]

t does not reports anything about DCOM Exploits but I don't know if it does it because it simple does not detects them or because avast! stops them earlier - before ZA can find it

The one who detects it first will block the attack (if everything is setup properly ofcourse) So if Avast detects it first, it will block it and the attack will never get to ZA. The same thing goes for they other way around ofcourse.