Jump to content
cybercite

Windows shared printer use causes Intrusion.Win.DCOM.exploit on port 135 [Solved]

Recommended Posts

(This problem is basically the same as Guihan's KIS Network Attack Blocker Problem but with Endpoint Security for Business 10.1.0.867)

 

A Windows 2008 Standard server is sharing some printers to network users.

Theses users complains about sharing working once or twice and then not working.

 

I confirm the printers being grayed on users's Windows control panel and the inability to access \\printserver.domain.tld.

 

Endpoint Security's Network Attack Blocker report says the following (french):

Application : Inconnu

Module : Prévention des intrusions

Résultat : Interdit : Intrusion.Win.DCOM.exploit

Objet : TCP de 192.168.1.231 sur le port local 135

Would roughly be translated to

Application : Unknown

Module : Intrusions prevention

Result : Forbidden : Intrusion.Win.DCOM.exploit

Object : TCP from 192.168.1.231 on local port135

 

I think I'm dealing with a false positive but want to be sure there isn't something a setting I missed somewhere (eg. to tell Kaspersky it is normal for the server to handle CIFS/Samba shares) that would make him more friendly with these kind of "intrusion" but without fully deactivating the Network Attack Blocker.

Share this post


Link to post

It looks that the protocoll of this printer is not working well.

 

You can add this IP-address as exclusion in the policy of network attack blocker.

Share this post


Link to post

I have the same problem. Firewall blocking my access to the server. I scanned all the computer locked and nothing Kaspersky does not detect. Blocked computers have during the day several

 

Endpoint Security for Business 10.1.0.867a Windows 2008 Server Standard

 

Aplikacja: Nieznany

Składnik: Blokowanie ataków sieciowych

Wynik: Zablokowano: Intrusion.Win.DCOM.exploit

Obiekt: TCP od 192.168.0.21 na port lokalny 135

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.