About 'Conficker Detection' By The Firewall

Discussion in 'ESET Smart Security' started by stimulator32, May 22, 2009.

Thread Status:
Not open for further replies.
  1. stimulator32

    stimulator32 Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    104
    Hello,

    as long as the worm is detected by the 'Web Access Protection' module -it disconnects the connection before the worm access PC-, why that detection was added to the personal firewall?

    Many Thanks ..
     
  2. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
    Hello,

    Some malware, such as the Win32/Conficker worm, spread themselves by using specially-crafted packets designed to attack vulnerabilities in an operating system, service or application bound to an open port. Because these attacks can be identified on a per-packet basis (as opposed to looking at the data stream from a file transfer--the attack can be blocked by IDS functionality in the firewall.

    Regards,

    Aryeh Goretsky
     
  3. stimulator32

    stimulator32 Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    104
    Many thanks Aryeh ..
     
Thread Status:
Not open for further replies.