Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

MS Publisher file blocked by Network Threat Protection

Migration UserApr 23, 2009 10:50 AM

A customer has a MS Publisher .pub file that Symantec EP network Threat Protection keeps blocking and ...

Migration UserApr 23, 2009 12:00 PM

ooh thats a system file. Check the network packet logs also from where the IP is emanating. Dont neglect ...

1. MS Publisher file blocked by Network Threat Protection

0 Recommend
Migration User
Posted Apr 23, 2009 10:50 AM

Reply Reply Privately
A customer has a MS Publisher .pub file that Symantec EP network Threat Protection keeps blocking and I can't see why. The Security Log says

"[SID: 20648] MS RPC Network DDE BO detected.
Traffic has been blocked from this application: C:\WINDOWS\system32\ntoskrnl.exe"

I have scanned the file and there is nothing apparently unusual about it.

Any ideas please?

Joe
2. RE: MS Publisher file blocked by Network Threat Protection

0 Recommend
Migration User
Posted Apr 23, 2009 12:00 PM

Reply Reply Privately
ooh thats a system file. Check the network packet logs also from where the IP is emanating. Dont neglect this unless its from a trusted source. If its not an application that you have installed on the computer then you should gtrack this further

Here's a writeup on MS RPC attacks

http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=20445

Copyright 2019. All rights reserved.

Powered by Higher Logic