Video Screencast Help

Overflow Detection

Created: 22 Apr 2013 • Updated: 23 Apr 2013 | 1 comment
This issue has been solved. See solution.

A few of my users are getting the following error msg from Symantec:  (see attachment)

SID 21663 - MSRPC RRAS Buffer Overflow detected.

what does this mean?  how do I fix it?  how odoi prevent this msg from popping up again?


Operating Systems:

Comments 1 CommentJump to latest comment

Brɨan's picture

See this link for technical details:

You need to check the Security log to find out if the attack is internal or external.

If external, SEP is doing its job by blocking it.

If internal, SEP is doing its job by blocking it but you have an infected client on the inside which needs to be disconnected from the network and scanned and patched to be remediated.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.