Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Logs

Updated: 21 May 2010 | 5 comments
Fatih Teke's picture
Fatih Teke
0 0 Votes
Login to vote
This issue has been solved. See solution.

Hello everybody.
We install new OCS Server. This server haven't any virus. it is clean now.
But i want to know this security logs. I have a problem or is it normal?
there are 3 pictures in here
I have taken attact c:\Windows\system32\ntoskrnl.exe
and Sep bloked some ip address.
This computer use for OCS (Office Comminication Server).
I checked update files. and windows update is ok. there is no critical or securty updates.
any idea?
Thanks.
Fatih.

.2.JPG1.JPG
3.JPG

discussion Filed Under:
, ,

Comments

Vikram Kumar-SAV to SEP's picture
26
Oct
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

 It just says IP

 It just says IP 193.192.116.240 tried to Attack/infect your computer.But it has been blocked by SEP.
ntoskrnl.exe is used for File and Print sharing.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

Vikram Kumar-SAV to SEP's picture
26
Oct
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

 However if you want to

 However if you want to exclude it then. Which IMO is not a good option.

In SEPM goto "Clients" and click on any of your groups. Then open the "Policies" tab. Click on the third option "Network Application Monitoring". You can switch it off or add an execption for NTOSKRNL.EXE.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

Fatih Teke's picture
26
Oct
2009
0 Votes 0
Login to vote
Fatih Teke

attacks

Hello Vikram.
yes 193.192.116.240 ip address try to attact to me. am i have a backdoor? I just want to know.This server is connect to internet directly. and i think so this attacks is normal. Am i true?
Thanks
Fatih

 Everything works better when everything works together.

Vikram Kumar-SAV to SEP's picture
26
Oct
2009
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

If the computer is connected

If the computer is connected directly to the internet..Hackers will try their chances and you can't help it.The best thing is it is getting blocked.
As these IP's have been flagged you can forward it to your Network Admin and he can block it on the Hardware Firewall .

On BackTracing 193.192.116.240 it says it is coming from Istanbul.So just check if it from your network or its just an outsider..
however this is coming from a long way from CHINA 218.23.37.51
On my home PC i've got a static IP and I see attacks from IPs that come from all across the world.

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

SOLUTION
Fatih Teke's picture
26
Oct
2009
0 Votes 0
Login to vote
Fatih Teke

Oh i see. we cannot blocked

Oh i see. we cannot blocked it because if we blocked 218.23.37.51 hacker try with another ip address 218.23.37.250 etc.
Thanks for answer Vikram.
Have a nice day.
Fatih.

 Everything works better when everything works together.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,753