Hi Paul,
There is nothing in either the system or application logs. I've done some further testing, and it is not a size problem. It seems to be certain files. e.g. I can copy a large virtual machine disk file (2.6GB) no problem, but not a much smaller Ghost 2003 image file. I can copy some large ISO files, but not other smaller files with various extensions. There is nothing on the threat logs on any of my clients. If I run a report on attacks in SEPM, I get all the IP addresses of the clients i've had the problem on. Again if I do a full scan, it turns up nothing at all. I've checked the doco on the deloder worm, and none of the files mentioned (e.g. inst.exe) are on my system so i'm fairly sure its a false positive.
When I go to copy, I get the popup in the system tray alerting me to the deloder infection or the SID: 20386 MS MSRPCSS Attack detected message. I then cannot connect to that network location until I either disable/reenable SEP or delete and remap the network drive.
I have now tried copying the same files from a Win2K machine with SEP installed, and have the same problem with those certain files. I'd list the extensions but it's about half of all files i've tried, some just standard EXE files.
It looks as though the more recent IPS signatures have screwed me. All win2k machines and the XP machines have been fully patched as of today.
I'm really at a loss with this one. I was all ready to deply SEP to the majority of my clients when this happened all of a sudden.
Thanks,
Nick.