Endpoint Protection

 View Only
  • 1.  [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 11:33 AM
    Getting Intrution Prevention detection "[SID: 21960] MSRPC Spooler GetPrinterData DoS detected" on Windows 7 client using SEP 11.0.5002.333. I found this discussion saying to go to:

    Policies> Intrusion Prevention Policies> Exceptions> Add...

    browse to exception ID 21960 (same as in the error).

    I don't see where I can add an exception to Intrusion Prevention or select an exception ID. Will Symantec be updating signatures to prevent these false positives?



  • 2.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 11:35 AM
    Here is the other discussion about this issue that I referred to in the original post.

    http://www.symantec.com/connect/forums/sid-21960-msrpc-spooler-getprinterdata-dos-detected


  • 3.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 11:36 AM
     after you highlight exception ID
    On the bottom click Select/next -select action block/ignore/log..
    assign it to the groups


  • 4.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 12:18 PM
    You said to Select/Next etc. "after you highlight exception ID". How do I highlight the exception ID? I don't see anywhere I can select an exception ID.


  • 5.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 12:19 PM
    You said to Select/Next etc. "after you highlight exception ID". How do I highlight the exception ID? I don't see anywhere I can select an exception ID.


  • 6.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 12:20 PM
    https://www-secure.symantec.com/connect/articles/what-do-p2p-applications-do-and-how-block-peer-peer-applications-p2p-using-symantec-endpoin

    The way in the above article i have shown to define action for all the P2Ps you can select one and select the action. 


  • 7.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7

    Posted Jan 26, 2010 12:24 PM
    Silly me. I thought "Centralized Exceptions" meant all the exceptions were in one centralized location.


  • 8.  RE: [SID: 21960] MSRPC Spooler GetPrinterData DoS false positive on Windows 7
    Best Answer

    Posted Jan 26, 2010 12:27 PM
     Centralized exception is just for Antivirus and Proactive threat protection.

    Firewall ,Application and device control and IPS exceptions have to be given in their policies.