Endpoint Protection

 View Only

  • 1.  [SID: 22689] HTTP MSIE WPAD Spoofing detected.

    Posted Mar 12, 2009 06:12 AM

    Hi All.

    I have investigated this issue via Symantec and Microsoft with no success. I am running SEP v11 on Fully patched Win XP (SP3) workstations - all PCs are built from images and then updated. I am getting the Spoofing detected error on some, not all of these PCs for the various listed apps but mainly:

    C:\Program Files\Symantec AntiVirus\Smc.exe

    I do not want to exempt this via policies but it is a little frustrating. Any thoughts please?

    I have looked through other forum entries that initially relate to the same issue but they tend to point to issues that do not apply.

    Gary



  • 2.  RE: [SID: 22689] HTTP MSIE WPAD Spoofing detected.

    Posted May 19, 2009 06:00 AM
    Hi, did you get anywhere with this as I am experiancing these errors also on some machines.

    Seem's to be mostly smc.exe and pnamain.exe  (citrix client) causing the grief here.

    Cheers,
    Rich.


  • 3.  RE: [SID: 22689] HTTP MSIE WPAD Spoofing detected.

    Posted May 19, 2009 11:21 AM
    The Proxy Settings for the System account are set to AutoDetect. When LiveUpdate or Internet Explorer run as system, traffic is redirected to a different IP address than intended.

    Make sure Internet Explorer isn't set to auto detect proxy settings for system or other accounts.
    More solutions are offered in the reference linked below by Microsoft.

    http://www.microsoft.com/technet/security/advisory/945713.mspx



  • 4.  RE: [SID: 22689] HTTP MSIE WPAD Spoofing detected.

    Posted Jun 01, 2009 04:55 AM
    Hi,

    That makes sense then if its using the system account. I'll look into it.

    Thanks,
    Rich.