Please can I have some help with this problem.
Yesterday, out of the blue certain computers on my network started freezing. After a day of investigation I have found in the client management security log these entries that are occuring at the same time :
26 04/03/2009 13:30:10 Intrusion Prevention Critical Incoming TCP 192.168.1.4 00-00-00-00-00-00 0.0.0.0 00-00-00-00-00-00 C:\WINDOWS\system32\ntoskrnl.exe Administrator WORKGROUP Default 1 13/01/2009 20:27:20 13/01/2009 20:27:20 [SID: 23179] MSRPC Server Service BO detected.
27 04/03/2009 13:30:10 Active Response Major Incoming None 192.168.1.4 00-00-00-00-00-00 0.0.0.0 00-00-00-00-00-00 Administrator WORKGROUP Default 1 13/01/2009 20:27:20 13/01/2009 20:27:20 Traffic from IP address 192.168.1.4 is blocked from 13/01/2009 20:27:20 to 13/01/2009 20:37:20.
28 04/03/2009 13:30:10 Intrusion Prevention Critical Incoming TCP 192.168.1.3 00-00-00-00-00-00 0.0.0.0 00-00-00-00-00-00 C:\WINDOWS\system32\ntoskrnl.exe Administrator WORKGROUP Default 1 13/01/2009 20:27:21 13/01/2009 20:27:21 [SID: 23179] MSRPC Server Service BO detected.
They are happening almost every hour, the response is :
[SID: 23179] MSRPC Server Service BO detected.
Traffic has been blocked from this application: C:\WINDOWS\system32\ntoskrnl.exe
I have had to disable the internal firewall which is really problematic. Our network runs many point of sale terminals which everytime we have this problem its cripling our business.
Any help would be appreciated as I am getting very close to being bald after pulling the majority of my hair out.
Is the ntoskrnl.exe that is being blocked, is it the local server version or the client app. Im guessing its the client app as its that that is being blocked.
Many thanks in advance of your help.