I would say read this blog on Blackhole Toolkit and make sure your browsers are updated with security updates.

https://www-secure.symantec.com/connect/blogs/blackhole-fever-continues

I'd suggest grabbing a support tool with load point selected to get a deeper look first.

It *is* possible that it's a false positive, but we'd need more data.

Have you shut down whatever normally uses network traffic to rule other things out?  Like, for example, do the detections happen if, say, Outlook is open, and when it's closed, it doesn't?  This could help to narrow the scope down.

Hi, 

 My suggestion is , run sep support tool and get the log . Get the packet log . Call the techinical support .

They will take care . they will tell what to do ? ...

Our IPS signature for those type of detection are normally quite or if not very accurate.

Check in your logs which remote IP address it is talking to and check using your favorite search engine about reputation of that IP address.

Best to have our Support team assist  you in narrowing down the threat.

Hi,

It is quite possible that all Microsoft patches are installed. However, what about patches for toher softwares for example Adobe. The CVE website talks about some vulnerabilities related Microsoft, Sun Java, Adobe PDF.

Please ensure that the tool used to scan vulnerabilities is updated.

IBM ISS: http://www.iss.net/

Nessus : http://www.tenable.com/products/nessus

Core Impact http://www.coresecurity.com/content/core-impact-ov...

SAINT http://www.saintcorporation.com/

SARA http://www-arc.com/sara/

I have used Nessus, it is quite simple tool.

Here are some sites that provide information of the latest vulnerabilities.

Common Vulnerability Database http://cve.mitre.org/

Security focus http://www.securityfocus.com/

DHS National Vulnerability Database http://nvd.nist.gov

United States Computer Emergency Readiness Team http://www.us-cert.gov/

Open Source Vulnerability Database http://osvdb.org/