Hi,
Refer to http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=22901
Any way to solve the problem ?
Thanks
IPS is stopping an exploitation attempt, are you sure you want to do this? You confirmed it's a false positive?
Create a firewall rule to allow the traffic and also set up and excluded host for the IPS
But it seems happened on this pc only. Not heard other users report same problem.
Please advice.
Is it continuous or just a one time thing? Ideally, you want to confirm this is a false positive and not exclude any hosts from IPS
Continuous happening.
Yes, at least I can use VNC to remote this PC.
According to the link you posted, upgrading to a later VNC version fixes the vulnerability which should take care of this problem. That's the best course of action in this case.
UltraVNC not the same version. Currently installed 1.1.9.4.
But have same message.
which component is blockign VLC? Autoprotect of firewall?
these will be loggged as remote tools right?
Attached FYI
IPS are bound to generate false postivie alarms some times. You may need to create an execption for this SID,
open policies
IPS
Edit
Windows exceptions
click on Add
search for this SID
Make it to allow, that would fix the issue
If you're 110% certain this is a false positive then you can create an exception.
I would tread lightly here though....make sure you're VNC is fully up to date
It seems work now. But why only happened on this pc ?
may be the policy did not get applied to this PC, program version, request pattern, lot of things at the backgroupd.
It seems solved now.
I hope this signature was disabled for only this PC....