Hi,

One of my clients are getting the error (pop-up) OS Attack in SEP and that system is windows XP.

Please find the attachment.

[SID: 23179] Intrusion Detection alerts received on a Symantec Endpoint Protection client for ntoskrnl.exe

IPS (Intrusion Prevention) detected and prevented an attack on this client. Here is info for SID 23179: http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=23179

Perhaps the client needs to be patched.

Check the resolution for it

It's a vulnerability so require to update the patches

OS Attack: MSRPC Server Service RPC CVE-2008-4250

http://www.securityfocus.com/bid/31874

https://www-secure.symantec.com/connect/forums/sid-23179-os-attack-msrpc-server-service-rpc-cve-2008-4250-attack-blocked-traffic-has-been--0

How to Disable Client Intrusion Prevention Notifications in Symantec Endpoint Protection Manager (SEPM)

This is the Conficker worm. You have an infected system on your network tryingn to infect other machines. Check the remote source to swhich machine it is and get it off the network and patched.

This article will help:

Killing Conficker: How to Eradicate W32.Downadup for Good
https://www-secure.symantec.com/connect/articles/killing-conficker-how-eradicate-w32downadup-good

Ok...Thanks FYI.

Regards,

Malli.