Endpoint Protection

Hi @all i am getting an error masaage on my clients that is SID:23179 MSRPC Server servise BO dected and my client are showing me Offline though there are connected to my Antivirus server


kindly help me

Hi,

For troubleshooting the SEP-SEPM communication issues, please refer to the following article:
https://www-secure.symantec.com/connect/articles/troubleshooting-client-commuincation

Please take a look at the solution for the this thread:

https://www-secure.symantec.com/connect/forums/virus-attack-message-pop

Aniket

You get this info beacuase the IPS signatures detect a threat

If you are running either a Symantec Corporate antivirus product (Symantec AntiVirus or Symantec Endpoint Protection) or a Norton AntiVirus product (Norton Internet Security, Norton AntiVirus, or Norton 360) with definitions dated March 6th 2009 revision 36 or later. The following Symantec writeups describe the signatures that provide immediate protection against the current known variants:

W32.Downadup (Released: Nov 21, 2008)
W32.Downadup.B (Released: Feb 20, 2009)
W32.Downadup.C (Released: Mar 6, 2009)
W32.Downadup.E (Released: April 9, 2009)

Symantec Intrusion Protection System protects customers from this threat using the following signatures:

MSRPC Server Service BO
MSRPC Server Service BO2


Additional recommended measures
Install all publicly available Windows patches.
Use a Symantec Intrusion Protection System to block attempts to exploit known vulnerabilities. (MS08-067 was an early attack vector for this threat, which is blocked by Intrusion Protection.)
Use Symantec Endpoint Protection policy enforcement to restrict access to USB drives and disable autorun.inf files. These are commonly used as attack vectors to spread new threats.