Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 1786 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Multiple Suspicious behavior errors

mcslemon

Hi,

Have a user on  version 7.6.16 VDL4.50E who's receiving multiple Suspicious behaviour errors (HIPS/RegMod-010c) up to 1000 in a short space of time!

I've pasted a sample of the log below to highlight what it is picking up as it seems to have become hyper sensitive..

15/02/2010 12:00:02 Suspicious behavior HIPS/RegMod-010c:\program files\windows defender\MsMpEng.exe
15/02/2010 11:58:59 Suspicious behavior HIPS/RegMod-010c:\WINDOWS\explorer.exe
15/02/2010 11:54:34 Suspicious behavior HIPS/RegMod-010c:\program files\windows defender\MSASCui.exe
15/02/2010 08:38:59 Suspicious behavior HIPS/RegMod-010c:\WINDOWS\system32\convert.exe
15/02/2010 08:38:54 Suspicious behavior HIPS/RegMod-010c:\WINDOWS\system32\ntvdm.exe
15/02/2010 08:28:47 Suspicious behavior HIPS/RegMod-010c:\program files\microsoft office\Office12\EXCEL.EXE
15/02/2010 07:53:04 Suspicious behavior HIPS/RegMod-010c:\WINDOWS\system32\runcmd.exe
09/02/2010 16:15:32 Suspicious behavior HIPS/RegMod-010c:\program files\Adobe\Reader 8.0\Reader\AcroRd32.exe
09/02/2010 15:19:36 Suspicious behavior HIPS/RegMod-010c:\program files\microsoft office\Office12\WINWORD.EXE
09/02/2010 13:55:14 Suspicious behavior HIPS/RegMod-010c:\WINDOWS\system32\lsass.exe
09/02/2010 13:54:58 Suspicious behavior HIPS/RegMod-010c:\program files\lloyd's register\update service\LRUpdate.exe
09/02/2010 13:54:25 Suspicious behavior HIPS/RegMod-010c:\WINDOWS\system32\imapi.exe
09/02/2010 13:39:25 Suspicious behavior HIPS/RegMod-010c:\program files\microsoft office\Office12\POWERPNT.EXE
09/02/2010 13:37:20 Suspicious behavior HIPS/RegMod-010c:\program files\lotus\notes\nlnotes.exe
09/02/2010 13:13:37 Suspicious behavior HIPS/RegMod-010c:\program files\internet explorer\iexplore.exe
09/02/2010 13:12:45 Suspicious behavior Buffer OverflowC:\Program Files\Internet Explorer\iexplore.exe

The machine has been scanned as is apparently clean according to the Sophos client. The Sophos client has been uninstalled and reinstalled.

Any thoughts? Anyone seen this behaviour before? Is it possible that the machine is infected with something but Sophos is missing it?

Neil.

:1316


This thread was automatically locked due to age.
Unfiltered HTML