I need a solution
Hi,
we have these IPS messages pop up at some customers System lately:
[SID: 30239] Audit: Unimplemented Trans2 Subcommand attack detected but not blocked. Application path: SYSTEM
The connection goes to Port 445 outbound to different systems, mostly fileservers.
The Systems initiating the connection appear clean with a full scan, powererasor scan and symdiag threat analysis. (Did not check with other tools yet)
Anyone else got these lately? Could maybe be a false positive.
0