cancel
Showing results for 
Search instead for 
Did you mean: 

An attempt to modify SYNATTACKPROTECT value?

\REGISTRY\MACHINE\SYSTEM\ControlSet\SERVICES\TCPIP\PARAMETERS\SYNATTACKPROTECT

I get several of these attempts to modify this register key to a value of 01000000. We have two instances of EPO and both show 100's daily.

I'm assuming it's a norm, but I've seen other people raise the same concerns. I searched but can't find any good answers about this.

Any suggestions or incite as to what should be done about this? The services.exe is the culprit it seems.

0 Kudos
1 Reply
McAfee Employee

Re: An attempt to modify SYNATTACKPROTECT value?

Find out what on the system is trying to change this registry value (Procmon might help here).  Is it some type of software?  If the change is valid, then create an exception to allow it to happen.  If it's not supposed to happen, then you might have identifed some possible threat in your environment.

0 Kudos