hi, I am the onsite support at a firm.
5 of our users get this error message in the McAfee Host Intrusion Prevention Log:
McAfee Host Intrusion Prevention Log
30. oktober 2009 13:01:29
Time: 30.10.2009 13:00:37
Event: McAfee Host Intrusion Prevention
IP Address/User: ---------
Description: Internet Explorer (iexplore)
Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE
Message: Attack type: MDAC Code Execution Vulnerability
They get this error when they try to view "ms project web access"(web interface) and the browser window hangs.
If i turn off host intrusion prevension, then the users can view the webpage normally.
Does anyone have any idea what I can do about this problem?Message was edited by: patchie on 12/8/09 7:45:23 AM CST
You need to create an exception for that specific IPS signature in the EPO console. Or you could disable the signature altogether. Either way I would recomend making sure that the machine has the MS patch applied to it for this specific vulnerability.
While switching off the HIPS rule is a good workaround, it's not really a solution.
This one should probably be escalated through support channels to get it investigated and the signature improved.