cancel
Showing results for 
Search instead for 
Did you mean: 
pierce
Level 13

HIPS alert 'Host intrusion (hip.Illegal_API_Use)' regarding outlook? v8

Jump to solution

Testing HIPS v8.0 and get the following alert the most. Any one seen it before?

Only useful information from looking at this alert is as follows:

Threat Source Process Name:C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE

Threat Source URL:file:///C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE11\OUTLOOK.EXE

Event Category:Host intrusion (hip.Illegal_API_Use)

Event ID:18000

Threat Severity:Critical

Threat Name:3776

Threat Type:bad_parameter

Action Taken:Blocked

Threat Handled:true

API Name CompatFlagsFromClsid

Detailed Event Info 10072CEC-8CC1-11D1-986E-00A0C955B42E

ePO Reachable True

Executable file description MICROSOFT OFFICE OUTLOOK

Executable fingerprint 40120a867340912ccddba413a66e85b3

In Trusted Network Unknown

Subject Distinguished Name CN=MICROSOFT CORPORATION, OU=MOPR, O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US

Subject Organization Name MICROSOFT CORPORATION

Vulnerability Name Vulnerable ActiveX Control Loading A

Just dont want this filling up the database needlessly or blocking needlessly.

thanks,

Pierce

0 Kudos
1 Solution

Accepted Solutions
McAfee Employee

Re: HIPS alert 'Host intrusion (hip.Illegal_API_Use)' regarding outlook? v8

Jump to solution

KB70810 - Host Intrusion Prevention Signature 3776 triggers after applying Microsoft security update MS10-090

0 Kudos
1 Reply
McAfee Employee

Re: HIPS alert 'Host intrusion (hip.Illegal_API_Use)' regarding outlook? v8

Jump to solution

KB70810 - Host Intrusion Prevention Signature 3776 triggers after applying Microsoft security update MS10-090

0 Kudos