Showing results for 
Search instead for 
Did you mean: 
Level 7

HIPS alert after attempting to install windows updates

I recently started work at a new place, and at my workplace there is an automatic software update installer which has been bugging me to install updates. When I try to install the updates, the updates fail, and immediately afterwards there is a HIPS alert. In the activity log I see this:

Event: McAfee Host Intrusion Prevention

IP Address / User: NT Authority \ Local System

Application: Generic Host Process for Win32 Services (svchost.exe)

Message: Attack type: W32/Yunsip Infection

Can anyone help me interpret this? Does this mean there is a Yunsip infection on my system, or is something from the company intranet or elsewhere trying to attack it?

0 Kudos
1 Reply
McAfee Employee

Re: HIPS alert after attempting to install windows updates

W32/Yunsip Infection is Host IPS Signature 2787, which prevents creation of a couple of DLL files (See the Signature event details for filenames).  These filenames are associated with this Yunsip infection, so I would obtain copies of these files to be analyzed by McAfee Labs.

KB68030 - How to Submit Virus Samples to McAfee Labs

0 Kudos